draft-ietf-lisp-crypto-06.txt   draft-ietf-lisp-crypto-07.txt 
Internet Engineering Task Force D. Farinacci Internet Engineering Task Force D. Farinacci
Internet-Draft lispers.net Internet-Draft lispers.net
Intended status: Experimental B. Weis Intended status: Experimental B. Weis
Expires: December 31, 2016 cisco Systems Expires: March 23, 2017 cisco Systems
June 29, 2016 September 19, 2016
LISP Data-Plane Confidentiality LISP Data-Plane Confidentiality
draft-ietf-lisp-crypto-06 draft-ietf-lisp-crypto-07
Abstract Abstract
This document describes a mechanism for encrypting LISP encapsulated This document describes a mechanism for encrypting LISP encapsulated
traffic. The design describes how key exchange is achieved using traffic. The design describes how key exchange is achieved using
existing LISP control-plane mechanisms as well as how to secure the existing LISP control-plane mechanisms as well as how to secure the
LISP data-plane from third-party surveillance attacks. LISP data-plane from third-party surveillance attacks.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 31, 2016. This Internet-Draft will expire on March 23, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 20 skipping to change at page 2, line 20
4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3
5. Diffie-Hellman Key Exchange . . . . . . . . . . . . . . . . . 4 5. Diffie-Hellman Key Exchange . . . . . . . . . . . . . . . . . 4
6. Encoding and Transmitting Key Material . . . . . . . . . . . 5 6. Encoding and Transmitting Key Material . . . . . . . . . . . 5
7. Shared Keys used for the Data-Plane . . . . . . . . . . . . . 7 7. Shared Keys used for the Data-Plane . . . . . . . . . . . . . 7
8. Data-Plane Operation . . . . . . . . . . . . . . . . . . . . 9 8. Data-Plane Operation . . . . . . . . . . . . . . . . . . . . 9
9. Procedures for Encryption and Decryption . . . . . . . . . . 10 9. Procedures for Encryption and Decryption . . . . . . . . . . 10
10. Dynamic Rekeying . . . . . . . . . . . . . . . . . . . . . . 11 10. Dynamic Rekeying . . . . . . . . . . . . . . . . . . . . . . 11
11. Future Work . . . . . . . . . . . . . . . . . . . . . . . . . 12 11. Future Work . . . . . . . . . . . . . . . . . . . . . . . . . 12
12. Security Considerations . . . . . . . . . . . . . . . . . . . 12 12. Security Considerations . . . . . . . . . . . . . . . . . . . 12
12.1. SAAG Support . . . . . . . . . . . . . . . . . . . . . . 12 12.1. SAAG Support . . . . . . . . . . . . . . . . . . . . . . 12
12.2. LISP-Crypto Security Threats . . . . . . . . . . . . . . 12 12.2. LISP-Crypto Security Threats . . . . . . . . . . . . . . 13
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
14.1. Normative References . . . . . . . . . . . . . . . . . . 13 14.1. Normative References . . . . . . . . . . . . . . . . . . 14
14.2. Informative References . . . . . . . . . . . . . . . . . 15 14.2. Informative References . . . . . . . . . . . . . . . . . 15
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 15 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 16
Appendix B. Document Change Log . . . . . . . . . . . . . . . . 16 Appendix B. Document Change Log . . . . . . . . . . . . . . . . 16
B.1. Changes to draft-ietf-lisp-crypto-06.txt . . . . . . . . 16 B.1. Changes to draft-ietf-lisp-crypto-07.txt . . . . . . . . 16
B.2. Changes to draft-ietf-lisp-crypto-05.txt . . . . . . . . 16 B.2. Changes to draft-ietf-lisp-crypto-06.txt . . . . . . . . 17
B.3. Changes to draft-ietf-lisp-crypto-04.txt . . . . . . . . 16 B.3. Changes to draft-ietf-lisp-crypto-05.txt . . . . . . . . 17
B.4. Changes to draft-ietf-lisp-crypto-03.txt . . . . . . . . 16 B.4. Changes to draft-ietf-lisp-crypto-04.txt . . . . . . . . 17
B.5. Changes to draft-ietf-lisp-crypto-02.txt . . . . . . . . 17 B.5. Changes to draft-ietf-lisp-crypto-03.txt . . . . . . . . 17
B.6. Changes to draft-ietf-lisp-crypto-01.txt . . . . . . . . 17 B.6. Changes to draft-ietf-lisp-crypto-02.txt . . . . . . . . 18
B.7. Changes to draft-ietf-lisp-crypto-00.txt . . . . . . . . 17 B.7. Changes to draft-ietf-lisp-crypto-01.txt . . . . . . . . 18
B.8. Changes to draft-farinacci-lisp-crypto-01.txt . . . . . . 17 B.8. Changes to draft-ietf-lisp-crypto-00.txt . . . . . . . . 18
B.9. Changes to draft-farinacci-lisp-crypto-00.txt . . . . . . 18 B.9. Changes to draft-farinacci-lisp-crypto-01.txt . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 B.10. Changes to draft-farinacci-lisp-crypto-00.txt . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction 1. Introduction
The Locator/ID Separation Protocol [RFC6830] defines a set of The Locator/ID Separation Protocol [RFC6830] defines a set of
functions for routers to exchange information used to map from non- functions for routers to exchange information used to map from non-
routable Endpoint Identifiers (EIDs) to routable Routing Locators routable Endpoint Identifiers (EIDs) to routable Routing Locators
(RLOCs). LISP ITRs and PITRs encapsulate packets to ETRs and RTRs. (RLOCs). LISP Ingress Tunnel Routers (ITRs) and Proxy Ingress Tunnel
Packets that arrive at the ITR or PITR are typically not modified. Routers (PITRs) encapsulate packets to Egress Tunnel Routers (ETRs)
Which means no protection or privacy of the data is added. If the and Reencapsulating Tunnel Routers (RTRs). Packets that arrive at
source host encrypts the data stream then the encapsulated packets the ITR or PITR are typically not modified, which means no protection
can be encrypted but would be redundant. However, when plaintext or privacy of the data is added. If the source host encrypts the
packets are sent by hosts, this design can encrypt the user payload data stream then the encapsulated packets can be encrypted but would
to maintain privacy on the path between the encapsulator (the ITR or be redundant. However, when plaintext packets are sent by hosts,
PITR) to a decapsulator (ETR or RTR). The encrypted payload is this design can encrypt the user payload to maintain privacy on the
unidirectional. However, return traffic uses the same procedures but path between the encapsulator (the ITR or PITR) to a decapsulator
with different key values by the same xTRs or potentially different (ETR or RTR). The encrypted payload is unidirectional. However,
xTRs when the paths between LISP sites are asymmetric. return traffic uses the same procedures but with different key values
by the same xTRs or potentially different xTRs when the paths between
LISP sites are asymmetric.
This document has the following requirements for the solution space: This document has the following requirements (as well as the general
requirements from [RFC6973]) for the solution space:
o Do not require a separate Public Key Infrastructure (PKI) that is o Do not require a separate Public Key Infrastructure (PKI) that is
out of scope of the LISP control-plane architecture. out of scope of the LISP control-plane architecture.
o The budget for key exchange MUST be one round-trip time. That is, o The budget for key exchange MUST be one round-trip time. That is,
only a two packet exchange can occur. only a two packet exchange can occur.
o Use symmetric keying so faster cryptography can be performed in o Use symmetric keying so faster cryptography can be performed in
the LISP data plane. the LISP data plane.
skipping to change at page 3, line 39 skipping to change at page 3, line 42
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3. Definition of Terms 3. Definition of Terms
AEAD: Authenticated Encryption with Additional Data. AEAD: Authenticated Encryption with Additional Data.
ICV: Integrity Check Value. ICV: Integrity Check Value.
LCAF: LISP Canonical Address Format ([LCAF]).
xTR: A general reference to ITRs, ETRs, RTRs, and PxTRs.
4. Overview 4. Overview
The approach proposed in this document is to NOT rely on the LISP The approach proposed in this document is to NOT rely on the LISP
mapping system (or any other key infrastructure system) to store mapping system (or any other key infrastructure system) to store
security keys. This will provide for a simpler and more secure security keys. This will provide for a simpler and more secure
mechanism. Secret shared keys will be negotiated between the ITR and mechanism. Secret shared keys will be negotiated between the ITR and
the ETR in Map-Request and Map-Reply messages. Therefore, when an the ETR in Map-Request and Map-Reply messages. Therefore, when an
ITR needs to obtain the RLOC of an ETR, it will get security material ITR needs to obtain the RLOC of an ETR, it will get security material
to compute a shared secret with the ETR. to compute a shared secret with the ETR.
The ITR can compute 3 shared-secrets per ETR the ITR is encapsulating The ITR can compute 3 shared-secrets per ETR the ITR is encapsulating
to. When the ITR encrypts a packet before encapsulation, it will to. When the ITR encrypts a packet before encapsulation, it will
identify the key it used for the crypto calculation so the ETR knows identify the key it used for the crypto calculation so the ETR knows
which key to use for decrypting the packet after decapsulation. By which key to use for decrypting the packet after decapsulation. By
using key-ids in the LISP header, we can also get fast rekeying using key-ids in the LISP header, we can also get fast rekeying
functionality. functionality.
When an ETR (when it is also an ITR) encapsulates packets to this ITR The key management described in this documemnt is unidirectional from
(when it is also an ETR), a separate key exchange and shared-secret the ITR (the encapsulator) to the ETR (the decapsultor).
computation is performed. The key management described in this
documemnt is unidirectional from the ITR (the encapsulator) to the
ETR (the decapsultor).
5. Diffie-Hellman Key Exchange 5. Diffie-Hellman Key Exchange
LISP will use a Diffie-Hellman [RFC2631] key exchange sequence and LISP will use a Diffie-Hellman [RFC2631] key exchange sequence and
computation for computing a shared secret. The Diffie-Hellman computation for computing a shared secret. The Diffie-Hellman
parameters will be passed via Cipher Suite code-points in Map-Request parameters will be passed via Cipher Suite code-points in Map-Request
and Map-Reply messages. and Map-Reply messages.
Here is a brief description how Diff-Hellman works: Here is a brief description how Diff-Hellman works:
skipping to change at page 7, line 27 skipping to change at page 7, line 27
use. use.
7. Shared Keys used for the Data-Plane 7. Shared Keys used for the Data-Plane
When an ITR or PITR receives a Map-Reply accepting the Cipher Suite When an ITR or PITR receives a Map-Reply accepting the Cipher Suite
sent in the Map-Request, it is ready to create data plane keys. The sent in the Map-Request, it is ready to create data plane keys. The
same process is followed by the ETR or RTR returning the Map-Reply. same process is followed by the ETR or RTR returning the Map-Reply.
The first step is to create a shared secret, using the peer's shared The first step is to create a shared secret, using the peer's shared
Diffie-Hellman Public Key Material combined with device's own private Diffie-Hellman Public Key Material combined with device's own private
keying material as described in Section 5. The Diffie-Hellman group keying material as described in Section 5. The Diffie-Hellman
used is defined in the cipher suite sent in the Map-Request and parameters used is defined in the cipher suite sent in the Map-
copied into the Map-Reply. Request and copied into the Map-Reply.
The resulting shared secret is used to compute an AEAD-key for the The resulting shared secret is used to compute an AEAD-key for the
algorithms specified in the cipher suite. A Key Derivation Function algorithms specified in the cipher suite. A Key Derivation Function
(KDF) in counter mode as specified by [NIST-SP800-108] is used to (KDF) in counter mode as specified by [NIST-SP800-108] is used to
generate the data-plane keys. The amount of keying material that is generate the data-plane keys. The amount of keying material that is
derived depends on the algorithms in the cipher suite. derived depends on the algorithms in the cipher suite.
The inputs to the KDF are as follows: The inputs to the KDF are as follows:
o KDF function. This is HMAC-SHA-256. o KDF function. This is HMAC-SHA-256.
skipping to change at page 7, line 51 skipping to change at page 7, line 51
o A key for the KDF function. This is the computed Diffie-Hellman o A key for the KDF function. This is the computed Diffie-Hellman
shared secret. shared secret.
o Context that binds the use of the data-plane keys to this session. o Context that binds the use of the data-plane keys to this session.
The context is made up of the following fields, which are The context is made up of the following fields, which are
concatenated and provided as the data to be acted upon by the KDF concatenated and provided as the data to be acted upon by the KDF
function. function.
Context: Context:
o A counter, represented as a two-octet value in network-byte order. o A counter, represented as a two-octet value in network byte order.
o The null-terminated string "lisp-crypto". o The null-terminated string "lisp-crypto".
o The ITR's nonce from the the Map-Request the cipher suite was o The ITR's nonce from the Map-Request the cipher suite was included
included in. in.
o The number of bits of keying material required (L), represented as o The number of bits of keying material required (L), represented as
a two-octet value in network byte order. a two-octet value in network byte order.
The counter value in the context is first set to 1. When the amount The counter value in the context is first set to 1. When the amount
of keying material exceeds the number of bits returned by the KDF of keying material exceeds the number of bits returned by the KDF
function, then the KDF function is called again with the same inputs function, then the KDF function is called again with the same inputs
except that the counter increments for each call. When enough keying except that the counter increments for each call. When enough keying
material is returned, it is concatenated and used to create keys. material is returned, it is concatenated and used to create keys.
skipping to change at page 9, line 4 skipping to change at page 9, line 4
where: context = 0x0002 || "lisp-crypto" || <itr-nonce> || 0x0200 where: context = 0x0002 || "lisp-crypto" || <itr-nonce> || 0x0200
key-material = key-material-1 || key-material-2 key-material = key-material-1 || key-material-2
If the key-material is longer than the required number of bits (L), If the key-material is longer than the required number of bits (L),
then only the most significant L bits are used. then only the most significant L bits are used.
From the derived key-material, the most significant 256 bits are used From the derived key-material, the most significant 256 bits are used
for the AEAD-key by AEAD ciphers. The 256-bit AEAD-key is divided for the AEAD-key by AEAD ciphers. The 256-bit AEAD-key is divided
into a 128-bit encryption key and a 128-bit integrity-check key into a 128-bit encryption key and a 128-bit integrity check key
internal to the cipher used by the ITR. internal to the cipher used by the ITR.
8. Data-Plane Operation 8. Data-Plane Operation
The LISP encapsulation header [RFC6830] requires changes to encode The LISP encapsulation header [RFC6830] requires changes to encode
the key-id for the key being used for encryption. the key-id for the key being used for encryption.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 10, line 11 skipping to change at page 10, line 11
and use that key to encrypt all packet data that follows the LISP and use that key to encrypt all packet data that follows the LISP
header. Therefore, the outer header, UDP header, and LISP header header. Therefore, the outer header, UDP header, and LISP header
travel as plaintext. travel as plaintext.
There is an open working group item to discuss if the data There is an open working group item to discuss if the data
encapsulation header needs change for encryption or any new encapsulation header needs change for encryption or any new
applications. This document proposes changes to the existing header applications. This document proposes changes to the existing header
so experimentation can continue without making large changes to the so experimentation can continue without making large changes to the
data-plane at this time. This document allocates 2 bits of the data-plane at this time. This document allocates 2 bits of the
previously unused 3 flag bits (note the R-bit above is still a previously unused 3 flag bits (note the R-bit above is still a
reserved flag bit) for the KK bits. reserved flag bit as documented in [RFC6830]) for the KK bits.
9. Procedures for Encryption and Decryption 9. Procedures for Encryption and Decryption
When an ITR, PITR, or RTR encapsulate a packet and have already When an ITR, PITR, or RTR encapsulate a packet and have already
computed an AEAD-key (detailed in section Section 7) that is computed an AEAD-key (detailed in section Section 7) that is
associated with a destination RLOC, the following encryption and associated with a destination RLOC, the following encryption and
encapsulation procedures are performed: encapsulation procedures are performed:
1. The encapsulator creates an IV and prepends the IV value to the 1. The encapsulator creates an IV and prepends the IV value to the
packet being encapsulated. For GCM and Chacha cipher suites, the packet being encapsulated. For GCM and Chacha cipher suites, the
skipping to change at page 12, line 36 skipping to change at page 12, line 36
12. Security Considerations 12. Security Considerations
12.1. SAAG Support 12.1. SAAG Support
The LISP working group received security advice and guidance from the The LISP working group received security advice and guidance from the
Security Area Advisory Group (SAAG). The SAAG has been involved Security Area Advisory Group (SAAG). The SAAG has been involved
early in the design process and their input and reviews have been early in the design process and their input and reviews have been
included in this document. included in this document.
Comments from the SAAG included:
1. Do not use assymmetric ciphers in the data-plane.
2. Consider adding ECDH early in the design.
3. Add cipher suites because ciphers are created more frequently
than protocols that use them.
4. Consider the newer AEAD technology so authentication comes with
doing encryption.
12.2. LISP-Crypto Security Threats 12.2. LISP-Crypto Security Threats
Since ITRs and ETRs participate in key exchange over a public non- Since ITRs and ETRs participate in key exchange over a public non-
secure network, a man-in-the-middle (MITM) could circumvent the key secure network, a man-in-the-middle (MITM) could circumvent the key
exchange and compromise data-plane confidentiality. This can happen exchange and compromise data-plane confidentiality. This can happen
when the MITM is acting as a Map-Replier, provides its own public key when the MITM is acting as a Map-Replier, provides its own public key
so the ITR and the MITM generate a shared secret key among each so the ITR and the MITM generate a shared secret key among each
other. If the MITM is in the data path between the ITR and ETR, it other. If the MITM is in the data path between the ITR and ETR, it
can use the shared secret key to decrypt traffic from the ITR. can use the shared secret key to decrypt traffic from the ITR.
skipping to change at page 14, line 49 skipping to change at page 15, line 30
[RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic [RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic
Curve Cryptography Algorithms", RFC 6090, Curve Cryptography Algorithms", RFC 6090,
DOI 10.17487/RFC6090, February 2011, DOI 10.17487/RFC6090, February 2011,
<http://www.rfc-editor.org/info/rfc6090>. <http://www.rfc-editor.org/info/rfc6090>.
[RFC6830] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The [RFC6830] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
Locator/ID Separation Protocol (LISP)", RFC 6830, Locator/ID Separation Protocol (LISP)", RFC 6830,
DOI 10.17487/RFC6830, January 2013, DOI 10.17487/RFC6830, January 2013,
<http://www.rfc-editor.org/info/rfc6830>. <http://www.rfc-editor.org/info/rfc6830>.
[RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
Morris, J., Hansen, M., and R. Smith, "Privacy
Considerations for Internet Protocols", RFC 6973,
DOI 10.17487/RFC6973, July 2013,
<http://www.rfc-editor.org/info/rfc6973>.
[RFC7539] Nir, Y. and A. Langley, "ChaCha20 and Poly1305 for IETF [RFC7539] Nir, Y. and A. Langley, "ChaCha20 and Poly1305 for IETF
Protocols", RFC 7539, DOI 10.17487/RFC7539, May 2015, Protocols", RFC 7539, DOI 10.17487/RFC7539, May 2015,
<http://www.rfc-editor.org/info/rfc7539>. <http://www.rfc-editor.org/info/rfc7539>.
14.2. Informative References 14.2. Informative References
[AES-CBC] McGrew, D., Foley, J., and K. Paterson, "Authenticated [AES-CBC] McGrew, D., Foley, J., and K. Paterson, "Authenticated
Encryption with AES-CBC and HMAC-SHA", draft-mcgrew-aead- Encryption with AES-CBC and HMAC-SHA", draft-mcgrew-aead-
aes-cbc-hmac-sha2-05.txt (work in progress). aes-cbc-hmac-sha2-05.txt (work in progress).
skipping to change at page 16, line 9 skipping to change at page 16, line 45
security expertise to make lisp-crypto as secure as the state of the security expertise to make lisp-crypto as secure as the state of the
art in cryptography. art in cryptography.
In addition, the support and suggestions from the SAAG working group In addition, the support and suggestions from the SAAG working group
were helpful and appreciative. were helpful and appreciative.
Appendix B. Document Change Log Appendix B. Document Change Log
[RFC Editor: Please delete this section on publication as RFC.] [RFC Editor: Please delete this section on publication as RFC.]
B.1. Changes to draft-ietf-lisp-crypto-06.txt B.1. Changes to draft-ietf-lisp-crypto-07.txt
o Posted September 2016.
o Addressed comments from Routing Directorate reviewer Danny
McPherson.
B.2. Changes to draft-ietf-lisp-crypto-06.txt
o Posted June 2016. o Posted June 2016.
o Fixed IDnits errors. o Fixed IDnits errors.
B.2. Changes to draft-ietf-lisp-crypto-05.txt B.3. Changes to draft-ietf-lisp-crypto-05.txt
o Posted June 2016. o Posted June 2016.
o Update document which reflects comments Luigi provided as document o Update document which reflects comments Luigi provided as document
shepherd. shepherd.
B.3. Changes to draft-ietf-lisp-crypto-04.txt B.4. Changes to draft-ietf-lisp-crypto-04.txt
o Posted May 2016. o Posted May 2016.
o Update document timer from expiration. o Update document timer from expiration.
B.4. Changes to draft-ietf-lisp-crypto-03.txt B.5. Changes to draft-ietf-lisp-crypto-03.txt
o Posted December 2015. o Posted December 2015.
o Changed cipher suite allocations. We now have 2 AES-CBC cipher o Changed cipher suite allocations. We now have 2 AES-CBC cipher
suites for compatibility, 3 AES-GCM cipher suites that are faster suites for compatibility, 3 AES-GCM cipher suites that are faster
ciphers that include AE and a Chacha20-Poly1305 cipher suite which ciphers that include AE and a Chacha20-Poly1305 cipher suite which
is the fastest but not totally proven/accepted.. is the fastest but not totally proven/accepted..
o Remove 1024-bit DH keys for key exchange. o Remove 1024-bit DH keys for key exchange.
skipping to change at page 17, line 13 skipping to change at page 18, line 9
endian). endian).
o Remove A-bit from Security Type LCAF. No need to do o Remove A-bit from Security Type LCAF. No need to do
authentication only with the introduction of AEAD ciphers. These authentication only with the introduction of AEAD ciphers. These
ciphers can do authentication. So you get ciphertext for free. ciphers can do authentication. So you get ciphertext for free.
o Remove language that refers to "encryption-key" and "integrity- o Remove language that refers to "encryption-key" and "integrity-
key". Used term "AEAD-key" that is used by the AEAD cipher suites key". Used term "AEAD-key" that is used by the AEAD cipher suites
that do encryption and authenticaiton internal to the cipher. that do encryption and authenticaiton internal to the cipher.
B.5. Changes to draft-ietf-lisp-crypto-02.txt B.6. Changes to draft-ietf-lisp-crypto-02.txt
o Posted September 2015. o Posted September 2015.
o Add cipher suite for Elliptic Curve 25519 DH exchange. o Add cipher suite for Elliptic Curve 25519 DH exchange.
o Add cipher suite for Chacha20/Poly1305 ciphers. o Add cipher suite for Chacha20/Poly1305 ciphers.
B.6. Changes to draft-ietf-lisp-crypto-01.txt B.7. Changes to draft-ietf-lisp-crypto-01.txt
o Posted May 2015. o Posted May 2015.
o Create cipher suites and encode them in the Security LCAF. o Create cipher suites and encode them in the Security LCAF.
o Add IV to beginning of packet header and ICV to end of packet. o Add IV to beginning of packet header and ICV to end of packet.
o AEAD procedures are now part of encrpytion process. o AEAD procedures are now part of encrpytion process.
B.7. Changes to draft-ietf-lisp-crypto-00.txt B.8. Changes to draft-ietf-lisp-crypto-00.txt
o Posted January 2015. o Posted January 2015.
o Changing draft-farinacci-lisp-crypto-01 to draft-ietf-lisp-crypto- o Changing draft-farinacci-lisp-crypto-01 to draft-ietf-lisp-crypto-
00. This draft has become a working group document 00. This draft has become a working group document
o Add text to indicate the working group may work on a new data o Add text to indicate the working group may work on a new data
encapsulation header format for data-plane encryption. encapsulation header format for data-plane encryption.
B.8. Changes to draft-farinacci-lisp-crypto-01.txt B.9. Changes to draft-farinacci-lisp-crypto-01.txt
o Posted July 2014. o Posted July 2014.
o Add Group-ID to the encoding format of Key Material in a Security o Add Group-ID to the encoding format of Key Material in a Security
Type LCAF and modify the IANA Considerations so this draft can use Type LCAF and modify the IANA Considerations so this draft can use
key exchange parameters from the IANA registry. key exchange parameters from the IANA registry.
o Indicate that the R-bit in the Security Type LCAF is not used by o Indicate that the R-bit in the Security Type LCAF is not used by
lisp-crypto. lisp-crypto.
skipping to change at page 18, line 20 skipping to change at page 19, line 17
process. process.
o Add text indicating that when RLOC-probing is used for RLOC o Add text indicating that when RLOC-probing is used for RLOC
reachability purposes and rekeying is not desired, that the same reachability purposes and rekeying is not desired, that the same
key exchange parameters should be used so a reallocation of a key exchange parameters should be used so a reallocation of a
pubic key does not happen at the ETR. pubic key does not happen at the ETR.
o Add text to indicate that ECDH can be used to reduce CPU o Add text to indicate that ECDH can be used to reduce CPU
requirements for computing shared secret-keys. requirements for computing shared secret-keys.
B.9. Changes to draft-farinacci-lisp-crypto-00.txt B.10. Changes to draft-farinacci-lisp-crypto-00.txt
o Initial draft posted February 2014. o Initial draft posted February 2014.
Authors' Addresses Authors' Addresses
Dino Farinacci Dino Farinacci
lispers.net lispers.net
San Jose, California 95120 San Jose, California 95120
USA USA
 End of changes. 27 change blocks. 
52 lines changed or deleted 82 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/