Re: [babel] Comments on the MAC authentication for Babel draft
David Schinazi <dschinazi.ietf@gmail.com> Wed, 26 August 2020 18:09 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0F1B3A1002 for <babel@ietfa.amsl.com>; Wed, 26 Aug 2020 11:09:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4kjQwnWgwry6 for <babel@ietfa.amsl.com>; Wed, 26 Aug 2020 11:08:59 -0700 (PDT)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E38A3A0FFD for <babel@ietf.org>; Wed, 26 Aug 2020 11:08:59 -0700 (PDT)
Received: by mail-lf1-x12b.google.com with SMTP id 12so1481071lfb.11 for <babel@ietf.org>; Wed, 26 Aug 2020 11:08:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xtGSbu6zEUAILEhisfrkTfZgyKNfdxRv+BEmYXYBDKM=; b=VwsuGdzHpkwhU02SBdcFdItPywfTz2oTjTFd/MfM5Qub3oOa3moSfDl9qkiEuG8+5K DLd5uFxGMQ9E9yUPX3HB6jNIZ4b+JGny9x3gzkGIPQMdN2158t+QmRZUDUp8pL1ulOPt FfuuVVn97NfaNVmei3Nl7DlGOQ5ovYOU+soaamY2s0fmP5yLXU7SjWJ/ogRlMpvIbvZW jj0v4CwqXLdfg01dAR0QewjmCrJQEJUuza887kZzE6QGQBFH6xcrcSAo56SafgG7V4yQ Xo+hMQRaL1Ulc/AVL8ydmX9NNl7YTkvYBlEiT+kGnsOg7uFqO5dhnFovuTFnBDNfSVvW yt7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xtGSbu6zEUAILEhisfrkTfZgyKNfdxRv+BEmYXYBDKM=; b=JabwHwCIS7q9MPSVAY0c0F+rV5hqa7Kv8d0NehmX3GY+HMejWfFgLnU0b1g7ee5P95 /HGbD/eCReQkopC91bTvAgjPVHAS8z724k3i3JMSBOyTpQ6BVCbAdWrnlMmAppw+DytD +0phcXyeSnqX/W0c6WLrYktKYU6HYnQ+p5/Q97CvqQmev0MEplhsU6Xj4nRuFh+82Phc H1hh3wUL9yPJCHL9LQfWf/0gaxLOnDA1Xq794acU+7b3Dc8GvdPun4pjjPLLl2Rna61H wN+fl8ndt0IcBLIroPaZAFQZ28NKY7kfE59ngfxcFY289HSag+FjKHKX4NXruqW0sI1m evrw==
X-Gm-Message-State: AOAM5303hbvVg/7Ly1KGTsau1BU9dyvJRHBhnJT6LzAFv9SIpqB5jFVJ FA2Hm5WbK83Z/G3dnScnu5jdxPMru3auFLwPwFs=
X-Google-Smtp-Source: ABdhPJwW8JuePkr4/SRuqEnayJuJtcuEC6UItKuY8VyqkiZ5GzTqs3+nS9nuzIDcNVWL8Hq53TkpmaJcdOqFWdbyglc=
X-Received: by 2002:a05:6512:2107:: with SMTP id q7mr7988124lfr.160.1598465337043; Wed, 26 Aug 2020 11:08:57 -0700 (PDT)
MIME-Version: 1.0
References: <87zh6hem9u.wl-jch@irif.fr> <C56WNVF0GCG7.2H25FHRQ1LL3F@kobain>
In-Reply-To: <C56WNVF0GCG7.2H25FHRQ1LL3F@kobain>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Wed, 26 Aug 2020 11:08:46 -0700
Message-ID: <CAPDSy+7DaR2RTJ5cdf02=ECSgbaDN=14Spdz3U6D1NvZed25CA@mail.gmail.com>
To: Antonin Décimo <antonin.decimo@gmail.com>
Cc: Juliusz Chroboczek <jch@irif.fr>, Babel at IETF <babel@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000099b5f005adcbb6db"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/-J4P86y0FOh-LgIU1IMmo-Zyrh4>
Subject: Re: [babel] Comments on the MAC authentication for Babel draft
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2020 18:09:01 -0000
To be slightly pedantic about the IETF process here (chairs, please correct me if I'm wrong), it's not too late to make editorial changes to the document. It is too late to make big technical changes, as that would require the relevant ADs to re-review the document, but as authors you can feel free to clarify the wording. Another option is that you'll be able to also change wording during AUTH48 (one of the very last steps of the process where the authors go back and forth with the RFC Editor to get all the editorial details right). All that will be required is for the responsible AD (in this case Martin Vigoureux) to review the AUTH48 changes and confirm that they are editorial. I would suggest making small editorial changes now right before we send this off to the RFC Editor. David On Wed, Aug 26, 2020 at 5:22 AM Antonin Décimo <antonin.decimo@gmail.com> wrote: > > > 1. Key length > > > > I disagree. Using 64 octets for SHA-256 gives no additional security. > > > > > https://crypto.stackexchange.com/questions/34864/key-size-for-hmac-sha256 > > Ok, thanks. > > > > 2. Digest length > > when a key is configured in a router, it is configured together with > > the associated algorithm. The algorithm implies a digest length. > > Ah, I see. This is just what I had missed. > > > Thanks for reviewing my comments. I don’t see any bugs left in the > draft. I’m sorry to see that it’s too late for clarifications. > > -- Antonin > > _______________________________________________ > babel mailing list > babel@ietf.org > https://www.ietf.org/mailman/listinfo/babel >
- Re: [babel] Comments on the MAC authentication fo… Antonin Décimo
- [babel] Comments on the MAC authentication for Ba… Antonin Décimo
- Re: [babel] Comments on the MAC authentication fo… Juliusz Chroboczek
- Re: [babel] Comments on the MAC authentication fo… David Schinazi
- Re: [babel] Comments on the MAC authentication fo… Donald Eastlake
- Re: [babel] Comments on the MAC authentication fo… Donald Eastlake
- Re: [babel] Comments on the MAC authentication fo… Juliusz Chroboczek
- Re: [babel] Comments on the MAC authentication fo… Donald Eastlake