draft-ietf-lisp-sec-16.txt   draft-ietf-lisp-sec-17.txt 
Network Working Group F. Maino Network Working Group F. Maino
Internet-Draft V. Ermagan Internet-Draft V. Ermagan
Intended status: Standards Track Cisco Systems Intended status: Standards Track Cisco Systems
Expires: April 21, 2019 A. Cabellos Expires: June 2, 2019 A. Cabellos
Universitat Politecnica de Catalunya Universitat Politecnica de Catalunya
D. Saucez D. Saucez
INRIA INRIA
October 18, 2018 November 29, 2018
LISP-Security (LISP-SEC) LISP-Security (LISP-SEC)
draft-ietf-lisp-sec-16 draft-ietf-lisp-sec-17
Abstract Abstract
This memo specifies LISP-SEC, a set of security mechanisms that This memo specifies LISP-SEC, a set of security mechanisms that
provides origin authentication, integrity and anti-replay protection provides origin authentication, integrity and anti-replay protection
to LISP's EID-to-RLOC mapping data conveyed via mapping lookup to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
process. LISP-SEC also enables verification of authorization on EID- process. LISP-SEC also enables verification of authorization on EID-
prefix claims in Map-Reply messages. prefix claims in Map-Reply messages.
Requirements Language Requirements Language
skipping to change at page 1, line 44 skipping to change at page 1, line 44
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 21, 2019. This Internet-Draft will expire on June 2, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 45 skipping to change at page 2, line 45
5.7. Map-Server Processing . . . . . . . . . . . . . . . . . . 15 5.7. Map-Server Processing . . . . . . . . . . . . . . . . . . 15
5.7.1. Map-Server Processing in Proxy mode . . . . . . . . . 16 5.7.1. Map-Server Processing in Proxy mode . . . . . . . . . 16
5.8. ETR Processing . . . . . . . . . . . . . . . . . . . . . 16 5.8. ETR Processing . . . . . . . . . . . . . . . . . . . . . 16
6. Security Considerations . . . . . . . . . . . . . . . . . . . 17 6. Security Considerations . . . . . . . . . . . . . . . . . . . 17
6.1. Mapping System Security . . . . . . . . . . . . . . . . . 17 6.1. Mapping System Security . . . . . . . . . . . . . . . . . 17
6.2. Random Number Generation . . . . . . . . . . . . . . . . 17 6.2. Random Number Generation . . . . . . . . . . . . . . . . 17
6.3. Map-Server and ETR Colocation . . . . . . . . . . . . . . 17 6.3. Map-Server and ETR Colocation . . . . . . . . . . . . . . 17
6.4. Deploying LISP-SEC . . . . . . . . . . . . . . . . . . . 18 6.4. Deploying LISP-SEC . . . . . . . . . . . . . . . . . . . 18
6.5. Shared Keys Provisioning . . . . . . . . . . . . . . . . 18 6.5. Shared Keys Provisioning . . . . . . . . . . . . . . . . 18
6.6. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 18 6.6. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 18
6.7. Denial of Service and Distributed Denial of Service 6.7. Message Privacy . . . . . . . . . . . . . . . . . . . . . 19
6.8. Denial of Service and Distributed Denial of Service
Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 19 Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 19
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19
7.1. ECM AD Type Registry . . . . . . . . . . . . . . . . . . 19 7.1. ECM AD Type Registry . . . . . . . . . . . . . . . . . . 19
7.2. Map-Reply AD Type Registry . . . . . . . . . . . . . . . 19 7.2. Map-Reply AD Type Registry . . . . . . . . . . . . . . . 19
7.3. HMAC Functions . . . . . . . . . . . . . . . . . . . . . 20 7.3. HMAC Functions . . . . . . . . . . . . . . . . . . . . . 20
7.4. Key Wrap Functions . . . . . . . . . . . . . . . . . . . 20 7.4. Key Wrap Functions . . . . . . . . . . . . . . . . . . . 20
7.5. Key Derivation Functions . . . . . . . . . . . . . . . . 21 7.5. Key Derivation Functions . . . . . . . . . . . . . . . . 21
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 21 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 21
9. Normative References . . . . . . . . . . . . . . . . . . . . 21 9. Normative References . . . . . . . . . . . . . . . . . . . . 21
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23
1. Introduction 1. Introduction
The Locator/ID Separation Protocol The Locator/ID Separation Protocol
[I-D.ietf-lisp-rfc6830bis],[I-D.ietf-lisp-rfc6833bis] is a network- [I-D.ietf-lisp-rfc6830bis],[I-D.ietf-lisp-rfc6833bis] is a network-
layer-based protocol that enables separation of IP addresses into two layer-based protocol that enables separation of IP addresses into two
new numbering spaces: Endpoint Identifiers (EIDs) and Routing new numbering spaces: Endpoint Identifiers (EIDs) and Routing
Locators (RLOCs). EID-to-RLOC mappings are stored in a database, the Locators (RLOCs). EID-to-RLOC mappings are stored in a database, the
LISP Mapping System, and made available via the Map-Request/Map-Reply LISP Mapping System, and made available via the Map-Request/Map-Reply
lookup process. If these EID-to-RLOC mappings, carried through Map- lookup process. If these EID-to-RLOC mappings, carried through Map-
skipping to change at page 19, line 10 skipping to change at page 19, line 10
replay it, however once the ITR receives the original Map-Reply the replay it, however once the ITR receives the original Map-Reply the
<nonce,ITR-OTK> pair stored at the ITR will be discarded. If a <nonce,ITR-OTK> pair stored at the ITR will be discarded. If a
replayed Map-Reply arrives at the ITR, there is no <nonce,ITR-OTK> replayed Map-Reply arrives at the ITR, there is no <nonce,ITR-OTK>
that matches the incoming Map-Reply and will be discarded. that matches the incoming Map-Reply and will be discarded.
In case of replayed Map-Request, the Map-Server, Map-Resolver and ETR In case of replayed Map-Request, the Map-Server, Map-Resolver and ETR
will have to do a LISP-SEC computation. This is equivalent to a will have to do a LISP-SEC computation. This is equivalent to a
valid LISP-SEC computation and an attacker does not obtain any valid LISP-SEC computation and an attacker does not obtain any
benefit. benefit.
6.7. Denial of Service and Distributed Denial of Service Attacks 6.7. Message Privacy
DTLS [RFC6347] SHOULD be used to provide communication privacy and to
prevent eavesdropping, tampering, or message forgery to the messages
exchanged between the ITR, Map-Resolver, Map-Server, and ETR.
6.8. Denial of Service and Distributed Denial of Service Attacks
LISP-SEC mitigates the risks of Denial of Service and Distributed LISP-SEC mitigates the risks of Denial of Service and Distributed
Denial of Service attacks by protecting the integrity and Denial of Service attacks by protecting the integrity and
authenticating the origin of the Map-Request/Map-Reply messages, and authenticating the origin of the Map-Request/Map-Reply messages, and
by preventing malicious ETRs from overclaiming EID prefixes that by preventing malicious ETRs from overclaiming EID prefixes that
could re-direct traffic directed to a potentially large number of could re-direct traffic directed to a potentially large number of
hosts. hosts.
7. IANA Considerations 7. IANA Considerations
skipping to change at page 21, line 35 skipping to change at page 21, line 43
The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
Noll for their valuable suggestions provided during the preparation Noll for their valuable suggestions provided during the preparation
of this document. of this document.
9. Normative References 9. Normative References
[I-D.ietf-lisp-rfc6830bis] [I-D.ietf-lisp-rfc6830bis]
Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A.
Cabellos-Aparicio, "The Locator/ID Separation Protocol Cabellos-Aparicio, "The Locator/ID Separation Protocol
(LISP)", draft-ietf-lisp-rfc6830bis-24 (work in progress), (LISP)", draft-ietf-lisp-rfc6830bis-26 (work in progress),
October 2018. November 2018.
[I-D.ietf-lisp-rfc6833bis] [I-D.ietf-lisp-rfc6833bis]
Fuller, V., Farinacci, D., and A. Cabellos-Aparicio, Fuller, V., Farinacci, D., and A. Cabellos-Aparicio,
"Locator/ID Separation Protocol (LISP) Control-Plane", "Locator/ID Separation Protocol (LISP) Control-Plane",
draft-ietf-lisp-rfc6833bis-18 (work in progress), October draft-ietf-lisp-rfc6833bis-22 (work in progress), November
2018. 2018.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104, Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997, <https://www.rfc- DOI 10.17487/RFC2104, February 1997, <https://www.rfc-
editor.org/info/rfc2104>. editor.org/info/rfc2104>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
skipping to change at page 22, line 34 skipping to change at page 22, line 39
[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
Key Derivation Function (HKDF)", RFC 5869, Key Derivation Function (HKDF)", RFC 5869,
DOI 10.17487/RFC5869, May 2010, <https://www.rfc- DOI 10.17487/RFC5869, May 2010, <https://www.rfc-
editor.org/info/rfc5869>. editor.org/info/rfc5869>.
[RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms [RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and SHA-based HMAC and HKDF)", RFC 6234, (SHA and SHA-based HMAC and HKDF)", RFC 6234,
DOI 10.17487/RFC6234, May 2011, <https://www.rfc- DOI 10.17487/RFC6234, May 2011, <https://www.rfc-
editor.org/info/rfc6234>. editor.org/info/rfc6234>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <https://www.rfc-editor.org/info/rfc6347>.
[RFC6836] Fuller, V., Farinacci, D., Meyer, D., and D. Lewis, [RFC6836] Fuller, V., Farinacci, D., Meyer, D., and D. Lewis,
"Locator/ID Separation Protocol Alternative Logical "Locator/ID Separation Protocol Alternative Logical
Topology (LISP+ALT)", RFC 6836, DOI 10.17487/RFC6836, Topology (LISP+ALT)", RFC 6836, DOI 10.17487/RFC6836,
January 2013, <https://www.rfc-editor.org/info/rfc6836>. January 2013, <https://www.rfc-editor.org/info/rfc6836>.
[RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID [RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
Separation Protocol (LISP) Threat Analysis", RFC 7835, Separation Protocol (LISP) Threat Analysis", RFC 7835,
DOI 10.17487/RFC7835, April 2016, <https://www.rfc- DOI 10.17487/RFC7835, April 2016, <https://www.rfc-
editor.org/info/rfc7835>. editor.org/info/rfc7835>.
 End of changes. 11 change blocks. 
11 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/