| draft-ietf-lisp-ecdsa-auth-06.txt | draft-ietf-lisp-ecdsa-auth-07.txt | |||
|---|---|---|---|---|
| Network Working Group D. Farinacci | Network Working Group D. Farinacci | |||
| Internet-Draft lispers.net | Internet-Draft lispers.net | |||
| Intended status: Experimental E. Nordmark | Intended status: Experimental E. Nordmark | |||
| Expires: March 3, 2022 Zededa | Expires: August 25, 2022 Zededa | |||
| August 30, 2021 | February 21, 2022 | |||
| LISP Control-Plane ECDSA Authentication and Authorization | LISP Control-Plane ECDSA Authentication and Authorization | |||
| draft-ietf-lisp-ecdsa-auth-06 | draft-ietf-lisp-ecdsa-auth-07 | |||
| Abstract | Abstract | |||
| This draft describes how LISP control-plane messages can be | This draft describes how LISP control-plane messages can be | |||
| individually authenticated and authorized without a a priori shared- | individually authenticated and authorized without a a priori shared- | |||
| key configuration. Public-key cryptography is used with no new PKI | key configuration. Public-key cryptography is used with no new PKI | |||
| infrastructure required. | infrastructure required. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on March 3, 2022. | This Internet-Draft will expire on August 25, 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 2, line 26 ¶ | skipping to change at page 2, line 26 ¶ | |||
| 10. Signed Map-Notify Encoding . . . . . . . . . . . . . . . . . 10 | 10. Signed Map-Notify Encoding . . . . . . . . . . . . . . . . . 10 | |||
| 11. Other Uses . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 11. Other Uses . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 12. EID Authorization . . . . . . . . . . . . . . . . . . . . . . 11 | 12. EID Authorization . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 13. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | 13. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | |||
| 14. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | 14. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 | 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 15.1. Normative References . . . . . . . . . . . . . . . . . . 13 | 15.1. Normative References . . . . . . . . . . . . . . . . . . 13 | |||
| 15.2. Informative References . . . . . . . . . . . . . . . . . 15 | 15.2. Informative References . . . . . . . . . . . . . . . . . 15 | |||
| Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 15 | Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 15 | |||
| Appendix B. Document Change Log . . . . . . . . . . . . . . . . 16 | Appendix B. Document Change Log . . . . . . . . . . . . . . . . 16 | |||
| B.1. Changes to draft-ietf-lisp-ecdsa-auth-06 . . . . . . . . 16 | B.1. Changes to draft-ietf-lisp-ecdsa-auth-07 . . . . . . . . 16 | |||
| B.2. Changes to draft-ietf-lisp-ecdsa-auth-05 . . . . . . . . 16 | B.2. Changes to draft-ietf-lisp-ecdsa-auth-06 . . . . . . . . 16 | |||
| B.3. Changes to draft-ietf-lisp-ecdsa-auth-04 . . . . . . . . 16 | B.3. Changes to draft-ietf-lisp-ecdsa-auth-05 . . . . . . . . 16 | |||
| B.4. Changes to draft-ietf-lisp-ecdsa-auth-03 . . . . . . . . 16 | B.4. Changes to draft-ietf-lisp-ecdsa-auth-04 . . . . . . . . 16 | |||
| B.5. Changes to draft-ietf-lisp-ecdsa-auth-02 . . . . . . . . 16 | B.5. Changes to draft-ietf-lisp-ecdsa-auth-03 . . . . . . . . 16 | |||
| B.6. Changes to draft-ietf-lisp-ecdsa-auth-01 . . . . . . . . 16 | B.6. Changes to draft-ietf-lisp-ecdsa-auth-02 . . . . . . . . 16 | |||
| B.7. Changes to draft-ietf-lisp-ecdsa-auth-00 . . . . . . . . 16 | B.7. Changes to draft-ietf-lisp-ecdsa-auth-01 . . . . . . . . 16 | |||
| B.8. Changes to draft-farinacci-lisp-ecdsa-auth-03 . . . . . . 17 | B.8. Changes to draft-ietf-lisp-ecdsa-auth-00 . . . . . . . . 17 | |||
| B.9. Changes to draft-farinacci-lisp-ecdsa-auth-02 . . . . . . 17 | B.9. Changes to draft-farinacci-lisp-ecdsa-auth-03 . . . . . . 17 | |||
| B.10. Changes to draft-farinacci-lisp-ecdsa-auth-01 . . . . . . 17 | B.10. Changes to draft-farinacci-lisp-ecdsa-auth-02 . . . . . . 17 | |||
| B.11. Changes to draft-farinacci-lisp-ecdsa-auth-00 . . . . . . 17 | B.11. Changes to draft-farinacci-lisp-ecdsa-auth-01 . . . . . . 17 | |||
| B.12. Changes to draft-farinacci-lisp-ecdsa-auth-00 . . . . . . 17 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 1. Introduction | 1. Introduction | |||
| The LISP architecture and protocols [RFC6830] introduces two new | The LISP architecture and protocols [RFC6830] introduces two new | |||
| numbering spaces, Endpoint Identifiers (EIDs) and Routing Locators | numbering spaces, Endpoint Identifiers (EIDs) and Routing Locators | |||
| (RLOCs) which provide an architecture to build overlays on top of the | (RLOCs) which provide an architecture to build overlays on top of the | |||
| underlying Internet. Mapping EIDs to RLOC-sets is accomplished with | underlying Internet. Mapping EIDs to RLOC-sets is accomplished with | |||
| a Mapping Database System. EIDs and RLOCs come in many forms than | a Mapping Database System. EIDs and RLOCs come in many forms than | |||
| just IP addresses, using a general syntax that includes Address | just IP addresses, using a general syntax that includes Address | |||
| skipping to change at page 15, line 18 ¶ | skipping to change at page 15, line 18 ¶ | |||
| <https://www.rfc-editor.org/info/rfc8378>. | <https://www.rfc-editor.org/info/rfc8378>. | |||
| 15.2. Informative References | 15.2. Informative References | |||
| [AFI] "Address Family Identifier (AFIs)", ADDRESS FAMILY | [AFI] "Address Family Identifier (AFIs)", ADDRESS FAMILY | |||
| NUMBERS http://www.iana.org/assignments/address-family- | NUMBERS http://www.iana.org/assignments/address-family- | |||
| numbers/address-family-numbers.xhtml?, February 2007. | numbers/address-family-numbers.xhtml?, February 2007. | |||
| [I-D.farinacci-lisp-geo] | [I-D.farinacci-lisp-geo] | |||
| Farinacci, D., "LISP Geo-Coordinate Use-Cases", draft- | Farinacci, D., "LISP Geo-Coordinate Use-Cases", draft- | |||
| farinacci-lisp-geo-11 (work in progress), March 2021. | farinacci-lisp-geo-12 (work in progress), September 2021. | |||
| [I-D.farinacci-lisp-name-encoding] | [I-D.farinacci-lisp-name-encoding] | |||
| Farinacci, D., "LISP Distinguished Name Encoding", draft- | Farinacci, D., "LISP Distinguished Name Encoding", draft- | |||
| farinacci-lisp-name-encoding-12 (work in progress), May | farinacci-lisp-name-encoding-13 (work in progress), | |||
| 2021. | November 2021. | |||
| [I-D.ietf-lisp-pubsub] | [I-D.ietf-lisp-pubsub] | |||
| Rodriguez-Natal, A., Ermagan, V., Cabellos, A., Barkai, | Rodriguez-Natal, A., Ermagan, V., Cabellos, A., Barkai, | |||
| S., and M. Boucadair, "Publish/Subscribe Functionality for | S., and M. Boucadair, "Publish/Subscribe Functionality for | |||
| LISP", draft-ietf-lisp-pubsub-09 (work in progress), June | LISP", draft-ietf-lisp-pubsub-09 (work in progress), June | |||
| 2021. | 2021. | |||
| [I-D.ietf-lisp-rfc6833bis] | [I-D.ietf-lisp-rfc6833bis] | |||
| Farinacci, D., Maino, F., Fuller, V., and A. Cabellos, | Farinacci, D., Maino, F., Fuller, V., and A. Cabellos, | |||
| "Locator/ID Separation Protocol (LISP) Control-Plane", | "Locator/ID Separation Protocol (LISP) Control-Plane", | |||
| draft-ietf-lisp-rfc6833bis-30 (work in progress), November | draft-ietf-lisp-rfc6833bis-30 (work in progress), November | |||
| 2020. | 2020. | |||
| [I-D.ietf-lisp-sec] | [I-D.ietf-lisp-sec] | |||
| Maino, F., Ermagan, V., Cabellos, A., and D. Saucez, | Maino, F., Ermagan, V., Cabellos, A., and D. Saucez, | |||
| "LISP-Security (LISP-SEC)", draft-ietf-lisp-sec-22 (work | "LISP-Security (LISP-SEC)", draft-ietf-lisp-sec-25 (work | |||
| in progress), January 2021. | in progress), December 2021. | |||
| [X9.62] "Public Key Cryptography for the Financial Services | [X9.62] "Public Key Cryptography for the Financial Services | |||
| Industry: The Elliptic Curve Digital Signature Algorithm | Industry: The Elliptic Curve Digital Signature Algorithm | |||
| (ECDSA)", NIST ANSI X9.62-2005, November 2005. | (ECDSA)", NIST ANSI X9.62-2005, November 2005. | |||
| Appendix A. Acknowledgments | Appendix A. Acknowledgments | |||
| A special thanks goes to Sameer Merchant and Colin Cantrell for their | A special thanks goes to Sameer Merchant and Colin Cantrell for their | |||
| ideas and technical contributions to the ideas in this draft. | ideas and technical contributions to the ideas in this draft. | |||
| Appendix B. Document Change Log | Appendix B. Document Change Log | |||
| [RFC Editor: Please delete this section on publication as RFC.] | [RFC Editor: Please delete this section on publication as RFC.] | |||
| B.1. Changes to draft-ietf-lisp-ecdsa-auth-06 | B.1. Changes to draft-ietf-lisp-ecdsa-auth-07 | |||
| o Posted February 2022. | ||||
| o Update references and document timer. | ||||
| B.2. Changes to draft-ietf-lisp-ecdsa-auth-06 | ||||
| o Posted August 2021. | o Posted August 2021. | |||
| o Update references and document timer. | o Update references and document timer. | |||
| B.2. Changes to draft-ietf-lisp-ecdsa-auth-05 | B.3. Changes to draft-ietf-lisp-ecdsa-auth-05 | |||
| o Posted March 2021. | o Posted March 2021. | |||
| o Update references and document timer. | o Update references and document timer. | |||
| B.3. Changes to draft-ietf-lisp-ecdsa-auth-04 | B.4. Changes to draft-ietf-lisp-ecdsa-auth-04 | |||
| o Posted September 2020. | o Posted September 2020. | |||
| o Update references and document timer. | o Update references and document timer. | |||
| B.4. Changes to draft-ietf-lisp-ecdsa-auth-03 | B.5. Changes to draft-ietf-lisp-ecdsa-auth-03 | |||
| o Posted March 2020. | o Posted March 2020. | |||
| o Update references and document timer. | o Update references and document timer. | |||
| B.5. Changes to draft-ietf-lisp-ecdsa-auth-02 | B.6. Changes to draft-ietf-lisp-ecdsa-auth-02 | |||
| o Posted September 2019. | o Posted September 2019. | |||
| o Update references and document timer. | o Update references and document timer. | |||
| B.6. Changes to draft-ietf-lisp-ecdsa-auth-01 | B.7. Changes to draft-ietf-lisp-ecdsa-auth-01 | |||
| o Posted March IETF week 2019. | o Posted March IETF week 2019. | |||
| o Update references and document timer. | o Update references and document timer. | |||
| B.7. Changes to draft-ietf-lisp-ecdsa-auth-00 | B.8. Changes to draft-ietf-lisp-ecdsa-auth-00 | |||
| o Posted mid-September 2018. | o Posted mid-September 2018. | |||
| o Make draft-farinacci-lisp-ecdsa-auth-03 a LISP working group | o Make draft-farinacci-lisp-ecdsa-auth-03 a LISP working group | |||
| docuemnt. | docuemnt. | |||
| B.8. Changes to draft-farinacci-lisp-ecdsa-auth-03 | B.9. Changes to draft-farinacci-lisp-ecdsa-auth-03 | |||
| o Posted September 2018. | o Posted September 2018. | |||
| o Change all occurrences of signature-EID to signature-ID. | o Change all occurrences of signature-EID to signature-ID. | |||
| o Document how Map-Servers sign Map-Notify messages so they can be | o Document how Map-Servers sign Map-Notify messages so they can be | |||
| verified by xTRs. | verified by xTRs. | |||
| o Add multi-signatures to mappings so a 3rd-party can allow an | o Add multi-signatures to mappings so a 3rd-party can allow an | |||
| entity to register any type of EID. | entity to register any type of EID. | |||
| B.9. Changes to draft-farinacci-lisp-ecdsa-auth-02 | B.10. Changes to draft-farinacci-lisp-ecdsa-auth-02 | |||
| o Draft posted April 2018. | o Draft posted April 2018. | |||
| o Generalize text to allow Map-Requesting and Map-Registering for | o Generalize text to allow Map-Requesting and Map-Registering for | |||
| any EID type with a proper signature-EID and signature encoded | any EID type with a proper signature-EID and signature encoded | |||
| together. | together. | |||
| B.10. Changes to draft-farinacci-lisp-ecdsa-auth-01 | B.11. Changes to draft-farinacci-lisp-ecdsa-auth-01 | |||
| o Draft posted October 2017. | o Draft posted October 2017. | |||
| o Make it more clear what values and format the EID hash is run | o Make it more clear what values and format the EID hash is run | |||
| over. | over. | |||
| o Update references to newer RFCs and Internet Drafts. | o Update references to newer RFCs and Internet Drafts. | |||
| B.11. Changes to draft-farinacci-lisp-ecdsa-auth-00 | B.12. Changes to draft-farinacci-lisp-ecdsa-auth-00 | |||
| o Initial draft posted July 2017. | o Initial draft posted July 2017. | |||
| Authors' Addresses | Authors' Addresses | |||
| Dino Farinacci | Dino Farinacci | |||
| lispers.net | lispers.net | |||
| San Jose, CA | San Jose, CA | |||
| USA | USA | |||
| End of changes. 19 change blocks. | ||||
| 32 lines changed or deleted | 39 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||