Locator/ID Separation Protocol (LISP) Data-Plane Confidentiality
draft-ietf-lisp-crypto-10

[Ballot comment]

Thanks for doing this. Great to see folks incorporating such
things where we can and I'll be interested to see how the
experiments with this pan out.

- intro: (nit) "PKI infrastructure" - the I in PKI
already means infrastructure:-)

- intro: (another nit) I don't get why " o  Packet
transport is optimized due to less packet headers.
Packet loss is reduced by a more efficient key exchange."
is true.

- 3: (more nittyness:) AEAD is defined in RFC5116.

- section 6 non-nit: I don't see why you want cipher
suites 1, 2 and 4. The set of 3,5 and 6 seems to me like
it'd be plenty. If it's not too late, I'd encourage you
to either drop 1,2 and 4 or say those are OPTIONAL and
3,5 and 6 are RECOMMENDED.

- section 7: I think you should embed the KDF into the
cipher suite. It's ok to only have one KDF now, but later
you may want others and it's fairly easy to include the
KDF as part of the definition of the ciphersuite.

- section 7: Why didn't you choose RFC 5869 for the KDF?
That's a more accessible reference I think and just as
good.

[Ballot comment]
Thank you for this document.

I would like to double check that I understand the document correctly. Is the following scenario possible:

ITR requests negotiation of 3 keys, then in a later request ITR can request change to 1 (or 2) of the keys, while continuing to use the remaining keys?

[Ballot comment]
Thanks for your work on this draft.  I think the draft would read better if the content of the Abstract is repeated in the introduction.  If you read just the introduction, it is not clear what this draft is about, the abstract text is needed to have an understanding.

In the introduction, I'm not sure what this means:
  Packets that arrive at
  the ITR or PITR are typically not modified, which means no protection
  or privacy of the data is added.

Do you mean modified as in 'not encrypted' or something else?  It would be easier to read if what you meant was clearly stated.

It's followed by this sentence:
  If the source host encrypts the
  data stream then the encapsulated packets can be encrypted but would
  be redundant.

But the introduction doesn't clearly say what this would be redundant to.  Can you clarify this text too?

Thanks for addressing the SecDir review.
https://www.ietf.org/mail-archive/web/secdir/current/msg06835.html

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has completed its review of draft-ietf-lisp-crypto-07. If any part of this review is inaccurate, please let us know.

We have three questions about this document.

Upon approval of this document, we understand that we have only one action to complete: the creation of a registry called "LISP Crypto Cipher Suite," which will be maintained via the First Come First Served registration procedure described in RFC 5226.

These are the registry's initial contents:

Value  Suite                                      Definition
0  Reserved  [This document, Section 6]
1  LISP_2048MODP_AES128_CBC_SHA256  [This document, Section 6]
2  LISP_EC25519_AES128_CBC_SHA256  [This document, Section 6]
3  LISP_2048MODP_AES128_GCM  [This document, Section 6]
4  LISP_3072MODP_AES128_GCM M-3072  [This document, Section 6]
5  LISP_256_EC25519_AES128_GCM  [This document, Section 6]
6  LISP_256_EC25519_CHACHA20_POLY1305  [This document, Section 6]
7-255 (?)  Unassigned

QUESTION 1: http://www.iana.org/protocols lists a category called "Locator/ID Separation Protocol (LISP) Parameters," currently consisting of three registries that are available at http://www.iana.org/assignments/lisp-parameters. Should this registry be created at that URL, in that category?

QUESTION 2: Should the section numbers be included in the registry's reference field?

QUESTION 3: Is the registry's maximum value 255?

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed.

Thank you,

Amanda Baber
Lead IANA Services Specialist

The following Last Call announcement was sent out:

From: The IESG
To: "IETF-Announce"
CC: lisp-chairs@ietf.org, draft-ietf-lisp-crypto@ietf.org, "Luigi Iannone" , ggx@gigix.net, db3546@att.com, lisp@ietf.org
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (LISP Data-Plane Confidentiality) to Experimental RFC


The IESG has received a request from the Locator/ID Separation Protocol
WG (lisp) to consider the following document:
- 'LISP Data-Plane Confidentiality'
  as Experimental RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2016-10-04. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document describes a mechanism for encrypting LISP encapsulated
  traffic.  The design describes how key exchange is achieved using
  existing LISP control-plane mechanisms as well as how to secure the
  LISP data-plane from third-party surveillance attacks.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-lisp-crypto/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-lisp-crypto/ballot/


No IPR declarations have been submitted directly on this I-D.

draft-ietf-lisp-crypto-06.txt Document Write-up

As required by RFC 4858, this is the current template for the Document Shepherd Write-Up.


(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)? Why is
this the proper type of RFC? Is this type of RFC indicated in the
title page header?

    This draft is targeting publication as an Experimental RFC.
It is the proper type of RFC since it adds encryption to the
Locator/ID Separation Protocol (LISP), whose RFCs have
Experimental status.
The RFC type is clearly marked in the title page header.



(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary:

This document describes a mechanism for encrypting LISP
encapsulated traffic. The design relies secret shared keys
negotiated between the ITR and the ETR in Map-Request and
Map-Reply messages.  The ITR can compute 3 shared-secrets
per ETR the ITR is encapsulating to.  When the ITR encrypts
a packet before encapsulation, it will identify, via two bits
      LISP-specific header, which key it used for encryption
      so the ETR knows which key to use for decrypting the packet
      after decapsulation.  The use of key-ids nn the LISP header
enables fast rekeying functionality.
      Encryption is unidirectional, meaning that bidirectional
communications have separate key exchange on  aper direction
basis.


Working Group Summary:

The document filled a gap that the working group felt was
important to address, namely confidentiality in the LISP data
plane. Since the document was created on explicit request of
      the working group, it has received a strong support during
its evolution.
The version of the document that was approved during WG Last
      Call is -04. As a shepherd I required a few editorial changes
to the document, in particular to the IANA section, which in
-04 was not completely conform to RFC 5226. Then a couple of
idnits needed to be cleared. This, -06 contains all the fixes.


Document Quality:

Are there existing implementations of the protocol? Have a significant
number of vendors indicated their plan to implement the specification?
Are there any reviewers that merit special mention as having done a
thorough review, e.g., one that resulted in important changes or a
conclusion that the document had no substantive issues? If there was a
MIB Doctor, Media Type or other expert review, what was its course
(briefly)? In the case of a Media Type review, on what date was the
request posted?

On explicit request of the chairs, the authors have requested
and obtained review and feedback from the Security Area Advisory
Group (SAAG). There ate least one implementation of the proposed
mechanism.


Personnel:

Who is the Document Shepherd?

        Luigi Iannone   
   
           
Who is the Responsible Area Director?

      Deborah Brungard .



(3) Briefly describe the review of this document that was performed by
the Document Shepherd. If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.


      I reviewed carefully the document. The text is clear and
      understandable.
On the document that past the WG Last Call I had some editorial
changes. In particular the IANA considerations section was not
conform to RFC 5226. Version -05 of the document addressed the
      issue. Version -06 was issued to fix some issues with the
references and clear the idnits check.
I have checked the mailinglist and meeting minutes and
      publication WG consensus has been reached appropriately.
I checked the ID nits (output provided  on point 11)
and everything is clear.


(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  As the document shepherd I have no concerns.



(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

      The document has already been reviewed by SAAG, which
was involved as soon as the document was adopted by the WG.




(6) Describe any specific concerns or issues that the Document
Shepherd has with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he or she is
uncomfortable with certain parts of the document, or has concerns
whether there really is a need for it. In any event, if the WG has
discussed those issues and has indicated that it still wishes to
advance the document, detail those concerns here.

  I have no specific concerns or issues to point out.



(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP
78 and BCP 79 have already been filed. If not, explain why?

        All authors have made conforming IPR disclosure.



(8) Has an IPR disclosure been filed that references this document? If
so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  No IPR disclosures have been filed. 



(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it?

          There has been clear strong consensus behind this document,
  showing that the WG as a whole understand and agree with it.



(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

  Nobody did show discontent nor threatened an appeal.



(11) Identify any ID nits the Document Shepherd has found in this
document. (See http://www.ietf.org/tools/idnits/ and the
Internet-Drafts Checklist). Boilerplate checks are not enough; this
check needs to be thorough.

idnits 2.14.01

tmp/draft-ietf-lisp-crypto-06.txt:
  Attempted to download rfc0002 state...
  Failure fetching the file, proceeding without it.
  Attempted to download rfc0100 state...
  Failure fetching the file, proceeding without it.

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  http://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

    No issues found here.

  Checking nits according to http://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

    No issues found here.

  Checking nits according to http://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

    No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  -- The document date (June 29, 2016) is 6 days in the past.  Is this
    intentional?


  Checking references for intended status: Experimental
  ----------------------------------------------------------------------------

    No issues found here.

    Summary: 0 errors (**), 0 flaws (~~), 0 warnings (==), 1 comment (--).

    Run idnits with the --verbose option for more detailed information about
    the items above.
--------------------------------------------------------------------------------


(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

  No formal review is required.



(13) Have all references within this document been identified as
either normative or informative?

        Yes.



(14) Are there normative references to documents that are not ready
for advancement or are otherwise in an unclear state? If such
normative references exist, what is the plan for their completion?

There are no normative references in unclear state.
The [LCAF] has past WG Last Call and I am shepherding
as well that document. So they are moving in parallel.



(15) Are there downward normative references references (see RFC
3967)? If so, list these downward references to support the Area
Director in the Last Call procedure.

  There are no downward normative references.



(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are
not listed in the Abstract and Introduction, explain why, and point to
the part of the document where the relationship of this document to
the other RFCs is discussed. If this information is not in the
document, explain why the WG considers it unnecessary.

No existing RFC's status will change due to the publication
of this document.



(17) Describe the Document Shepherd's review of the IANA
considerations section, especially with regard to its consistency with
the body of the document. Confirm that all protocol extensions that
the document makes are associated with the appropriate reservations in
IANA registries. Confirm that any referenced IANA registries have been
clearly identified. Confirm that newly created IANA registries include
a detailed specification of the initial contents for the registry,
that allocations procedures for future registrations are defined, and
a reasonable name for the new registry has been suggested (see RFC
5226).

This document instruct IANA to create a new registry for the
Cipher Suite value transported in the security material fo
Map-Request and Map-Reply messages. The initial content
of the newly created registry is well identified and allocations
procedure is a simple First Come Fist Served policy.
The registry is named “LISP Crypto Cipher Suite”, which
concisely express its content.




(18) List any new IANA registries that require Expert Review for
future allocations. Provide any public guidance that the IESG would
find useful in selecting the IANA Experts for these new registries.

No expert review is required.



(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  The document does not contain anything written in a formal
  language, hence, no validation and/or check has been
  performed.