[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lisp] Call for interest in working on security

From: Sam Hartman <hartmans-ietf at mit.edu>
To: Luigi Iannone <luigi at net.t-labs.tu-berlin.de>
Cc: Olivier Bonaventure <Olivier.Bonaventure at uclouvain.be>, lisp at ietf.org
Date: Fri, 09 Oct 2009 16:20:48 -0400
In-reply-to: <C20E3AB2-46B9-4544-8AB0-68C2908804BB at net.t-labs.tu-berlin.de> (Luigi Iannone's message of "Sat\, 26 Sep 2009 13\:21\:55 +0200")
References: <tsl4oqwh7th.fsf at mit.edu> <4AB9B6BE.6070006 at cisco.com> <tsl63ba54h9.fsf at mit.edu> <C20E3AB2-46B9-4544-8AB0-68C2908804BB at net.t-labs.tu-berlin.de>

>>>>> "Luigi" == Luigi Iannone <luigi at net.t-labs.tu-berlin.de> writes:

Luigi> Coming back to you page, I really think that we should
Luigi> analyze the mapping system from the inside. What I mean is
Luigi> that we do not need to analyze the ALT, or whatever mapping
Luigi> system you like, the most appropriate approach is IMO to
Luigi> give a set "guidelines/requirements" (I do not have a
Luigi> better word right now) for designing a mapping system.

I agree we should do this.
I think that it's even one of our charter deliverables.

Luigi> Discussing if ALT provides the same level of security like
Luigi> BGP is IMHO a waste of time.

Well, we're also trying to build something practical here. It's all well and good to write up requirements: I certainly have done it many times myself and expect to participate in work of this type in LISP.
However, I'm also trying to be practical in a number of ways:

* I'm guessing some of the results of the security analysis--I'm guessing we're going to decide that mapping integrity is the big deal for a mapping system.
* I'm guessing that designing a PKI for a mapping system may be out of scope for our current efforts
* I'm guessing that mandatory-to-use PKIs will not gain consensus in this WG (I doubt I'd support them and I'm fairly pro-security for our population)
* However, we need to make sure that absent such a PKI, the mapping system is not worse than today's internet.

I don't see how to deal with the last point without getting into the details of alt.
Remember also that we're trying to run experiments.

* I want to get to a point where I know if alt is secure enough that I'm willing to run my day-to-day traffic over it. I understand some people do, but I need to understand its security properties before I will.
* We want to make sure that our experimental results are useful. That means we need our security mechanisms present at least enough to understand their performance impact etc.

So, I think we need to dig into the details of alt a bit. Not to develop requirements, but
1) to understand whether alt meets the requirements we do develop
2) to make it good enough for the experiments.

Finally, I think I need to motivate my list of threats.
I think I should have to answer the question of "why isn't this a problem on the Internet today?"

References:
- [lisp] Call for interest in working on security
  - From: Sam Hartman
- Re: [lisp] Call for interest in working on security
  - From: Eliot Lear
- Re: [lisp] Call for interest in working on security
  - From: Sam Hartman
- Re: [lisp] Call for interest in working on security
  - From: Luigi Iannone

Prev by Date: [lisp] FW: LISP - Requested sessions have been scheduled for IETF 76
Next by Date: [lisp] Comments on draft-saucez-lisp-security-00
Previous by thread: Re: [lisp] Call for interest in working on security
Next by thread: [lisp] Comments on draft-saucez-lisp-security-00
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.