IETF Logo Mail Archive

Re: [babel] Minor clarification to HMAC

Markus Stenberg <markus.stenberg@iki.fi> Fri, 28 June 2019 14:17 UTC

Return-Path: <fingon@kapsi.fi>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9E0A12012B for <babel@ietfa.amsl.com>; Fri, 28 Jun 2019 07:17:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kapsi.fi
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h3mg2sxXgyQg for <babel@ietfa.amsl.com>; Fri, 28 Jun 2019 07:17:26 -0700 (PDT)
Received: from mail.kapsi.fi (mail.kapsi.fi [IPv6:2001:67c:1be8::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF91112004A for <babel@ietf.org>; Fri, 28 Jun 2019 07:17:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=To:References:Message-Id:Content-Transfer-Encoding:Cc:Date: In-Reply-To:From:Subject:Mime-Version:Content-Type:Sender:Reply-To:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe :List-Post:List-Owner:List-Archive; bh=kgp7PrgclP6eUS7TJHK47J6MK1me3vuRRKtsv6L1+co=; b=vTlx4ZIBCsEZOdXVEffmKq4+NX FQkMPzk2RE5DlZKivD7lcTofdRffwDEPeXwUHMNpEH+to52YxzUBYCETGTbtwwwTxnIViKFOVwJzU YRnW1xlmctdYJvixOuAFgZVpgyOQwDm3pXNSK/Tbe+0tHefDcksSIRyfc7FmZ3Lo36UCIl6kqqQc7 lRgkVyz+JIvzvveP9aZtlHPdM93EflKuDtkoMt63NnhHHfvL788cLmhDVV5f+3AVoSIBV9j8FB6Qu pRHbqAm7XUk2YzUP1uueGR2liKkuok1I8Np+sTOQ/CqDxBcEjtdeFf/YiUCclQxO5+Bpn1Vl24DgS 2lFNGtIA==;
Received: from 91-155-69-60.elisa-laajakaista.fi ([91.155.69.60] helo=himawari.lan) by mail.kapsi.fi with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <markus.stenberg@iki.fi>) id 1hgrgo-0001Lc-9u; Fri, 28 Jun 2019 17:17:22 +0300
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Markus Stenberg <markus.stenberg@iki.fi>
In-Reply-To: <874l49j158.wl-jch@irif.fr>
Date: Fri, 28 Jun 2019 17:17:21 +0300
Cc: babel@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <6C3AA518-8EF8-493A-835D-DE096E75D07B@iki.fi>
References: <874l49j158.wl-jch@irif.fr>
To: Juliusz Chroboczek <jch@irif.fr>
X-Mailer: Apple Mail (2.3445.104.11)
X-SA-Exim-Connect-IP: 91.155.69.60
X-SA-Exim-Mail-From: markus.stenberg@iki.fi
X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/-G-br-argkXdYh7Jz7yAg6Nm2Qw>
Subject: Re: [babel] Minor clarification to HMAC
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2019 14:17:29 -0000

In terms of security properties, notably resource exhaustion/contention, I am bit leery of creating entry before validity of remote party is actually verified (= challenge response received). I prefer the old text. I am not quite sure why the second 'may need to be created' is there..

I guess naive implementation would just remember specific nonces it has sent/freceived, but for new peers you can also just use e.g. nonce that contains timestamp (+ peer address (+- something))[1], which allows challenge sender to remain stateless until challenge responder proves they have the key.

So -1 from me. (Yes, I do wear my tinfoil hat even during summer.)

Cheers,

-Markus

[1] extra stuff is mostly for replay protection purposes, but I am not sure if it is a threat or not in this case. I have just cycled 140km, sue me.

> On 28.06.2019, at 16.21, Juliusz Chroboczek <jch@irif.fr> wrote:
> 
> Dear all,
> 
> Sawssen and Étienne (in copy of this mail) are currently working on
> cleaning up and completing the reference implementation of draft-...-hmac.
> We have just realised that the draft is not quite clear on two points.
> 
> The draft says that a neighbour entry MUST NOT be created before HMAC is
> verified (Section 4.3 first bullet).
> 
> It later says that a neighbour entry "might need to be created" when
> a challenge is sent, and "may need to be created" when a challenge is
> received.  However, it does not say whether it is legal to create an entry
> earlier.
> 
> I would therefore like to kindly request the permission of the group and
> the chairs to add the following between the first and second bullet points
> of Section 4.3:
> 
>  * A neighbour entry for the sender of the packet MAY be created at this
>    stage.  (Alternatively, an implementation MAY delay the creation of
>    a neighbour entry until a challenge request or reply is received.)
> 
> This clarification does not invalidate any implementations, it just makes
> the intent of the draft authors more explicit.
> 
> -- Juliusz
> 
> 
> _______________________________________________
> babel mailing list
> babel@ietf.org
> https://www.ietf.org/mailman/listinfo/babel
>

v2.23.0 | Report a Bug | By Email