Skip to main content

Shepherd writeup
draft-ietf-lisp-sec

draft-ietf-lisp-sec-25.txt Document Write-up

As required by RFC 4858, this is the current template for the Document Shepherd
Write-Up.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)? Why is
this the proper type of RFC? Is this type of RFC indicated in the
title page header?

        This document is targeting publication as Proposed Standard.
            The document introduces security features, for the LISP main
      specification, which are mandatory to implement when LISP is
      deployed in an open environment like the Internet.
      Because the documents with the main LISP specification are
      published as Proposed Standard, this document of the same type.
      The RFC type is clearly marked in the title page header.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary:

      This document describes a security mechanism aiming at
      providing origin authentication, integrity and anti-replay protection
      to LISP map lookup process. In addition, it provides protection against
      prefix over-claiming attacks, ensuring that the sender of a
      Map-Reply providing the mapping for a certain EID-prefix is
      entitled to do so according to what is registered in the
      associated Map-Server. The whole mechanism is based on
      One-Time-Keys (OTK) used to compute Keyed-Hashing Message
      Authentication (HMAC). The mechanism is mandatory to implement in public
      deployments of LISP.

Working Group Summary:

       The document has been around since 2011, and has been discussed
       several times. From the beginning, there was strong support, because
       the WG felt that the having a mechanism to protect the map lookup
       process was really important in order to make possible have public
       deployments that cannot be easily attacked.
       The support of the document has been always present, while the
       document evolved. The discussion in the WG mainly focused
       on clearly identify what the proposed mechanism protect or which level
       of security it provides.
             The version of the document that was approved during WG Last
       Call is -12. The document went through the usual IETF process and was
       even scheduled to be discussed in the IESG telechat. However, at that
       time the document was "experimental". At the same time, there where the
       new LISP specification documents that were advancing as Proposed
       Standard. The security review of these new documents concluded that LISP
       public deployments, like in the Internet, MUST implement LISP-SEC.
       So the document was sent back in order to put it in the standard track
       and make sure that it is consistent with the new specifications. This
       work has been done and generated a few revisions due to the security
       review. Early this year (2021), publication has been requested for the
       main LISP specifications and this document will complete the set of
       specifications.

Document Quality:

Are there existing implementations of the protocol? Have a significant
number of vendors indicated their plan to implement the specification?
Are there any reviewers that merit special mention as having done a
thorough review, e.g., one that resulted in important changes or a
conclusion that the document had no substantive issues? If there was a
MIB Doctor, Media Type or other expert review, what was its course
(briefly)? In the case of a Media Type review, on what date was the
request posted?

             There is a strong interest in LISP-SEC especially by potential
       LISP adopters because protecting the map lookup process is key to
       have a robust system where mapping information cannot be tempered.
       Even further, LISP-SEC is mandatory to implement in public LISP
       deployments.

Personnel:

Who is the Document Shepherd?

        Luigi Iannone <ggx@gigix.net>

Who is the Responsible Area Director?

        Alvaro Retana <aretana.ietf@gmail.com>

(3) Briefly describe the review of this document that was performed by
the Document Shepherd. If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

        I reviewed carefully revision -23 of the document. I had few editorial
        issues that have been fixed in the follow-up revisions by the authors.
        The text is sufficiently clear and understandable. Back when LISP-SEC
        past WG Last Call, I have checked the mailinglist and meeting minutes
        and publication WG consensus has been reached appropriately. During the
        revision work up to the latest version fo the document the WG has been
        updated regularly on the advances. No discontent or objection to the
        modification has been ever shown.
              I checked the ID nits (output provided  on point 11)
              and everything is clear with the exception of a warning due to
        the notation used in the document which the idnits tools mistakenly
        considers being a citation.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

        As the document shepherd I have no concerns.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

        I do not think that a additional specific review is needed (other than
        the usual ones).

(6) Describe any specific concerns or issues that the Document
Shepherd has with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he or she is
uncomfortable with certain parts of the document, or has concerns
whether there really is a need for it. In any event, if the WG has
discussed those issues and has indicated that it still wishes to
advance the document, detail those concerns here.

               I have no specific concerns or issues to point out.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP
78 and BCP 79 have already been filed. If not, explain why?

        All authors have made conforming IPR disclosure.

(8) Has an IPR disclosure been filed that references this document? If
so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

               No IPR disclosures have been filed.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it?

        There has been clear strong consensus behind this document,
              showing that the WG as a whole understands and agree with it.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

               Nobody did show discontent nor threatened an appeal.

(11) Identify any ID nits the Document Shepherd has found in this
document. (See http://www.ietf.org/tools/idnits/ and the
Internet-Drafts Checklist). Boilerplate checks are not enough; this
check needs to be thorough.

idnits 2.17.00 (12 Aug 2021)

/tmp/idnits14237/draft-ietf-lisp-sec-25.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  -- The document date (8 December 2021) is 6 days in the past.  Is this
     intentional?

  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Missing Reference: 'Key ID' is mentioned on line 620, but not defined

     Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.
--------------------------------------------------------------------------------

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

               No formal review is required.

(13) Have all references within this document been identified as
either normative or informative?

        Only normative references are present. They are clearly
        identified as such.

(14) Are there normative references to documents that are not ready
for advancement or are otherwise in an unclear state? If such
normative references exist, what is the plan for their completion?

               There are no normative references in unclear state.

(15) Are there downward normative references references (see RFC
3967)? If so, list these downward references to support the Area
Director in the Last Call procedure.

               There are no downward normative references.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are
not listed in the Abstract and Introduction, explain why, and point to
the part of the document where the relationship of this document to
the other RFCs is discussed. If this information is not in the
document, explain why the WG considers it unnecessary.

               No existing RFC's status will change due to the publication
               of this document.

(17) Describe the Document Shepherd's review of the IANA
considerations section, especially with regard to its consistency with
the body of the document. Confirm that all protocol extensions that
the document makes are associated with the appropriate reservations in
IANA registries. Confirm that any referenced IANA registries have been
clearly identified. Confirm that newly created IANA registries include
a detailed specification of the initial contents for the registry,
that allocations procedures for future registrations are defined, and
a reasonable name for the new registry has been suggested (see RFC
5226).

               This document instruct IANA to create five different registries,
         namely:
         - ECM AD Type Registry, with values ranging from 0 to 255.
         - Map-Reply AD Type Registry, with values ranging from 0 to 255.
         - HMAC Functions, with values ranging from 0 to 65535.
         - Key Wrap Functions, with values ranging from 0 to 65535.
         - Key Derivation Functions, with values ranging from 0 to 65535.
         Initial content for all of the above registries is well identified and
         future allocations is requested to be assigned according to the
         "Specification Required" policy defined in RFC5226.

(18) List any new IANA registries that require Expert Review for
future allocations. Provide any public guidance that the IESG would
find useful in selecting the IANA Experts for these new registries.

               No expert review is required.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

               The document does not contain anything written in a formal
               language, hence, no validation and/or check has been
               performed.
Back