--- 1/draft-ietf-lisp-sec-16.txt 2018-11-29 17:13:13.858310738 -0800 +++ 2/draft-ietf-lisp-sec-17.txt 2018-11-29 17:13:13.906311904 -0800 @@ -1,22 +1,22 @@ Network Working Group F. Maino Internet-Draft V. Ermagan Intended status: Standards Track Cisco Systems -Expires: April 21, 2019 A. Cabellos +Expires: June 2, 2019 A. Cabellos Universitat Politecnica de Catalunya D. Saucez INRIA - October 18, 2018 + November 29, 2018 LISP-Security (LISP-SEC) - draft-ietf-lisp-sec-16 + draft-ietf-lisp-sec-17 Abstract This memo specifies LISP-SEC, a set of security mechanisms that provides origin authentication, integrity and anti-replay protection to LISP's EID-to-RLOC mapping data conveyed via mapping lookup process. LISP-SEC also enables verification of authorization on EID- prefix claims in Map-Reply messages. Requirements Language @@ -33,21 +33,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on April 21, 2019. + This Internet-Draft will expire on June 2, 2019. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -75,32 +75,32 @@ 5.7. Map-Server Processing . . . . . . . . . . . . . . . . . . 15 5.7.1. Map-Server Processing in Proxy mode . . . . . . . . . 16 5.8. ETR Processing . . . . . . . . . . . . . . . . . . . . . 16 6. Security Considerations . . . . . . . . . . . . . . . . . . . 17 6.1. Mapping System Security . . . . . . . . . . . . . . . . . 17 6.2. Random Number Generation . . . . . . . . . . . . . . . . 17 6.3. Map-Server and ETR Colocation . . . . . . . . . . . . . . 17 6.4. Deploying LISP-SEC . . . . . . . . . . . . . . . . . . . 18 6.5. Shared Keys Provisioning . . . . . . . . . . . . . . . . 18 6.6. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 18 - 6.7. Denial of Service and Distributed Denial of Service + 6.7. Message Privacy . . . . . . . . . . . . . . . . . . . . . 19 + 6.8. Denial of Service and Distributed Denial of Service Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 19 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 7.1. ECM AD Type Registry . . . . . . . . . . . . . . . . . . 19 7.2. Map-Reply AD Type Registry . . . . . . . . . . . . . . . 19 7.3. HMAC Functions . . . . . . . . . . . . . . . . . . . . . 20 7.4. Key Wrap Functions . . . . . . . . . . . . . . . . . . . 20 7.5. Key Derivation Functions . . . . . . . . . . . . . . . . 21 - 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 21 9. Normative References . . . . . . . . . . . . . . . . . . . . 21 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23 1. Introduction The Locator/ID Separation Protocol [I-D.ietf-lisp-rfc6830bis],[I-D.ietf-lisp-rfc6833bis] is a network- layer-based protocol that enables separation of IP addresses into two new numbering spaces: Endpoint Identifiers (EIDs) and Routing Locators (RLOCs). EID-to-RLOC mappings are stored in a database, the LISP Mapping System, and made available via the Map-Request/Map-Reply lookup process. If these EID-to-RLOC mappings, carried through Map- @@ -827,21 +827,27 @@ replay it, however once the ITR receives the original Map-Reply the pair stored at the ITR will be discarded. If a replayed Map-Reply arrives at the ITR, there is no that matches the incoming Map-Reply and will be discarded. In case of replayed Map-Request, the Map-Server, Map-Resolver and ETR will have to do a LISP-SEC computation. This is equivalent to a valid LISP-SEC computation and an attacker does not obtain any benefit. -6.7. Denial of Service and Distributed Denial of Service Attacks +6.7. Message Privacy + + DTLS [RFC6347] SHOULD be used to provide communication privacy and to + prevent eavesdropping, tampering, or message forgery to the messages + exchanged between the ITR, Map-Resolver, Map-Server, and ETR. + +6.8. Denial of Service and Distributed Denial of Service Attacks LISP-SEC mitigates the risks of Denial of Service and Distributed Denial of Service attacks by protecting the integrity and authenticating the origin of the Map-Request/Map-Reply messages, and by preventing malicious ETRs from overclaiming EID prefixes that could re-direct traffic directed to a potentially large number of hosts. 7. IANA Considerations @@ -944,27 +950,27 @@ The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt Noll for their valuable suggestions provided during the preparation of this document. 9. Normative References [I-D.ietf-lisp-rfc6830bis] Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. Cabellos-Aparicio, "The Locator/ID Separation Protocol - (LISP)", draft-ietf-lisp-rfc6830bis-24 (work in progress), - October 2018. + (LISP)", draft-ietf-lisp-rfc6830bis-26 (work in progress), + November 2018. [I-D.ietf-lisp-rfc6833bis] Fuller, V., Farinacci, D., and A. Cabellos-Aparicio, "Locator/ID Separation Protocol (LISP) Control-Plane", - draft-ietf-lisp-rfc6833bis-18 (work in progress), October + draft-ietf-lisp-rfc6833bis-22 (work in progress), November 2018. [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- Hashing for Message Authentication", RFC 2104, DOI 10.17487/RFC2104, February 1997, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, DOI 10.17487/RFC6234, May 2011, . + [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer + Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, + January 2012, . + [RFC6836] Fuller, V., Farinacci, D., Meyer, D., and D. Lewis, "Locator/ID Separation Protocol Alternative Logical Topology (LISP+ALT)", RFC 6836, DOI 10.17487/RFC6836, January 2013, . [RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID Separation Protocol (LISP) Threat Analysis", RFC 7835, DOI 10.17487/RFC7835, April 2016, .