[babel] HMAC Key rotation key format (was ripemd)

Dave Taht <dave.taht@gmail.com> Mon, 26 November 2018 14:21 UTC

Return-Path: <dave.taht@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 4F4DC130E09 for <babel@ietfa.amsl.com>; Mon, 26 Nov 2018 06:21:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id osTYlFKhedO1 for <babel@ietfa.amsl.com>; Mon, 26 Nov 2018 06:21:39 -0800 (PST)
Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com [IPv6:2607:f8b0:4864:20::836]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60CAE130E03 for <babel@ietf.org>; Mon, 26 Nov 2018 06:21:39 -0800 (PST)
Received: by mail-qt1-x836.google.com with SMTP id d19so17646638qtq.9 for <babel@ietf.org>; Mon, 26 Nov 2018 06:21:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ZyeyO7OBW/qwj9AgtDwJRlSCeebXvJHwrpBGNUNNebY=; b=ss2mRH6QvMvFppsKq+u84z06wAC7fQbFdl4g+IjhDLzYmdtGYVloFTG/YNm3VViW6/ rHNhmNj5xoxEcFCKVqKAqydp6vVDkKJb/qvTJqiv0X0YVLG2OpyAoeksxuGRDOog0z+4 FbIDFn022My9tX2diZoLSIg7kTqpeDhsQye0VTJDGfgPvz/Rkvh9bLA00SUOyXyHWO28 gEitFlUh1IoHPeaPgV8SmO1v3iafAJ3i+9HPMLid3Y2Xc98ZHijO6pvMi5RkkabPdscp bNQbY6O6M4t2qbn0T5tFNJTJOvZ7bhB6Oy5sPcsZ8GiP6WvzTw23M/VA3ouYJiEyP/Rv bCpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ZyeyO7OBW/qwj9AgtDwJRlSCeebXvJHwrpBGNUNNebY=; b=WfOHB60SuLwdn1ujy5K32gI2FOKVO43gPOT1kb9G3om35VQGcodMZS3WEoAaRj3DHa h2k+1qvILYHHg1bSjnsRa74mNMFKdAySYOS3l7K6Y593Gq+j08IoskC0HPCK9ep/c6Rr Kfhoawviufz2YP1D8THYDE0WrkG9FfhPZhdB7pOXKhBSOFSgrlqaOAG5IFeXsG7DkWuf DCogX8xGEruO8tuTHHTEYTPYVzs9OwlPtHKs9eZqmgxzpMRs00DKgPFa9VfuGmbVuZBa RlXFUq+sSy5VxgMDbKWeI/N+RuhQgLvx3vezgGsCqKfPxsys67/duR4HUMlhog9hpNSc 8s/g==
X-Gm-Message-State: AGRZ1gKfBacyZNwfE4Z120rmLtspt4Je4Do/oeie/fOdKKHno98njpRq q1Jf9WstGrNwzwSNrYLDWCcWJ4KUQzEHxzZXkSk=
X-Google-Smtp-Source: AJdET5ceqEgv9ALeGBYHz+NlZxg7JaalECNKx0w/BDIbZZlC7+ACuiTX3XLRQ5cCQ3RyyzUgaMR4ZPWEhwTpwi7n478=
X-Received: by 2002:ac8:6606:: with SMTP id c6mr25979585qtp.376.1543242098138; Mon, 26 Nov 2018 06:21:38 -0800 (PST)
MIME-Version: 1.0
References: <CAA93jw5fHRm21yEJsabiiOF1ZP7Zh3M_gEgRo0imBOpRGhf0qA@mail.gmail.com> <87in0koun6.wl-jch@irif.fr> <87in0kx98o.fsf@toke.dk> <CAA93jw5gaYgyUX-ABX156_TnFX25Sy5SLyuRgd28fMLfRW4UHA@mail.gmail.com> <871s78x7z0.fsf@toke.dk>
In-Reply-To: <871s78x7z0.fsf@toke.dk>
From: Dave Taht <dave.taht@gmail.com>
Date: Mon, 26 Nov 2018 06:21:26 -0800
Message-ID: <CAA93jw6268QC1kmHEasJ-FbyXL_mgfQc_C-6cdksHd02ceb2Kw@mail.gmail.com>
To: =?UTF-8?B?VG9rZSBIw7hpbGFuZC1Kw7hyZ2Vuc2Vu?= <toke@toke.dk>
Cc: Juliusz Chroboczek <jch@irif.fr>, babel-users <babel-users@lists.alioth.debian.org>, Babel at IETF <babel@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/0Xjh3qwdPBEk4SSubLf8ckLm9_I>
Subject: [babel] HMAC Key rotation key format (was ripemd)
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 14:21:41 -0000

To me this leaves the biggest problem remaining is key rotation. Me
being me, and remembering just how hard it was to get dnssec working
on systems lacking reliable time,
I worry about that part. What we settled on for dnsmasq-dnssec was to
write the current time to flash every day (or few hours), boot up
without dnssec enabled long enough to
get an ntp server... and rely on key rollover taking hours or days to
*usually* get a correct result. RTCs with batteries are usually not

that's still fragile (imagine a power failure lasting days, or a box
being down for several days for repair. It happens).

In the case of routing... if you don't have the correct time... and
you can't get a route so you can get the correct time from ntp... then
what? Do we make GPSes MTI also?

Setting that aside for the moment, having a standardized file format
for babel keys would be a boon and boost interoperability between
bird/babel and other possible implementations.
You would merely declare a key name in the main conf for bird or
babel, and reference it in a separate file with a format like this:



administrators would push out this one standard format file to
routers, strongly suggesting that UTC times be used universally and
that key rollover should be staged over hours or days lest
connectivity be lost. Other sanity checks like ensuring there is some
form of persistent and correct time on routers using authentication
are also needed.

alternatives might include certs and other stuff that bears drinking about.


Dave Täht
CTO, TekLibre, LLC
Tel: 1-831-205-9740