I raised a list of problems. They are not all already mentioned in the threats document (eg, note the privacy issue at the end of my detailed email).
Ross -----Original Message----- From: Joel Halpern Direct [mailto:[email protected]] Sent: Thursday, May 15, 2014 2:29 PM To: Ronald Bonica; Joel M. Halpern; Roger Jørgensen; Ross Callon Cc: [email protected] Subject: Re: [lisp] Restarting last call on LISP threats The threats document does not specify how to resolve the threats. It identifies problems. In this particular case, it already identifies the problem that Ross raised. Quite clearly. There is no dependence on the documents Roger pointed to. They are ways of remediating the threat. Yours, Joel On 5/15/14, 2:15 PM, Ronald Bonica wrote: > Joel, > > The threats document should not depend on lisp-sec or lisp-crypto. > However, Roger's response did rely on those documents (see his > response, below). > > So, we are left to explore whether something was omitted from the > threats document. Standby for my response to Roger. > > Ron > > > >> -----Original Message----- From: Joel M. Halpern >> [mailto:[email protected]] Sent: Tuesday, May 13, 2014 5:57 PM >> To: Ronald Bonica; Roger Jørgensen; Ross Callon Cc: [email protected] >> Subject: Re: [lisp] Restarting last call on LISP threats >> >> Ron, I am having trouble with the question. >> >> The threats document describes the threats as they exist today, >> without the adoption of either document that Roger pointed to. >> Thus, I do not see any dependence. >> >> If there is a threat that is not well described in the base spec or >> this document, then we should add it. We should add it even if >> there are proposals to remediate it. But if there is a clear >> proposal of a missing threat, I missed it. >> >> Yours, Joel >> >> On 5/13/14, 1:31 PM, Ronald Bonica wrote: >>> Hi Roger, >>> >>> Or asked more explicitly, can the level of security claimed by >>> the threats >> document be achieved without implementing the protocol extensions >> described in lisp-sec and lisp-crypto? >>> >>> Ron >>> >>> >>>> -----Original Message----- From: Ronald Bonica Sent: Tuesday, >>>> May 13, 2014 1:22 PM To: 'Roger Jørgensen'; Ross Callon Cc: >>>> [email protected] Subject: RE: [lisp] Restarting last call on LISP >>>> threats >>>> >>>> Hi Roger, >>>> >>>> Can this draft stand on its own, without integrating content >>>> from the documents that you reference? >>>> >>>> >>>> Ron >>>> >>>>> >>>>> There exist two draft that are relevant to what you address. >>>>> >>>>> You have >>>>> https://datatracker.ietf.org/doc/draft-farinacci-lisp-crypto/ >>>>> >>>>> where the payload of a LISP encapsulated packet are encrypted. None >>>>> of the keys for encrypting/decrypting are stored in the >>>>> mapping system but is calculated by the xTR's involved. Then >>>>> you have >>>>> https://datatracker.ietf.org/doc/draft-ietf-lisp-sec/ that >>>>> attempts to secure the xTR to xTR relationship. >>>>> >>>>> >>>>> >>>>> -- >>>>> >>> >>> _______________________________________________ lisp mailing >>> list [email protected] https://www.ietf.org/mailman/listinfo/lisp >>> _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
