Locator/ID Separation Protocol (LISP) Data-Plane Confidentiality
RFC 8061
Internet Engineering Task Force (IETF) D. Farinacci
Request for Comments: 8061 lispers.net
Category: Experimental B. Weis
ISSN: 2070-1721 Cisco Systems
February 2017
Locator/ID Separation Protocol (LISP) Data-Plane Confidentiality
Abstract
This document describes a mechanism for encrypting traffic
encapsulated using the Locator/ID Separation Protocol (LISP). The
design describes how key exchange is achieved using existing LISP
control-plane mechanisms as well as how to secure the LISP data plane
from third-party surveillance attacks.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for examination, experimental implementation, and
evaluation.
This document defines an Experimental Protocol for the Internet
community. This document is a product of the Internet Engineering
Task Force (IETF). It represents the consensus of the IETF
community. It has received public review and has been approved for
publication by the Internet Engineering Steering Group (IESG). Not
all documents approved by the IESG are a candidate for any level of
Internet Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc8061.
Farinacci & Weis Experimental [Page 1]
RFC 8061 LISP Data-Plane Confidentiality February 2017
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................3
2. Requirements Notation ...........................................4
3. Definition of Terms .............................................4
4. Overview ........................................................4
5. Diffie-Hellman Key Exchange .....................................5
6. Encoding and Transmitting Key Material ..........................6
7. Shared Keys Used for the Data Plane .............................8
8. Data-Plane Operation ...........................................10
9. Procedures for Encryption and Decryption .......................11
10. Dynamic Rekeying ..............................................12
11. Future Work ...................................................13
12. Security Considerations .......................................14
12.1. SAAG Support .............................................14
12.2. LISP-Crypto Security Threats .............................14
13. IANA Considerations ...........................................15
14. References ....................................................16
14.1. Normative References .....................................16
14.2. Informative References ...................................17
Acknowledgments ...................................................18
Authors' Addresses ................................................18
Farinacci & Weis Experimental [Page 2]
RFC 8061 LISP Data-Plane Confidentiality February 2017
1. Introduction
This document describes a mechanism for encrypting LISP-encapsulated
traffic. The design describes how key exchange is achieved using
existing LISP control-plane mechanisms as well as how to secure the
LISP data plane from third-party surveillance attacks.
The Locator/ID Separation Protocol [RFC6830] defines a set of
functions for routers to exchange information used to map from
non-routable Endpoint Identifiers (EIDs) to routable Routing Locators
(RLOCs). LISP Ingress Tunnel Routers (ITRs) and Proxy Ingress Tunnel
Routers (PITRs) encapsulate packets to Egress Tunnel Routers (ETRs)
and Re-encapsulating Tunnel Routers (RTRs). Packets that arrive at
the ITR or PITR may not be encrypted, which means no protection or
privacy of the data is added. When the source host encrypts the data
stream, encapsulated packets do not need to be encrypted by LISP.
However, when plaintext packets are sent by hosts, this design can
Show full document text