Hi,
I have a DISCUSS on the base document [1] and -ms [2]
(same thing really) noting that Map-Register messages,
while authenticated, can be replayed which is not great,
especially since there doesn't seem to be any easy way
to add replay protection right now without changing
stuff I guess you don't want to change.
The authors have added a new security consideration to -ms
noting this and the base document now notes that the nonce
field in that message, while specified to be zero, may be
used for some form of replay protection in future.
Since LISP is experimental I'm ok to clear my DISCUSS
on that basis, *if* the WG will actually address the problem
in the not-too-distant future. (I'll leave the DISCUSS
there for now so the link at [1] works for a bit:-)
Since you're now in the process of re-chartering it seems
like adding that as a bit of work with a milestone would
be the easiest thing to do, if the WG are happy to take on
that work.
I'd suggest adding a bit of text saying the WG will also:
"examine the implications of Map-Register replays and
develop a solution."
That could go maybe as the 2nd item in the list that
currently says:
"Specifically, the group will work on:
- LISP security threats and solutions
- MIBs
- deployment models
- allocation of EID space
- alternate mapping system designs."
And I think that really needs a milestone, to close
the loop, such as:
"MMM YYYY Forward a solution to Map-Register replays to IESG"
Note that it is possible in principle that the "solution"
might be "its not a problem and here's why" but I don't
think that's the case. When the issue is tackled it might
or might not have implications for e.g. Map-Notify as well
since the same format is used.
I'd guess that that should be doable in the same timeframe
as LISP-SEC (or could even be incorporated into that document
maybe if that's what you want) since its a small piece of
work really if someone's available to do it.
If the WG just don't want to take on that work then we probably
need to revisit the resolution of the DISCUSS point to further
figure out the implications of replayed Map-Register messages.
So, does the above sound like a plan?
Thanks,
Stephen.
[1] https://datatracker.ietf.org/doc/draft-ietf-lisp/ballot/#stephen-farrell
[2]
https://datatracker.ietf.org/doc/draft-ietf-lisp-ms/ballot/#stephen-farrell
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
