| draft-ietf-lisp-sec-19.txt | draft-ietf-lisp-sec-20.txt | |||
|---|---|---|---|---|
| Network Working Group F. Maino | Network Working Group F. Maino | |||
| Internet-Draft Cisco Systems | Internet-Draft Cisco Systems | |||
| Intended status: Standards Track V. Ermagan | Intended status: Standards Track V. Ermagan | |||
| Expires: January 24, 2020 Google | Expires: July 16, 2020 Google | |||
| A. Cabellos | A. Cabellos | |||
| Universitat Politecnica de Catalunya | Universitat Politecnica de Catalunya | |||
| D. Saucez | D. Saucez | |||
| INRIA | INRIA | |||
| July 23, 2019 | January 13, 2020 | |||
| LISP-Security (LISP-SEC) | LISP-Security (LISP-SEC) | |||
| draft-ietf-lisp-sec-19 | draft-ietf-lisp-sec-20 | |||
| Abstract | Abstract | |||
| This memo specifies LISP-SEC, a set of security mechanisms that | This memo specifies LISP-SEC, a set of security mechanisms that | |||
| provides origin authentication, integrity and anti-replay protection | provides origin authentication, integrity and anti-replay protection | |||
| to LISP's EID-to-RLOC mapping data conveyed via mapping lookup | to LISP's EID-to-RLOC mapping data conveyed via mapping lookup | |||
| process. LISP-SEC also enables verification of authorization on EID- | process. LISP-SEC also enables verification of authorization on EID- | |||
| prefix claims in Map-Reply messages. | prefix claims in Map-Reply messages. | |||
| Requirements Language | Requirements Language | |||
| skipping to change at page 1, line 40 ¶ | skipping to change at page 1, line 40 ¶ | |||
| here. | here. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 24, 2020. | This Internet-Draft will expire on July 16, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| skipping to change at page 25, line 37 ¶ | skipping to change at page 25, line 37 ¶ | |||
| Noll for their valuable suggestions provided during the preparation | Noll for their valuable suggestions provided during the preparation | |||
| of this document. | of this document. | |||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [I-D.ietf-lisp-rfc6833bis] | [I-D.ietf-lisp-rfc6833bis] | |||
| Farinacci, D., Maino, F., Fuller, V., and A. Cabellos- | Farinacci, D., Maino, F., Fuller, V., and A. Cabellos- | |||
| Aparicio, "Locator/ID Separation Protocol (LISP) Control- | Aparicio, "Locator/ID Separation Protocol (LISP) Control- | |||
| Plane", draft-ietf-lisp-rfc6833bis-25 (work in progress), | Plane", draft-ietf-lisp-rfc6833bis-27 (work in progress), | |||
| June 2019. | January 2020. | |||
| [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- | [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- | |||
| Hashing for Message Authentication", RFC 2104, | Hashing for Message Authentication", RFC 2104, | |||
| DOI 10.17487/RFC2104, February 1997, <https://www.rfc- | DOI 10.17487/RFC2104, February 1997, | |||
| editor.org/info/rfc2104>. | <https://www.rfc-editor.org/info/rfc2104>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | DOI 10.17487/RFC2119, March 1997, | |||
| editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC3394] Schaad, J. and R. Housley, "Advanced Encryption Standard | [RFC3394] Schaad, J. and R. Housley, "Advanced Encryption Standard | |||
| (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394, | (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394, | |||
| September 2002, <https://www.rfc-editor.org/info/rfc3394>. | September 2002, <https://www.rfc-editor.org/info/rfc3394>. | |||
| [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, | [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, | |||
| "Randomness Requirements for Security", BCP 106, RFC 4086, | "Randomness Requirements for Security", BCP 106, RFC 4086, | |||
| DOI 10.17487/RFC4086, June 2005, <https://www.rfc- | DOI 10.17487/RFC4086, June 2005, | |||
| editor.org/info/rfc4086>. | <https://www.rfc-editor.org/info/rfc4086>. | |||
| [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- | [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- | |||
| 384, and HMAC-SHA-512 with IPsec", RFC 4868, | 384, and HMAC-SHA-512 with IPsec", RFC 4868, | |||
| DOI 10.17487/RFC4868, May 2007, <https://www.rfc- | DOI 10.17487/RFC4868, May 2007, | |||
| editor.org/info/rfc4868>. | <https://www.rfc-editor.org/info/rfc4868>. | |||
| [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | |||
| IANA Considerations Section in RFCs", RFC 5226, | IANA Considerations Section in RFCs", RFC 5226, | |||
| DOI 10.17487/RFC5226, May 2008, <https://www.rfc- | DOI 10.17487/RFC5226, May 2008, | |||
| editor.org/info/rfc5226>. | <https://www.rfc-editor.org/info/rfc5226>. | |||
| [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand | [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand | |||
| Key Derivation Function (HKDF)", RFC 5869, | Key Derivation Function (HKDF)", RFC 5869, | |||
| DOI 10.17487/RFC5869, May 2010, <https://www.rfc- | DOI 10.17487/RFC5869, May 2010, | |||
| editor.org/info/rfc5869>. | <https://www.rfc-editor.org/info/rfc5869>. | |||
| [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer | [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer | |||
| Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, | Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, | |||
| January 2012, <https://www.rfc-editor.org/info/rfc6347>. | January 2012, <https://www.rfc-editor.org/info/rfc6347>. | |||
| [RFC6836] Fuller, V., Farinacci, D., Meyer, D., and D. Lewis, | [RFC6836] Fuller, V., Farinacci, D., Meyer, D., and D. Lewis, | |||
| "Locator/ID Separation Protocol Alternative Logical | "Locator/ID Separation Protocol Alternative Logical | |||
| Topology (LISP+ALT)", RFC 6836, DOI 10.17487/RFC6836, | Topology (LISP+ALT)", RFC 6836, DOI 10.17487/RFC6836, | |||
| January 2013, <https://www.rfc-editor.org/info/rfc6836>. | January 2013, <https://www.rfc-editor.org/info/rfc6836>. | |||
| [RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID | [RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID | |||
| Separation Protocol (LISP) Threat Analysis", RFC 7835, | Separation Protocol (LISP) Threat Analysis", RFC 7835, | |||
| DOI 10.17487/RFC7835, April 2016, <https://www.rfc- | DOI 10.17487/RFC7835, April 2016, | |||
| editor.org/info/rfc7835>. | <https://www.rfc-editor.org/info/rfc7835>. | |||
| [RFC8060] Farinacci, D., Meyer, D., and J. Snijders, "LISP Canonical | [RFC8060] Farinacci, D., Meyer, D., and J. Snijders, "LISP Canonical | |||
| Address Format (LCAF)", RFC 8060, DOI 10.17487/RFC8060, | Address Format (LCAF)", RFC 8060, DOI 10.17487/RFC8060, | |||
| February 2017, <https://www.rfc-editor.org/info/rfc8060>. | February 2017, <https://www.rfc-editor.org/info/rfc8060>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [I-D.ietf-lisp-rfc6830bis] | [I-D.ietf-lisp-rfc6830bis] | |||
| Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. | Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. | |||
| Cabellos-Aparicio, "The Locator/ID Separation Protocol | Cabellos-Aparicio, "The Locator/ID Separation Protocol | |||
| (LISP)", draft-ietf-lisp-rfc6830bis-27 (work in progress), | (LISP)", draft-ietf-lisp-rfc6830bis-30 (work in progress), | |||
| June 2019. | January 2020. | |||
| Authors' Addresses | Authors' Addresses | |||
| Fabio Maino | Fabio Maino | |||
| Cisco Systems | Cisco Systems | |||
| 170 Tasman Drive | 170 Tasman Drive | |||
| San Jose, California 95134 | San Jose, California 95134 | |||
| USA | USA | |||
| Email: fmaino@cisco.com | Email: fmaino@cisco.com | |||
| End of changes. 16 change blocks. | ||||
| 25 lines changed or deleted | 25 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||