| draft-ietf-lisp-sec-16.txt | draft-ietf-lisp-sec-17.txt | |||
|---|---|---|---|---|
| Network Working Group F. Maino | Network Working Group F. Maino | |||
| Internet-Draft V. Ermagan | Internet-Draft V. Ermagan | |||
| Intended status: Standards Track Cisco Systems | Intended status: Standards Track Cisco Systems | |||
| Expires: April 21, 2019 A. Cabellos | Expires: June 2, 2019 A. Cabellos | |||
| Universitat Politecnica de Catalunya | Universitat Politecnica de Catalunya | |||
| D. Saucez | D. Saucez | |||
| INRIA | INRIA | |||
| October 18, 2018 | November 29, 2018 | |||
| LISP-Security (LISP-SEC) | LISP-Security (LISP-SEC) | |||
| draft-ietf-lisp-sec-16 | draft-ietf-lisp-sec-17 | |||
| Abstract | Abstract | |||
| This memo specifies LISP-SEC, a set of security mechanisms that | This memo specifies LISP-SEC, a set of security mechanisms that | |||
| provides origin authentication, integrity and anti-replay protection | provides origin authentication, integrity and anti-replay protection | |||
| to LISP's EID-to-RLOC mapping data conveyed via mapping lookup | to LISP's EID-to-RLOC mapping data conveyed via mapping lookup | |||
| process. LISP-SEC also enables verification of authorization on EID- | process. LISP-SEC also enables verification of authorization on EID- | |||
| prefix claims in Map-Reply messages. | prefix claims in Map-Reply messages. | |||
| Requirements Language | Requirements Language | |||
| skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 21, 2019. | This Internet-Draft will expire on June 2, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 45 ¶ | skipping to change at page 2, line 45 ¶ | |||
| 5.7. Map-Server Processing . . . . . . . . . . . . . . . . . . 15 | 5.7. Map-Server Processing . . . . . . . . . . . . . . . . . . 15 | |||
| 5.7.1. Map-Server Processing in Proxy mode . . . . . . . . . 16 | 5.7.1. Map-Server Processing in Proxy mode . . . . . . . . . 16 | |||
| 5.8. ETR Processing . . . . . . . . . . . . . . . . . . . . . 16 | 5.8. ETR Processing . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 17 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 17 | |||
| 6.1. Mapping System Security . . . . . . . . . . . . . . . . . 17 | 6.1. Mapping System Security . . . . . . . . . . . . . . . . . 17 | |||
| 6.2. Random Number Generation . . . . . . . . . . . . . . . . 17 | 6.2. Random Number Generation . . . . . . . . . . . . . . . . 17 | |||
| 6.3. Map-Server and ETR Colocation . . . . . . . . . . . . . . 17 | 6.3. Map-Server and ETR Colocation . . . . . . . . . . . . . . 17 | |||
| 6.4. Deploying LISP-SEC . . . . . . . . . . . . . . . . . . . 18 | 6.4. Deploying LISP-SEC . . . . . . . . . . . . . . . . . . . 18 | |||
| 6.5. Shared Keys Provisioning . . . . . . . . . . . . . . . . 18 | 6.5. Shared Keys Provisioning . . . . . . . . . . . . . . . . 18 | |||
| 6.6. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 18 | 6.6. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 6.7. Denial of Service and Distributed Denial of Service | 6.7. Message Privacy . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 6.8. Denial of Service and Distributed Denial of Service | ||||
| Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 19 | Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 7.1. ECM AD Type Registry . . . . . . . . . . . . . . . . . . 19 | 7.1. ECM AD Type Registry . . . . . . . . . . . . . . . . . . 19 | |||
| 7.2. Map-Reply AD Type Registry . . . . . . . . . . . . . . . 19 | 7.2. Map-Reply AD Type Registry . . . . . . . . . . . . . . . 19 | |||
| 7.3. HMAC Functions . . . . . . . . . . . . . . . . . . . . . 20 | 7.3. HMAC Functions . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 7.4. Key Wrap Functions . . . . . . . . . . . . . . . . . . . 20 | 7.4. Key Wrap Functions . . . . . . . . . . . . . . . . . . . 20 | |||
| 7.5. Key Derivation Functions . . . . . . . . . . . . . . . . 21 | 7.5. Key Derivation Functions . . . . . . . . . . . . . . . . 21 | |||
| 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 21 | 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 21 | |||
| 9. Normative References . . . . . . . . . . . . . . . . . . . . 21 | 9. Normative References . . . . . . . . . . . . . . . . . . . . 21 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 1. Introduction | 1. Introduction | |||
| The Locator/ID Separation Protocol | The Locator/ID Separation Protocol | |||
| [I-D.ietf-lisp-rfc6830bis],[I-D.ietf-lisp-rfc6833bis] is a network- | [I-D.ietf-lisp-rfc6830bis],[I-D.ietf-lisp-rfc6833bis] is a network- | |||
| layer-based protocol that enables separation of IP addresses into two | layer-based protocol that enables separation of IP addresses into two | |||
| new numbering spaces: Endpoint Identifiers (EIDs) and Routing | new numbering spaces: Endpoint Identifiers (EIDs) and Routing | |||
| Locators (RLOCs). EID-to-RLOC mappings are stored in a database, the | Locators (RLOCs). EID-to-RLOC mappings are stored in a database, the | |||
| LISP Mapping System, and made available via the Map-Request/Map-Reply | LISP Mapping System, and made available via the Map-Request/Map-Reply | |||
| lookup process. If these EID-to-RLOC mappings, carried through Map- | lookup process. If these EID-to-RLOC mappings, carried through Map- | |||
| skipping to change at page 19, line 10 ¶ | skipping to change at page 19, line 10 ¶ | |||
| replay it, however once the ITR receives the original Map-Reply the | replay it, however once the ITR receives the original Map-Reply the | |||
| <nonce,ITR-OTK> pair stored at the ITR will be discarded. If a | <nonce,ITR-OTK> pair stored at the ITR will be discarded. If a | |||
| replayed Map-Reply arrives at the ITR, there is no <nonce,ITR-OTK> | replayed Map-Reply arrives at the ITR, there is no <nonce,ITR-OTK> | |||
| that matches the incoming Map-Reply and will be discarded. | that matches the incoming Map-Reply and will be discarded. | |||
| In case of replayed Map-Request, the Map-Server, Map-Resolver and ETR | In case of replayed Map-Request, the Map-Server, Map-Resolver and ETR | |||
| will have to do a LISP-SEC computation. This is equivalent to a | will have to do a LISP-SEC computation. This is equivalent to a | |||
| valid LISP-SEC computation and an attacker does not obtain any | valid LISP-SEC computation and an attacker does not obtain any | |||
| benefit. | benefit. | |||
| 6.7. Denial of Service and Distributed Denial of Service Attacks | 6.7. Message Privacy | |||
| DTLS [RFC6347] SHOULD be used to provide communication privacy and to | ||||
| prevent eavesdropping, tampering, or message forgery to the messages | ||||
| exchanged between the ITR, Map-Resolver, Map-Server, and ETR. | ||||
| 6.8. Denial of Service and Distributed Denial of Service Attacks | ||||
| LISP-SEC mitigates the risks of Denial of Service and Distributed | LISP-SEC mitigates the risks of Denial of Service and Distributed | |||
| Denial of Service attacks by protecting the integrity and | Denial of Service attacks by protecting the integrity and | |||
| authenticating the origin of the Map-Request/Map-Reply messages, and | authenticating the origin of the Map-Request/Map-Reply messages, and | |||
| by preventing malicious ETRs from overclaiming EID prefixes that | by preventing malicious ETRs from overclaiming EID prefixes that | |||
| could re-direct traffic directed to a potentially large number of | could re-direct traffic directed to a potentially large number of | |||
| hosts. | hosts. | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| skipping to change at page 21, line 35 ¶ | skipping to change at page 21, line 43 ¶ | |||
| The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino | The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino | |||
| Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt | Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt | |||
| Noll for their valuable suggestions provided during the preparation | Noll for their valuable suggestions provided during the preparation | |||
| of this document. | of this document. | |||
| 9. Normative References | 9. Normative References | |||
| [I-D.ietf-lisp-rfc6830bis] | [I-D.ietf-lisp-rfc6830bis] | |||
| Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. | Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. | |||
| Cabellos-Aparicio, "The Locator/ID Separation Protocol | Cabellos-Aparicio, "The Locator/ID Separation Protocol | |||
| (LISP)", draft-ietf-lisp-rfc6830bis-24 (work in progress), | (LISP)", draft-ietf-lisp-rfc6830bis-26 (work in progress), | |||
| October 2018. | November 2018. | |||
| [I-D.ietf-lisp-rfc6833bis] | [I-D.ietf-lisp-rfc6833bis] | |||
| Fuller, V., Farinacci, D., and A. Cabellos-Aparicio, | Fuller, V., Farinacci, D., and A. Cabellos-Aparicio, | |||
| "Locator/ID Separation Protocol (LISP) Control-Plane", | "Locator/ID Separation Protocol (LISP) Control-Plane", | |||
| draft-ietf-lisp-rfc6833bis-18 (work in progress), October | draft-ietf-lisp-rfc6833bis-22 (work in progress), November | |||
| 2018. | 2018. | |||
| [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- | [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- | |||
| Hashing for Message Authentication", RFC 2104, | Hashing for Message Authentication", RFC 2104, | |||
| DOI 10.17487/RFC2104, February 1997, <https://www.rfc- | DOI 10.17487/RFC2104, February 1997, <https://www.rfc- | |||
| editor.org/info/rfc2104>. | editor.org/info/rfc2104>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | |||
| skipping to change at page 22, line 34 ¶ | skipping to change at page 22, line 39 ¶ | |||
| [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand | [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand | |||
| Key Derivation Function (HKDF)", RFC 5869, | Key Derivation Function (HKDF)", RFC 5869, | |||
| DOI 10.17487/RFC5869, May 2010, <https://www.rfc- | DOI 10.17487/RFC5869, May 2010, <https://www.rfc- | |||
| editor.org/info/rfc5869>. | editor.org/info/rfc5869>. | |||
| [RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms | [RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms | |||
| (SHA and SHA-based HMAC and HKDF)", RFC 6234, | (SHA and SHA-based HMAC and HKDF)", RFC 6234, | |||
| DOI 10.17487/RFC6234, May 2011, <https://www.rfc- | DOI 10.17487/RFC6234, May 2011, <https://www.rfc- | |||
| editor.org/info/rfc6234>. | editor.org/info/rfc6234>. | |||
| [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer | ||||
| Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, | ||||
| January 2012, <https://www.rfc-editor.org/info/rfc6347>. | ||||
| [RFC6836] Fuller, V., Farinacci, D., Meyer, D., and D. Lewis, | [RFC6836] Fuller, V., Farinacci, D., Meyer, D., and D. Lewis, | |||
| "Locator/ID Separation Protocol Alternative Logical | "Locator/ID Separation Protocol Alternative Logical | |||
| Topology (LISP+ALT)", RFC 6836, DOI 10.17487/RFC6836, | Topology (LISP+ALT)", RFC 6836, DOI 10.17487/RFC6836, | |||
| January 2013, <https://www.rfc-editor.org/info/rfc6836>. | January 2013, <https://www.rfc-editor.org/info/rfc6836>. | |||
| [RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID | [RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID | |||
| Separation Protocol (LISP) Threat Analysis", RFC 7835, | Separation Protocol (LISP) Threat Analysis", RFC 7835, | |||
| DOI 10.17487/RFC7835, April 2016, <https://www.rfc- | DOI 10.17487/RFC7835, April 2016, <https://www.rfc- | |||
| editor.org/info/rfc7835>. | editor.org/info/rfc7835>. | |||
| End of changes. 11 change blocks. | ||||
| 11 lines changed or deleted | 21 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||