draft-ietf-lisp-sec-18.txt		draft-ietf-lisp-sec-19.txt
	Network Working Group F. Maino		Network Working Group F. Maino
	Internet-Draft Cisco Systems		Internet-Draft Cisco Systems
	Intended status: Standards Track V. Ermagan		Intended status: Standards Track V. Ermagan
	Expires: December 4, 2019 Google		Expires: January 24, 2020 Google
	A. Cabellos		A. Cabellos
	Universitat Politecnica de Catalunya		Universitat Politecnica de Catalunya
	D. Saucez		D. Saucez
	INRIA		INRIA
	June 2, 2019		July 23, 2019
	LISP-Security (LISP-SEC)		LISP-Security (LISP-SEC)
	draft-ietf-lisp-sec-18		draft-ietf-lisp-sec-19
	Abstract		Abstract
	This memo specifies LISP-SEC, a set of security mechanisms that		This memo specifies LISP-SEC, a set of security mechanisms that
	provides origin authentication, integrity and anti-replay protection		provides origin authentication, integrity and anti-replay protection
	to LISP's EID-to-RLOC mapping data conveyed via mapping lookup		to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
	process. LISP-SEC also enables verification of authorization on EID-		process. LISP-SEC also enables verification of authorization on EID-
	prefix claims in Map-Reply messages.		prefix claims in Map-Reply messages.
	Requirements Language		Requirements Language
	skipping to change at page 1, line 47 ¶		skipping to change at page 1, line 47 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on December 4, 2019.		This Internet-Draft will expire on January 24, 2020.
	Copyright Notice		Copyright Notice
	Copyright (c) 2019 IETF Trust and the persons identified as the		Copyright (c) 2019 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 23, line 25 ¶		skipping to change at page 23, line 25 ¶
	7.1. ECM AD Type Registry		7.1. ECM AD Type Registry
	IANA is requested to create the "ECM Authentication Data Type"		IANA is requested to create the "ECM Authentication Data Type"
	registry with values 0-255, for use in the ECM LISP-SEC Extensions		registry with values 0-255, for use in the ECM LISP-SEC Extensions
	Section 5.1. The registry MUST be initially populated with the		Section 5.1. The registry MUST be initially populated with the
	following values:		following values:
	Name Value Defined In		Name Value Defined In
	-------------------------------------------------		-------------------------------------------------
	Unassigned 0 This memo		Reserved 0 This memo
	LISP-SEC-ECM-EXT 1 This memo		LISP-SEC-ECM-EXT 1 This memo
	HMAC Functions		HMAC Functions
	Values 2-255 are unassigned. They are to be assigned according to		Values 2-255 are unassigned. They are to be assigned according to
	the "Specification Required" policy defined in [RFC5226].		the "Specification Required" policy defined in [RFC5226].
	7.2. Map-Reply AD Type Registry		7.2. Map-Reply AD Type Registry
	IANA is requested to create the "Map-Reply Authentication Data Type"		IANA is requested to create the "Map-Reply Authentication Data Type"
	registry with values 0-255, for use in the Map-Reply LISP-SEC		registry with values 0-255, for use in the Map-Reply LISP-SEC
	Extensions Section 5.2. The registry MUST be initially populated		Extensions Section 5.2. The registry MUST be initially populated
	with the following values:		with the following values:
	Name Value Defined In		Name Value Defined In
	-------------------------------------------------		-------------------------------------------------
	Unassigned 0 This memo		Reserved 0 This memo
	LISP-SEC-MR-EXT 1 This memo		LISP-SEC-MR-EXT 1 This memo
	HMAC Functions		HMAC Functions
	Values 2-255 are unassigned. They are to be assigned according to		Values 2-255 are unassigned. They are to be assigned according to
	the "Specification Required" policy defined in [RFC5226].		the "Specification Required" policy defined in [RFC5226].
	7.3. HMAC Functions		7.3. HMAC Functions
	IANA is requested to create the "LISP-SEC Authentication Data HMAC		IANA is requested to create the "LISP-SEC Authentication Data HMAC
	skipping to change at page 24, line 33 ¶		skipping to change at page 24, line 33 ¶
	supported.		supported.
	7.4. Key Wrap Functions		7.4. Key Wrap Functions
	IANA is requested to create the "LISP-SEC Authentication Data Key		IANA is requested to create the "LISP-SEC Authentication Data Key
	Wrap ID" registry with values 0-65535 for use as OTK key wrap		Wrap ID" registry with values 0-65535 for use as OTK key wrap
	algorithms ID in the LISP-SEC Authentication Data:		algorithms ID in the LISP-SEC Authentication Data:
	Name Number KEY WRAP KDF		Name Number KEY WRAP KDF
	-----------------------------------------------------------------		-----------------------------------------------------------------
	Unassigned 0 None None		Reserved 0 None None
	NULL-KEY-WRAP-128 1 This memo None		NULL-KEY-WRAP-128 1 This memo None
	AES-KEY-WRAP-128+HKDF-SHA256 2 [RFC3394] [RFC4868]		AES-KEY-WRAP-128+HKDF-SHA256 2 [RFC3394] [RFC4868]
	Key Wrap Functions		Key Wrap Functions
	Values 3-65535 are unassigned. They are to be assigned according to		Values 3-65535 are unassigned. They are to be assigned according to
	the "Specification Required" policy defined in [RFC5226].		the "Specification Required" policy defined in [RFC5226].
	NULL-KEY-WRAP-128, and AES-KEY-WRAP-128+HKDF-SHA256 MUST be		NULL-KEY-WRAP-128, and AES-KEY-WRAP-128+HKDF-SHA256 MUST be
	supported.		supported.
	skipping to change at page 25, line 35 ¶		skipping to change at page 25, line 35 ¶
	The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino		The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
	Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt		Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
	Noll for their valuable suggestions provided during the preparation		Noll for their valuable suggestions provided during the preparation
	of this document.		of this document.
	9. References		9. References
	9.1. Normative References		9.1. Normative References
	[I-D.ietf-lisp-rfc6833bis]		[I-D.ietf-lisp-rfc6833bis]
	Fuller, V., Farinacci, D., and A. Cabellos-Aparicio,		Farinacci, D., Maino, F., Fuller, V., and A. Cabellos-
	"Locator/ID Separation Protocol (LISP) Control-Plane",		Aparicio, "Locator/ID Separation Protocol (LISP) Control-
	draft-ietf-lisp-rfc6833bis-24 (work in progress), February		Plane", draft-ietf-lisp-rfc6833bis-25 (work in progress),
	2019.		June 2019.
	[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-		[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
	Hashing for Message Authentication", RFC 2104,		Hashing for Message Authentication", RFC 2104,
	DOI 10.17487/RFC2104, February 1997, <https://www.rfc-		DOI 10.17487/RFC2104, February 1997, <https://www.rfc-
	editor.org/info/rfc2104>.		editor.org/info/rfc2104>.
	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate		[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
	Requirement Levels", BCP 14, RFC 2119,		Requirement Levels", BCP 14, RFC 2119,
	DOI 10.17487/RFC2119, March 1997, <https://www.rfc-		DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
	editor.org/info/rfc2119>.		editor.org/info/rfc2119>.
	skipping to change at page 27, line 10 ¶		skipping to change at page 27, line 10 ¶
	[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC		[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
	2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,		2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
	May 2017, <https://www.rfc-editor.org/info/rfc8174>.		May 2017, <https://www.rfc-editor.org/info/rfc8174>.
	9.2. Informative References		9.2. Informative References
	[I-D.ietf-lisp-rfc6830bis]		[I-D.ietf-lisp-rfc6830bis]
	Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A.		Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A.
	Cabellos-Aparicio, "The Locator/ID Separation Protocol		Cabellos-Aparicio, "The Locator/ID Separation Protocol
	(LISP)", draft-ietf-lisp-rfc6830bis-26 (work in progress),		(LISP)", draft-ietf-lisp-rfc6830bis-27 (work in progress),
	November 2018.		June 2019.
	Authors' Addresses		Authors' Addresses
	Fabio Maino		Fabio Maino
	Cisco Systems		Cisco Systems
	170 Tasman Drive		170 Tasman Drive
	San Jose, California 95134		San Jose, California 95134
	USA		USA
	Email: fmaino@cisco.com		Email: fmaino@cisco.com
End of changes. 9 change blocks.
	13 lines changed or deleted		13 lines changed or added
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/