[00:03:33] hide.zebra joins the room
[00:03:49] gigix73 joins the room
[00:03:50] Wes George joins the room
[00:03:52] eburger joins the room
[00:04:11] jlcJohn joins the room
[00:04:17] shikob joins the room
[00:07:02] marshall joins the room
[00:07:06] becarpenter joins the room
[00:07:16] <marshall> J=I am the jabber scribe
[00:07:22] Fuad Abinader joins the room
[00:07:27] <marshall> some items from stockholm
[00:07:31] <marshall> Joel Halpern
[00:07:37] <marshall> LISP mapping isues
[00:08:03] <marshall> Going to try and describe his personal take on this this and his effort to decompose it
[00:08:10] <marshall> there are a lot of bits and peices
[00:08:20] <marshall> there is no way to cover all of it
[00:08:34] <marshall> talking about the mapping system, map resolvers and map servers
[00:08:55] <marshall> somehow you have to go from an EID to an RLOC
[00:09:00] <marshall> there is a request
[00:09:03] <marshall> a eply
[00:09:13] <marshall> a positive reply - a list of RLOCs
[00:09:23] <marshall> a negative reply- has several flavors
[00:09:35] <marshall> there are two ways of looking at this
[00:09:44] <marshall> neither is wrong
[00:10:01] <marshall> they produce different conclusions, however
[00:10:09] <marshall> at the center
[00:10:24] <marshall> should the map request sent by the ITR have one IP header or two
[00:10:28] <marshall> one view
[00:10:40] <marshall> the mapping system is a relay agent
[00:10:52] <marshall> its job is to relay the message
[00:10:58] <marshall> the map request is secondary
[00:11:02] <marshall> that's one way
[00:11:06] <marshall> the other is
[00:11:50] <marshall> the mapping system is responsible for finding the answer
[00:12:08] <marshall> a valid mapping system could do this in many ways - it could cache it
[00:12:10] kazuya joins the room
[00:12:17] <marshall> there are differences depending on which you do
[00:12:30] <marshall> if it is a relay system, content can be encrypted
[00:12:57] <marshall> it needs a header with a EID in it to use as a relay key
[00:13:42] <marshall> another difference - is the map resolver / server a convenience, or an insulation layer designed to hide detals from the ITR
[00:14:06] mawatari joins the room
[00:14:06] <marshall> as currently defined, the debate was about the format
[00:14:11] <marshall> of the map request message
[00:14:20] <marshall> as currently definted
[00:14:31] <marshall> there are 2 successive IP headers
[00:15:03] <marshall> in the alternative viewpoint, the MAP Request could be put in the "outer header"
[00:15:12] <marshall> where does this matter
[00:15:22] <marshall> ?
[00:15:50] <marshall> one issue is how to handle the case where you need to couple the functionality - an ITR that can directly send requests
[00:15:57] abaire joins the room
[00:16:01] <marshall> an ETR that sends BGP information
[00:16:10] <marshall> two ways to described
[00:16:20] <marshall> this edge box can do function X
[00:16:48] <marshall> or you can talk about logical components, like the resolver as conceptual entities
[00:17:14] <marshall> an ITR which can directly send messages to the ALT routers
[00:17:29] <marshall> this is conceptually an ITR plus a map responder
[00:17:47] <marshall> Joel finds this type of decomposition to be very helpful
[00:18:08] <marshall> Address families - another issue
[00:18:12] <marshall> ho to handle
[00:18:39] <marshall> we have to handle v4 and v6
[00:18:45] <marshall> most of this works just find
[00:18:55] <marshall> EIDs can be in either address family
[00:18:56] <marshall> etc
[00:19:05] CHENGANG joins the room
[00:19:11] <marshall> some combinations are a little harder to deal with
[00:19:22] <marshall> a EID from one address family
[00:19:39] <marshall> the ITR is from the other
[00:19:54] <marshall> lots of additional questions
[00:20:14] <marshall> what do we need to authenticae ?
[00:20:17] <marshall> and how?
[00:20:35] <marshall> the model chosen affects this
[00:20:44] <marshall> maybe only the end guys needs this
[00:21:18] <marshall> Is there part of teh mapping structure that should be hidden from the end ?
[00:21:18] shamus joins the room
[00:21:34] <marshall> if the ALT is a routing system
[00:22:09] <marshall> you do not talk about hiding the routing header
[00:22:25] rhe joins the room
[00:22:37] <marshall> if you view it as a question answering system, the header should be hidden
[00:23:18] <marshall> Chair : this is supposed to spark discussion and not be a conrete proposal
[00:23:58] <marshall> Joel : I find that it is better to view the mapping system as a question answering system
[00:24:11] <marshall> so I am uncomfortable with the double header
[00:24:11] Wes George leaves the room
[00:24:11] shamus leaves the room
[00:24:11] eburger leaves the room
[00:24:11] ljakab leaves the room
[00:24:11] CHENGANG leaves the room
[00:24:11] jlcJohn leaves the room
[00:24:11] mawatari leaves the room
[00:24:11] becarpenter leaves the room
[00:24:11] Fuad Abinader leaves the room
[00:24:11] tachibana@jabber.org leaves the room
[00:24:50] <marshall> Vince Fuller : You are referrring to the interface that the mapping system sees
[00:24:58] <marshall> Joel : Absolutely
[00:25:08] <marshall> there are lots of other pieces
[00:26:18] <marshall> Sam Hartman : One issue - the particular format of the relay header ends up being an IP packet, that increases the complexity
[00:26:37] <marshall> and you can get IP headers that are not intended for yourself
[00:27:00] <marshall> there are exceptions but this tends to be problematic
[00:27:56] <marshall> Dino : When the ETR receives an encapsulated addressed the source and destination address can
[00:28:14] <marshall> be routed and that packet has a port that says it goes to the control plane, so it
[00:28:19] takas joins the room
[00:28:34] <marshall> goes to the control plane and it deencapsulates it
[00:28:44] <marshall> I beleive that this is not an issue
[00:29:24] <marshall> This is all done at the control plane
[00:29:51] <marshall> Sam : That is true if the implementation has its IP stack tightly coupled with the LISP stack
[00:30:30] <marshall> Dino : In a standard UNIX ssytem any packets addressed to the right port will go to LISP system
[00:31:00] <marshall> Sam : You have to put the IP stack in LISP and the kernel
[00:31:29] <marshall> Roque Gagliano : do you mean to talk about authentication or authorization
[00:31:52] <marshall> Joel : The reason I was vague is that there are interesting questions under there
[00:32:02] <marshall> there is binding information carried in a request
[00:32:41] <marshall> one may want to look at what is being is asserted with what confidence -
[00:32:55] <marshall> I don't know how we are going to do this
[00:33:26] <marshall> Dino : I think I understand what you are saying - since the map request is being sent somewhere to get an answer it actually contains some mapping information
[00:33:27] benno joins the room
[00:33:31] <marshall> that is optional
[00:33:37] <marshall> the PTR never supplies it
[00:34:01] <marshall> you may trust the source, or ignore it, or send a verifying map request back
[00:34:21] <marshall> Joel ; that's just one example of where the architecture affects the pieces
[00:34:31] <marshall> Chair : I am looking for ways to resolve thias
[00:34:40] ewburger joins the room
[00:35:54] roque@hiroshima joins the room
[00:36:04] <marshall> Dino : Maybe ALT only routers that do not speak lisp could be pulled out of the mapping structure
[00:36:31] <marshall> do they need to implment LISP, or just look at the destination address in the IP headder
[00:36:43] <marshall> we wanted to give vendors the flexbility
[00:37:03] <marshall> Sam : What do you mean by upstram ? ALT or ITR ?
[00:37:15] shikob leaves the room
[00:37:31] <marshall> Dino : The path from the map resolver to the map server registered
[00:37:42] <marshall> Joel : to return to architecture
[00:38:12] <marshall> at least in my head, there could be replacements by the ALT where the system looks at the content
[00:38:48] <marshall> the ability to replace pieces is highly valuable
[00:39:56] <marshall> Regi : As a destination address, since we speak of point of view, it could be seen as an optimatization for the ALT
[00:40:07] <marshall> we have to use tunneling or encapsulation
[00:40:38] <marshall> my point of view is that we leave all of the flexibility possible for the core mapping function
[00:41:13] <marshall> Sam : Dino and Joel are saying that if you do it exactly the opposite ways there is more flexible in the core
[00:41:22] <marshall> Joel : What kind of flexibility
[00:41:36] <marshall> Regi : Do you want a relay system in the core
[00:41:46] shikob joins the room
[00:41:53] <marshall> [Chair means NOT Sam]
[00:41:57] inami.masaaki joins the room
[00:42:07] <marshall> Chair : We have to have concrete proposals to evaluate
[00:42:23] <marshall> Sam : Joel had an original propsal
[00:42:31] <marshall> Dino sent a long list of questions
[00:42:41] <marshall> I sat down to write them
[00:42:53] <marshall> I realized it was more
[00:43:08] <marshall> complicated as I had to write extensions to various messages
[00:43:25] ljakab joins the room
[00:43:34] <marshall> Chair : A way forward might be to continue the development of that draft
[00:43:58] shamus joins the room
[00:44:06] <marshall> Dino :We want the mapping system to be as easy as possible. In the ITR we have enough CPU cycles to put extra headers on./
[00:44:20] <marshall> I would rather do that and keep the map resolver simple
[00:44:22] <marshall> Next
[00:44:25] HannuF joins the room
[00:44:45] mawatari joins the room
[00:44:55] Wes George joins the room
[00:45:32] <marshall> Sam Hartman :: LISP security
[00:45:46] <marshall> there are a couple of different efforts underway
[00:46:06] <marshall> I wanted to do my work in an open forum
[00:46:16] <marshall> Luigi is working on another system
[00:46:17] Fuad Abinader joins the room
[00:46:27] <marshall> Luigi - we started this on request of the chairs
[00:46:37] <marshall> Sam : Abslutely, and we appreciate that
[00:47:06] <marshall> we are not the first people to thin of the security of mapping systems
[00:47:17] <marshall> BCP 72 and 84
[00:47:45] <marshall> RFC 4218 4225 =4219 draft-bagnulo-lisp-threat-01
[00:48:03] <marshall> The mobility people and the SHIM6 people have all thought a lot about security
[00:48:15] <marshall> also the HIP folks
[00:48:46] arifumi joins the room
[00:48:49] <marshall> there are basic documents for overall internet security
[00:49:18] <marshall> goals : In order to be successful you need an idea of the goals you would like to acheive
[00:49:36] <marshall> goal : LISP should not make Internet security worse
[00:49:42] <marshall> either in LISP or in general
[00:50:18] <marshall> LISP should not block IETF-wide security goals, such as encryption
[00:50:31] <marshall> what does it mean to make the security of the Internet worse
[00:50:44] <marshall> Dave Meyer : Are there more goals ?
[00:51:05] <marshall> I don't see deployability
[00:51:38] <marshall> Sam : We want LISP to be secure, deployable and to solve the routing table issues
[00:51:45] <marshall> we re in violent agreement
[00:52:10] Scott.Brim joins the room
[00:52:28] <marshall> if we can't we meet these two security goals, and the other goals, we don't have a viable system.
[00:52:49] <marshall> if someone finds a security issue with list, some questions
[00:53:01] <marshall> how is this not a problem on the internet today ?
[00:53:02] Scott.Brim leaves the room
[00:53:12] <marshall> Wat are the consequences of the attack
[00:53:46] <marshall> what is the previous IETF thinking on this problem ?
[00:54:00] <marshall> Sam : Are these reasonable goals ?
[00:54:23] Wes George leaves the room: Replaced by new connection
[00:54:43] <marshall> show of hands - good showing for "reasonable set of goals" no one for "not"
[00:54:53] <marshall> security goals of teh control plane
[00:55:26] <marshall> the control plane's primary job is to maintain mapping integrity
[00:55:39] <marshall> protection against being used as a DOS tool
[00:55:50] <marshall> limit scope of replays
[00:56:17] <marshall> right now, there is a distinction between people on path, and people off path
[00:56:37] <marshall> or if i can become part of your address block
[00:56:47] <marshall> so the mapping system must prevent this \
[00:57:01] <marshall> at least to the degree the Internet does this today
[00:57:05] <marshall> there is more on the wiki
[00:57:36] <marshall> Jari :integrity could be defined in many ways
[00:58:09] <marshall> Sam : It is ultimately a question of "do you have the right answer"
[00:58:46] <marshall> people shouldn't be able to pretend to be you, or at least no too much
[00:59:21] <marshall> Roque ; You said to limit scope of replays - do you mean,say, no worse than DNSSEC
[01:00:02] <marshall> Sam : DNSSEC is not a vulnerability of the routing architecture
[01:00:37] <marshall> End to end cryptography is not the total solution
[01:00:41] abaire leaves the room
[01:00:44] anthony.baire joins the room
[01:00:55] ietfdbh joins the room
[01:01:06] <marshall> we have found that offloading this functionality is useful
[01:01:40] <marshall> it's going to take a long time to specify and deploy cyrpto
[01:01:47] <marshall> cryptography
[01:02:00] <marshall> we want to run experiments today
[01:02:34] <marshall> Dave Meyer : I was reading "we was sufficient security for our experiments"
[01:02:54] <marshall> I don't kn ow what sufficient or experiment means
[01:03:46] <marshall> Sam : there are things in place to prevent me from stealing your address today
[01:04:03] <marshall> Dave : Are we talking about things like MD5 on BGP today ?
[01:04:39] <marshall> Sam : An example, the NONCEs in the map request makes LISP more secure
[01:05:14] <marshall> Chair : What we are trying to get at here is that we don't want security in LISP so poor that no one wants to try it
[01:05:16] Scott.Brim joins the room
[01:05:37] <marshall> Sam : My hope is that we can get LISP to be as secure as the Internet is today
[01:06:07] <marshall> Joe Touch : Is there some reason you believe that the security in LISP has to be stronger than ARP ?
[01:06:32] <marshall> Sam : There are environments where the security of ARP is inappropriate
[01:06:55] <marshall> Also, I cannot spoof you on ARP if I am not on your link
[01:07:06] <marshall> Layers of Security
[01:07:23] <marshall> IRT -.> Map Resolver
[01:07:37] <marshall> Jari : On the previous slide
[01:08:15] <marshall> I want to understand why it has to be better than the Intenret
[01:08:44] <marshall> Sam : I believe that eventually that there will be end to end signatures for mapping
[01:08:54] <marshall> but that is out of scope for this WG
[01:09:28] <marshall> Many people say, all we have to do is sign it end to end, and I don't buy it
[01:09:33] becarpenter joins the room
[01:09:49] <marshall> Jari : And that has to be the case even for experiemtns
[01:09:53] <marshall> Sam : Right
[01:10:02] <marshall> Layers of Securty
[01:10:25] <marshall> ITR -> map resolver
[01:10:29] <marshall> mapping core
[01:10:34] <marshall> map server to ETR
[01:10:40] <marshall> ETR to ITR
[01:13:27] <marshall> Chair : Today in the mapping system of BGP is not signed
[01:13:37] <marshall> Sam : We have an effort today to get signed BGP
[01:13:43] <marshall> its an on going effort
[01:13:48] <marshall> for BGP
[01:14:06] <marshall> I don't think we need to move faster than that
[01:14:19] <marshall> but I hope we can't move slower than IPSEC
[01:14:35] <marshall> Wes George : If this is an overall framework
[01:14:56] <marshall> there are two options - a lightweight and a heavy option
[01:14:58] <marshall> Sam : Yes
[01:15:17] <marshall> [Marshall : Can someone put the address of the wiki here on jabber ?]
[01:15:44] <ljakab> http://tools.ietf.org/wg/lisp/trac/wiki/Security01
[01:15:49] <marshall> Margaret Wasserman : I just wanted to comment on the discussion on the mop system
[01:15:56] <marshall> [thanks - for remote attendees]
[01:17:16] <marshall> Margaret : There are things that are not the same - BGP is not like LISP, it is more bilateral, etc.
[01:17:50] <marshall> Roque : There are signed objects today. I need some guidance on the non converged efforts
[01:18:15] <marshall> Sam : A sample attack
[01:18:26] <marshall> Map reply delegation integrity
[01:18:36] <marshall> potential attack
[01:18:54] <marshall> The ITR sends a map request
[01:19:05] <marshall> the ETR responds directly to the ITR
[01:19:36] <marshall> the ETR lies about how large its prefix is. Suppose it claims 0::0/0
[01:19:51] <marshall> instread of the /24 it has
[01:20:05] <marshall> or a /22 or a /16
[01:20:13] <marshall> how do you verify this ?
[01:20:45] <marshall> the NONCE means that the right ETR is responding but you don't know if you can trust it
[01:21:00] <marshall> Why is this worse than what we have today ?
[01:21:35] <marshall> An attacker could potentially become on path for any victim
[01:21:41] <marshall> there are means to prevent this today
[01:22:07] inami.masaaki leaves the room
[01:22:08] <marshall> consequences also include hijacking a long chunk of address space
[01:22:09] Fuad Abinader leaves the room
[01:22:28] <marshall> I propose we take this on as a high priority requirement to fix
[01:23:12] benno leaves the room
[01:23:37] <marshall> Dino : There is a potential solution
[01:23:50] benno joins the room
[01:24:18] <marshall> Sam : This is an attack where I have an authentication key
[01:24:33] <marshall> Dave Meyer : BGP doesn't have this today
[01:26:43] <marshall> Joel : The conceptual idea of keeping ETRs from overclaiming I think that everyone agrees on
[01:26:49] <marshall> the wording is distracting
[01:27:04] <marshall> Chair : we will bring this up on the list
[01:28:48] <marshall> Jari : LISP introduces a lot of new players into the system, and some of them should be not trusted
[01:29:09] <marshall> Sam : there is more on the wiki and in
[01:29:20] <marshall> draft-saucez-lisp -security
[01:29:34] <marshall> Luigi : I was a little behind with the work
[01:29:52] <marshall> Chair : we will determine if separate drafts are neede
[01:30:40] <marshall> Next : Dave Meyer :
[01:30:50] <marshall> LISP Internet Groper
[01:31:20] benno leaves the room
[01:32:03] <marshall> when the map resolver map serve came along we realized that we could use it sort of like dig
[01:32:18] <marshall> WE can answer a bunch of questions
[01:32:21] benno joins the room
[01:32:24] <marshall> - is the mapping system working
[01:32:35] <marshall> is the site rfistered
[01:32:38] <marshall> etc
[01:33:03] <marshall> LIG fetches a database mapping entry and displays it
[01:33:31] <marshall> both router and host LIG is available
[01:34:50] <marshall> then we thought, can you see if you are in the mapping system
[01:35:08] <marshall> it supports cross-address families
[01:35:15] Fuad Abinader joins the room
[01:36:01] <marshall> if you also find out if something is not a lisp site
[01:36:21] <marshall> the map server returns a negative cache entry
[01:36:44] <marshall> implementations
[01:37:03] <marshall> Dino did on the titanium
[01:37:11] <marshall> there is an IOS one
[01:37:26] <marshall> there is a free BSD version from Dave
[01:37:42] <marshall> github.com/davidmeyer/lisp [http://github.com/davidmeyer/lisp]
[01:38:44] <marshall> sorry, that is wrong
[01:38:45] <marshall> http://github.com/davidmeyer/lig [http://github.com/davidmeyer/lig]
[01:38:48] <marshall> is correct
[01:39:08] jlcJohn joins the room
[01:39:37] <marshall> Dave Meyer - I would like to make this a working group document
[01:40:35] <marshall> Margaret : While it is not in the charter, I have no problem publishing it
[01:41:45] Scott.Brim leaves the room
[01:42:08] <marshall> Jari : I have no problem either
[01:42:18] <marshall> Chair : OK, we will send this to the list
[01:42:21] <marshall> Jari
[01:42:28] Scott.Brim joins the room
[01:42:28] <ljakab> you can do 'git clone git://github.com/davidmeyer/lig.git' to get the code
[01:44:16] <marshall> We are going to get some new people as the chairs and as the editors
[01:44:36] <marshall> I have some good ideas of who these should be
[01:44:47] <marshall> but if you have ideas, please send them
[01:49:24] <marshall> sorry, I got pinged
[01:50:02] <marshall> Dave Meyer : This is kind of a radical move that you taking here. Is a lot getting down or is it all broken ?
[01:50:13] shikob leaves the room
[01:50:47] <marshall> Jari ; I think that the WG at large is working well
[01:51:20] <marshall> but ,my perception is that the relationships at the personal level was such that they couldn't work well together
[01:51:29] default999 joins the room
[01:51:32] <marshall> that was my assessment
[01:51:46] <marshall> I realize that this is a drastic action
[01:52:07] shikob joins the room
[01:53:54] Scott.Brim leaves the room
[01:54:04] kazuya leaves the room
[01:54:04] gigix73 leaves the room
[01:54:09] shikob leaves the room
[01:54:36] HannuF leaves the room: Computer went to sleep
[01:55:00] takas leaves the room
[01:55:10] default999 leaves the room
[01:55:35] marshall leaves the room
[01:55:38] shamus leaves the room
[01:56:04] rhe leaves the room
[01:56:15] hide.zebra leaves the room
[01:58:04] arifumi leaves the room
[01:58:55] benno leaves the room
[02:03:37] anthony.baire leaves the room
[02:03:38] ljakab leaves the room
[02:05:37] mawatari leaves the room
[02:08:31] mawatari joins the room
[02:11:24] becarpenter leaves the room
[02:16:27] roque@hiroshima leaves the room
[02:17:48] Fuad Abinader leaves the room
[02:19:10] arifumi joins the room
[02:19:14] arifumi leaves the room
[02:21:20] mawatari leaves the room
[02:23:10] ietfdbh leaves the room
[02:31:43] ietfdbh joins the room
[02:33:19] Scott.Brim joins the room
[02:39:10] ietfdbh leaves the room
[02:47:03] ewburger leaves the room
[02:47:17] jlcJohn leaves the room
[03:16:05] roque@hiroshima joins the room
[03:16:06] roque@hiroshima leaves the room
[03:16:11] roque@hiroshima joins the room
[03:17:49] roque@hiroshima leaves the room
[03:19:14] anthony.baire joins the room
[03:22:18] Scott.Brim leaves the room
[04:19:38] anthony.baire leaves the room
[04:39:35] Fuad Abinader joins the room
[06:00:47] Fuad Abinader leaves the room
[22:02:47] humbertogaliza joins the room
[22:03:47] humbertogaliza leaves the room
[23:43:54] gigix73 joins the room
[23:44:07] gigix73 leaves the room
[23:44:09] gigix73 joins the room