I second the motion. We should take on this relatively minor work after the experimental RFCs are published.
Dino On Jan 12, 2012, at 2:58 AM, Stephen Farrell wrote: > > Hi, > > I have a DISCUSS on the base document [1] and -ms [2] > (same thing really) noting that Map-Register messages, > while authenticated, can be replayed which is not great, > especially since there doesn't seem to be any easy way > to add replay protection right now without changing > stuff I guess you don't want to change. > > The authors have added a new security consideration to -ms > noting this and the base document now notes that the nonce > field in that message, while specified to be zero, may be > used for some form of replay protection in future. > > Since LISP is experimental I'm ok to clear my DISCUSS > on that basis, *if* the WG will actually address the problem > in the not-too-distant future. (I'll leave the DISCUSS > there for now so the link at [1] works for a bit:-) > > Since you're now in the process of re-chartering it seems > like adding that as a bit of work with a milestone would > be the easiest thing to do, if the WG are happy to take on > that work. > > I'd suggest adding a bit of text saying the WG will also: > > "examine the implications of Map-Register replays and > develop a solution." > > That could go maybe as the 2nd item in the list that > currently says: > > "Specifically, the group will work on: > > - LISP security threats and solutions > - MIBs > - deployment models > - allocation of EID space > - alternate mapping system designs." > > And I think that really needs a milestone, to close > the loop, such as: > > "MMM YYYY Forward a solution to Map-Register replays to IESG" > > Note that it is possible in principle that the "solution" > might be "its not a problem and here's why" but I don't > think that's the case. When the issue is tackled it might > or might not have implications for e.g. Map-Notify as well > since the same format is used. > > I'd guess that that should be doable in the same timeframe > as LISP-SEC (or could even be incorporated into that document > maybe if that's what you want) since its a small piece of > work really if someone's available to do it. > > If the WG just don't want to take on that work then we probably > need to revisit the resolution of the DISCUSS point to further > figure out the implications of replayed Map-Register messages. > > So, does the above sound like a plan? > > Thanks, > Stephen. > > [1] https://datatracker.ietf.org/doc/draft-ietf-lisp/ballot/#stephen-farrell > [2] > https://datatracker.ietf.org/doc/draft-ietf-lisp-ms/ballot/#stephen-farrell > > > _______________________________________________ > lisp mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/lisp _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
