draft-ietf-lisp-crypto-07.txt   draft-ietf-lisp-crypto-08.txt 
Internet Engineering Task Force D. Farinacci Internet Engineering Task Force D. Farinacci
Internet-Draft lispers.net Internet-Draft lispers.net
Intended status: Experimental B. Weis Intended status: Experimental B. Weis
Expires: March 23, 2017 cisco Systems Expires: March 29, 2017 cisco Systems
September 19, 2016 September 25, 2016
LISP Data-Plane Confidentiality LISP Data-Plane Confidentiality
draft-ietf-lisp-crypto-07 draft-ietf-lisp-crypto-08
Abstract Abstract
This document describes a mechanism for encrypting LISP encapsulated This document describes a mechanism for encrypting LISP encapsulated
traffic. The design describes how key exchange is achieved using traffic. The design describes how key exchange is achieved using
existing LISP control-plane mechanisms as well as how to secure the existing LISP control-plane mechanisms as well as how to secure the
LISP data-plane from third-party surveillance attacks. LISP data-plane from third-party surveillance attacks.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 23, 2017. This Internet-Draft will expire on March 29, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 27 skipping to change at page 2, line 27
11. Future Work . . . . . . . . . . . . . . . . . . . . . . . . . 12 11. Future Work . . . . . . . . . . . . . . . . . . . . . . . . . 12
12. Security Considerations . . . . . . . . . . . . . . . . . . . 12 12. Security Considerations . . . . . . . . . . . . . . . . . . . 12
12.1. SAAG Support . . . . . . . . . . . . . . . . . . . . . . 12 12.1. SAAG Support . . . . . . . . . . . . . . . . . . . . . . 12
12.2. LISP-Crypto Security Threats . . . . . . . . . . . . . . 13 12.2. LISP-Crypto Security Threats . . . . . . . . . . . . . . 13
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
14.1. Normative References . . . . . . . . . . . . . . . . . . 14 14.1. Normative References . . . . . . . . . . . . . . . . . . 14
14.2. Informative References . . . . . . . . . . . . . . . . . 15 14.2. Informative References . . . . . . . . . . . . . . . . . 15
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 16 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 16
Appendix B. Document Change Log . . . . . . . . . . . . . . . . 16 Appendix B. Document Change Log . . . . . . . . . . . . . . . . 16
B.1. Changes to draft-ietf-lisp-crypto-07.txt . . . . . . . . 16 B.1. Changes to draft-ietf-lisp-crypto-08.txt . . . . . . . . 16
B.2. Changes to draft-ietf-lisp-crypto-06.txt . . . . . . . . 17 B.2. Changes to draft-ietf-lisp-crypto-07.txt . . . . . . . . 17
B.3. Changes to draft-ietf-lisp-crypto-05.txt . . . . . . . . 17 B.3. Changes to draft-ietf-lisp-crypto-06.txt . . . . . . . . 17
B.4. Changes to draft-ietf-lisp-crypto-04.txt . . . . . . . . 17 B.4. Changes to draft-ietf-lisp-crypto-05.txt . . . . . . . . 17
B.5. Changes to draft-ietf-lisp-crypto-03.txt . . . . . . . . 17 B.5. Changes to draft-ietf-lisp-crypto-04.txt . . . . . . . . 17
B.6. Changes to draft-ietf-lisp-crypto-02.txt . . . . . . . . 18 B.6. Changes to draft-ietf-lisp-crypto-03.txt . . . . . . . . 17
B.7. Changes to draft-ietf-lisp-crypto-01.txt . . . . . . . . 18 B.7. Changes to draft-ietf-lisp-crypto-02.txt . . . . . . . . 18
B.8. Changes to draft-ietf-lisp-crypto-00.txt . . . . . . . . 18 B.8. Changes to draft-ietf-lisp-crypto-01.txt . . . . . . . . 18
B.9. Changes to draft-farinacci-lisp-crypto-01.txt . . . . . . 18 B.9. Changes to draft-ietf-lisp-crypto-00.txt . . . . . . . . 18
B.10. Changes to draft-farinacci-lisp-crypto-00.txt . . . . . . 19 B.10. Changes to draft-farinacci-lisp-crypto-01.txt . . . . . . 18
B.11. Changes to draft-farinacci-lisp-crypto-00.txt . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction 1. Introduction
The Locator/ID Separation Protocol [RFC6830] defines a set of The Locator/ID Separation Protocol [RFC6830] defines a set of
functions for routers to exchange information used to map from non- functions for routers to exchange information used to map from non-
routable Endpoint Identifiers (EIDs) to routable Routing Locators routable Endpoint Identifiers (EIDs) to routable Routing Locators
(RLOCs). LISP Ingress Tunnel Routers (ITRs) and Proxy Ingress Tunnel (RLOCs). LISP Ingress Tunnel Routers (ITRs) and Proxy Ingress Tunnel
Routers (PITRs) encapsulate packets to Egress Tunnel Routers (ETRs) Routers (PITRs) encapsulate packets to Egress Tunnel Routers (ETRs)
and Reencapsulating Tunnel Routers (RTRs). Packets that arrive at and Reencapsulating Tunnel Routers (RTRs). Packets that arrive at
skipping to change at page 5, line 34 skipping to change at page 5, line 35
| ... Public Key Material | | ... Public Key Material |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AFI = x | Locator Address ... | | AFI = x | Locator Address ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Cipher Suite field contains DH Key Exchange and Cipher/Hash Functions Cipher Suite field contains DH Key Exchange and Cipher/Hash Functions
The 'Key Count' field encodes the number of {'Key-Length', 'Key- The 'Key Count' field encodes the number of {'Key-Length', 'Key-
Material'} fields included in the encoded LCAF. The maximum number Material'} fields included in the encoded LCAF. The maximum number
of keys that can be encoded are 3, each identified by key-id 1, of keys that can be encoded are 3, each identified by key-id 1,
followed by key-id 2, an finally key-id 3. followed by key-id 2, and finally key-id 3.
The 'R' bit is not used for this use-case of the Security Type LCAF The 'R' bit is not used for this use-case of the Security Type LCAF
but is reserved for [LISP-DDT] security. Therefore, the R bit is but is reserved for [LISP-DDT] security. Therefore, the R bit SHOULD
transmitted as 0 and ignored on receipt. be transmitted as 0 and MUST be ignored on receipt.
Cipher Suite 0: Cipher Suite 0:
Reserved Reserved
Cipher Suite 1: Cipher Suite 1:
Diffie-Hellman Group: 2048-bit MODP [RFC3526] Diffie-Hellman Group: 2048-bit MODP [RFC3526]
Encryption: AES with 128-bit keys in CBC mode [AES-CBC] Encryption: AES with 128-bit keys in CBC mode [AES-CBC]
Integrity: Integrated with [AES-CBC] AEAD_AES_128_CBC_HMAC_SHA_256 Integrity: Integrated with [AES-CBC] AEAD_AES_128_CBC_HMAC_SHA_256
IV length: 16 bytes IV length: 16 bytes
skipping to change at page 11, line 29 skipping to change at page 11, line 29
than the ICV located in the ciphertext, then it will be than the ICV located in the ciphertext, then it will be
considered tampered. considered tampered.
3. If the packet was not tampered with, the decrypted packet is 3. If the packet was not tampered with, the decrypted packet is
forwarded to the destination EID. forwarded to the destination EID.
10. Dynamic Rekeying 10. Dynamic Rekeying
Since multiple keys can be encoded in both control and data messages, Since multiple keys can be encoded in both control and data messages,
an ITR can encapsulate and encrypt with a specific key while it is an ITR can encapsulate and encrypt with a specific key while it is
negotiating other keys with the same ETR. Soon as an ETR or RTR negotiating other keys with the same ETR. As soon as an ETR or RTR
returns a Map-Reply, it should be prepared to decapsulate and decrypt returns a Map-Reply, it should be prepared to decapsulate and decrypt
using the new keys computed with the new Diffie-Hellman parameters using the new keys computed with the new Diffie-Hellman parameters
received in the Map-Request and returned in the Map-Reply. received in the Map-Request and returned in the Map-Reply.
RLOC-probing can be used to change keys or cipher suites by the ITR RLOC-probing can be used to change keys or cipher suites by the ITR
at any time. And when an initial Map-Request is sent to populate the at any time. And when an initial Map-Request is sent to populate the
ITR's map-cache, the Map-Request flows across the mapping system ITR's map-cache, the Map-Request flows across the mapping system
where a single ETR from the Map-Reply RLOC-set will respond. If the where a single ETR from the Map-Reply RLOC-set will respond. If the
ITR decides to use the other RLOCs in the RLOC-set, it MUST send a ITR decides to use the other RLOCs in the RLOC-set, it MUST send a
Map-Request directly to negotiate security parameters with the ETR. Map-Request directly to negotiate security parameters with the ETR.
skipping to change at page 12, line 38 skipping to change at page 12, line 38
12.1. SAAG Support 12.1. SAAG Support
The LISP working group received security advice and guidance from the The LISP working group received security advice and guidance from the
Security Area Advisory Group (SAAG). The SAAG has been involved Security Area Advisory Group (SAAG). The SAAG has been involved
early in the design process and their input and reviews have been early in the design process and their input and reviews have been
included in this document. included in this document.
Comments from the SAAG included: Comments from the SAAG included:
1. Do not use assymmetric ciphers in the data-plane. 1. Do not use asymmetric ciphers in the data-plane.
2. Consider adding ECDH early in the design. 2. Consider adding ECDH early in the design.
3. Add cipher suites because ciphers are created more frequently 3. Add cipher suites because ciphers are created more frequently
than protocols that use them. than protocols that use them.
4. Consider the newer AEAD technology so authentication comes with 4. Consider the newer AEAD technology so authentication comes with
doing encryption. doing encryption.
12.2. LISP-Crypto Security Threats 12.2. LISP-Crypto Security Threats
skipping to change at page 16, line 45 skipping to change at page 16, line 45
security expertise to make lisp-crypto as secure as the state of the security expertise to make lisp-crypto as secure as the state of the
art in cryptography. art in cryptography.
In addition, the support and suggestions from the SAAG working group In addition, the support and suggestions from the SAAG working group
were helpful and appreciative. were helpful and appreciative.
Appendix B. Document Change Log Appendix B. Document Change Log
[RFC Editor: Please delete this section on publication as RFC.] [RFC Editor: Please delete this section on publication as RFC.]
B.1. Changes to draft-ietf-lisp-crypto-07.txt B.1. Changes to draft-ietf-lisp-crypto-08.txt
o Posted September 2016.
o Addressed comments from Security Directorate reviewer Chris
Lonvick.
B.2. Changes to draft-ietf-lisp-crypto-07.txt
o Posted September 2016. o Posted September 2016.
o Addressed comments from Routing Directorate reviewer Danny o Addressed comments from Routing Directorate reviewer Danny
McPherson. McPherson.
B.2. Changes to draft-ietf-lisp-crypto-06.txt B.3. Changes to draft-ietf-lisp-crypto-06.txt
o Posted June 2016. o Posted June 2016.
o Fixed IDnits errors. o Fixed IDnits errors.
B.3. Changes to draft-ietf-lisp-crypto-05.txt B.4. Changes to draft-ietf-lisp-crypto-05.txt
o Posted June 2016. o Posted June 2016.
o Update document which reflects comments Luigi provided as document o Update document which reflects comments Luigi provided as document
shepherd. shepherd.
B.4. Changes to draft-ietf-lisp-crypto-04.txt B.5. Changes to draft-ietf-lisp-crypto-04.txt
o Posted May 2016. o Posted May 2016.
o Update document timer from expiration. o Update document timer from expiration.
B.5. Changes to draft-ietf-lisp-crypto-03.txt B.6. Changes to draft-ietf-lisp-crypto-03.txt
o Posted December 2015. o Posted December 2015.
o Changed cipher suite allocations. We now have 2 AES-CBC cipher o Changed cipher suite allocations. We now have 2 AES-CBC cipher
suites for compatibility, 3 AES-GCM cipher suites that are faster suites for compatibility, 3 AES-GCM cipher suites that are faster
ciphers that include AE and a Chacha20-Poly1305 cipher suite which ciphers that include AE and a Chacha20-Poly1305 cipher suite which
is the fastest but not totally proven/accepted.. is the fastest but not totally proven/accepted..
o Remove 1024-bit DH keys for key exchange. o Remove 1024-bit DH keys for key exchange.
skipping to change at page 18, line 9 skipping to change at page 18, line 16
endian). endian).
o Remove A-bit from Security Type LCAF. No need to do o Remove A-bit from Security Type LCAF. No need to do
authentication only with the introduction of AEAD ciphers. These authentication only with the introduction of AEAD ciphers. These
ciphers can do authentication. So you get ciphertext for free. ciphers can do authentication. So you get ciphertext for free.
o Remove language that refers to "encryption-key" and "integrity- o Remove language that refers to "encryption-key" and "integrity-
key". Used term "AEAD-key" that is used by the AEAD cipher suites key". Used term "AEAD-key" that is used by the AEAD cipher suites
that do encryption and authenticaiton internal to the cipher. that do encryption and authenticaiton internal to the cipher.
B.6. Changes to draft-ietf-lisp-crypto-02.txt B.7. Changes to draft-ietf-lisp-crypto-02.txt
o Posted September 2015. o Posted September 2015.
o Add cipher suite for Elliptic Curve 25519 DH exchange. o Add cipher suite for Elliptic Curve 25519 DH exchange.
o Add cipher suite for Chacha20/Poly1305 ciphers. o Add cipher suite for Chacha20/Poly1305 ciphers.
B.7. Changes to draft-ietf-lisp-crypto-01.txt B.8. Changes to draft-ietf-lisp-crypto-01.txt
o Posted May 2015. o Posted May 2015.
o Create cipher suites and encode them in the Security LCAF. o Create cipher suites and encode them in the Security LCAF.
o Add IV to beginning of packet header and ICV to end of packet. o Add IV to beginning of packet header and ICV to end of packet.
o AEAD procedures are now part of encrpytion process. o AEAD procedures are now part of encrpytion process.
B.8. Changes to draft-ietf-lisp-crypto-00.txt B.9. Changes to draft-ietf-lisp-crypto-00.txt
o Posted January 2015. o Posted January 2015.
o Changing draft-farinacci-lisp-crypto-01 to draft-ietf-lisp-crypto- o Changing draft-farinacci-lisp-crypto-01 to draft-ietf-lisp-crypto-
00. This draft has become a working group document 00. This draft has become a working group document
o Add text to indicate the working group may work on a new data o Add text to indicate the working group may work on a new data
encapsulation header format for data-plane encryption. encapsulation header format for data-plane encryption.
B.9. Changes to draft-farinacci-lisp-crypto-01.txt B.10. Changes to draft-farinacci-lisp-crypto-01.txt
o Posted July 2014. o Posted July 2014.
o Add Group-ID to the encoding format of Key Material in a Security o Add Group-ID to the encoding format of Key Material in a Security
Type LCAF and modify the IANA Considerations so this draft can use Type LCAF and modify the IANA Considerations so this draft can use
key exchange parameters from the IANA registry. key exchange parameters from the IANA registry.
o Indicate that the R-bit in the Security Type LCAF is not used by o Indicate that the R-bit in the Security Type LCAF is not used by
lisp-crypto. lisp-crypto.
skipping to change at page 19, line 17 skipping to change at page 19, line 23
process. process.
o Add text indicating that when RLOC-probing is used for RLOC o Add text indicating that when RLOC-probing is used for RLOC
reachability purposes and rekeying is not desired, that the same reachability purposes and rekeying is not desired, that the same
key exchange parameters should be used so a reallocation of a key exchange parameters should be used so a reallocation of a
pubic key does not happen at the ETR. pubic key does not happen at the ETR.
o Add text to indicate that ECDH can be used to reduce CPU o Add text to indicate that ECDH can be used to reduce CPU
requirements for computing shared secret-keys. requirements for computing shared secret-keys.
B.10. Changes to draft-farinacci-lisp-crypto-00.txt B.11. Changes to draft-farinacci-lisp-crypto-00.txt
o Initial draft posted February 2014. o Initial draft posted February 2014.
Authors' Addresses Authors' Addresses
Dino Farinacci Dino Farinacci
lispers.net lispers.net
San Jose, California 95120 San Jose, California 95120
USA USA
 End of changes. 18 change blocks. 
29 lines changed or deleted 37 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/