draft-ietf-lisp-sec-18.txt   draft-ietf-lisp-sec-19.txt 
Network Working Group F. Maino Network Working Group F. Maino
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Intended status: Standards Track V. Ermagan Intended status: Standards Track V. Ermagan
Expires: December 4, 2019 Google Expires: January 24, 2020 Google
A. Cabellos A. Cabellos
Universitat Politecnica de Catalunya Universitat Politecnica de Catalunya
D. Saucez D. Saucez
INRIA INRIA
June 2, 2019 July 23, 2019
LISP-Security (LISP-SEC) LISP-Security (LISP-SEC)
draft-ietf-lisp-sec-18 draft-ietf-lisp-sec-19
Abstract Abstract
This memo specifies LISP-SEC, a set of security mechanisms that This memo specifies LISP-SEC, a set of security mechanisms that
provides origin authentication, integrity and anti-replay protection provides origin authentication, integrity and anti-replay protection
to LISP's EID-to-RLOC mapping data conveyed via mapping lookup to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
process. LISP-SEC also enables verification of authorization on EID- process. LISP-SEC also enables verification of authorization on EID-
prefix claims in Map-Reply messages. prefix claims in Map-Reply messages.
Requirements Language Requirements Language
skipping to change at page 1, line 47 skipping to change at page 1, line 47
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 4, 2019. This Internet-Draft will expire on January 24, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 23, line 25 skipping to change at page 23, line 25
7.1. ECM AD Type Registry 7.1. ECM AD Type Registry
IANA is requested to create the "ECM Authentication Data Type" IANA is requested to create the "ECM Authentication Data Type"
registry with values 0-255, for use in the ECM LISP-SEC Extensions registry with values 0-255, for use in the ECM LISP-SEC Extensions
Section 5.1. The registry MUST be initially populated with the Section 5.1. The registry MUST be initially populated with the
following values: following values:
Name Value Defined In Name Value Defined In
------------------------------------------------- -------------------------------------------------
Unassigned 0 This memo Reserved 0 This memo
LISP-SEC-ECM-EXT 1 This memo LISP-SEC-ECM-EXT 1 This memo
HMAC Functions HMAC Functions
Values 2-255 are unassigned. They are to be assigned according to Values 2-255 are unassigned. They are to be assigned according to
the "Specification Required" policy defined in [RFC5226]. the "Specification Required" policy defined in [RFC5226].
7.2. Map-Reply AD Type Registry 7.2. Map-Reply AD Type Registry
IANA is requested to create the "Map-Reply Authentication Data Type" IANA is requested to create the "Map-Reply Authentication Data Type"
registry with values 0-255, for use in the Map-Reply LISP-SEC registry with values 0-255, for use in the Map-Reply LISP-SEC
Extensions Section 5.2. The registry MUST be initially populated Extensions Section 5.2. The registry MUST be initially populated
with the following values: with the following values:
Name Value Defined In Name Value Defined In
------------------------------------------------- -------------------------------------------------
Unassigned 0 This memo Reserved 0 This memo
LISP-SEC-MR-EXT 1 This memo LISP-SEC-MR-EXT 1 This memo
HMAC Functions HMAC Functions
Values 2-255 are unassigned. They are to be assigned according to Values 2-255 are unassigned. They are to be assigned according to
the "Specification Required" policy defined in [RFC5226]. the "Specification Required" policy defined in [RFC5226].
7.3. HMAC Functions 7.3. HMAC Functions
IANA is requested to create the "LISP-SEC Authentication Data HMAC IANA is requested to create the "LISP-SEC Authentication Data HMAC
skipping to change at page 24, line 33 skipping to change at page 24, line 33
supported. supported.
7.4. Key Wrap Functions 7.4. Key Wrap Functions
IANA is requested to create the "LISP-SEC Authentication Data Key IANA is requested to create the "LISP-SEC Authentication Data Key
Wrap ID" registry with values 0-65535 for use as OTK key wrap Wrap ID" registry with values 0-65535 for use as OTK key wrap
algorithms ID in the LISP-SEC Authentication Data: algorithms ID in the LISP-SEC Authentication Data:
Name Number KEY WRAP KDF Name Number KEY WRAP KDF
----------------------------------------------------------------- -----------------------------------------------------------------
Unassigned 0 None None Reserved 0 None None
NULL-KEY-WRAP-128 1 This memo None NULL-KEY-WRAP-128 1 This memo None
AES-KEY-WRAP-128+HKDF-SHA256 2 [RFC3394] [RFC4868] AES-KEY-WRAP-128+HKDF-SHA256 2 [RFC3394] [RFC4868]
Key Wrap Functions Key Wrap Functions
Values 3-65535 are unassigned. They are to be assigned according to Values 3-65535 are unassigned. They are to be assigned according to
the "Specification Required" policy defined in [RFC5226]. the "Specification Required" policy defined in [RFC5226].
NULL-KEY-WRAP-128, and AES-KEY-WRAP-128+HKDF-SHA256 MUST be NULL-KEY-WRAP-128, and AES-KEY-WRAP-128+HKDF-SHA256 MUST be
supported. supported.
skipping to change at page 25, line 35 skipping to change at page 25, line 35
The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
Noll for their valuable suggestions provided during the preparation Noll for their valuable suggestions provided during the preparation
of this document. of this document.
9. References 9. References
9.1. Normative References 9.1. Normative References
[I-D.ietf-lisp-rfc6833bis] [I-D.ietf-lisp-rfc6833bis]
Fuller, V., Farinacci, D., and A. Cabellos-Aparicio, Farinacci, D., Maino, F., Fuller, V., and A. Cabellos-
"Locator/ID Separation Protocol (LISP) Control-Plane", Aparicio, "Locator/ID Separation Protocol (LISP) Control-
draft-ietf-lisp-rfc6833bis-24 (work in progress), February Plane", draft-ietf-lisp-rfc6833bis-25 (work in progress),
2019. June 2019.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104, Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997, <https://www.rfc- DOI 10.17487/RFC2104, February 1997, <https://www.rfc-
editor.org/info/rfc2104>. editor.org/info/rfc2104>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>. editor.org/info/rfc2119>.
skipping to change at page 27, line 10 skipping to change at page 27, line 10
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
9.2. Informative References 9.2. Informative References
[I-D.ietf-lisp-rfc6830bis] [I-D.ietf-lisp-rfc6830bis]
Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A.
Cabellos-Aparicio, "The Locator/ID Separation Protocol Cabellos-Aparicio, "The Locator/ID Separation Protocol
(LISP)", draft-ietf-lisp-rfc6830bis-26 (work in progress), (LISP)", draft-ietf-lisp-rfc6830bis-27 (work in progress),
November 2018. June 2019.
Authors' Addresses Authors' Addresses
Fabio Maino Fabio Maino
Cisco Systems Cisco Systems
170 Tasman Drive 170 Tasman Drive
San Jose, California 95134 San Jose, California 95134
USA USA
Email: fmaino@cisco.com Email: fmaino@cisco.com
 End of changes. 9 change blocks. 
13 lines changed or deleted 13 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/