IETF Logo Mail Archive

Re: [babel] Babel-MAC: Blake2s is 128-bits by default

Donald Eastlake <d3e3e3@gmail.com> Mon, 16 November 2020 04:28 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EEBF3A1060 for <babel@ietfa.amsl.com>; Sun, 15 Nov 2020 20:28:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RDN82J5gaVch for <babel@ietfa.amsl.com>; Sun, 15 Nov 2020 20:28:38 -0800 (PST)
Received: from mail-il1-x132.google.com (mail-il1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D84493A129D for <babel@ietf.org>; Sun, 15 Nov 2020 20:28:37 -0800 (PST)
Received: by mail-il1-x132.google.com with SMTP id k1so13882318ilc.10 for <babel@ietf.org>; Sun, 15 Nov 2020 20:28:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=05HQfDCdw1U2kM3A4Vf1EDSl+eqdGQrOvGgmeHJIUD8=; b=SfVj+628vzNEMtuF8KzvBJ8rveHVSJjlRt6bzIHTAX6Jr5xDem/BY77dtzQH8fSHLK Ocka/xwLu32jij43nb4Jgqkp0Pv6r2MYW2HsKzfrfr8COFvSxWcIAu5E62t5uWgHPbGo wbnhe4/GI4JOStGsR3bOdITx7q6g9USXDpQiFmV+MQ1qIEZMRw7YAbCGlGHYcXnJFhZq gsSsE3EGoPAGDCEozTpQ5iMx10xX2iYjQdORYvj1bWcL2E6oaYOH6JE+oEzb/QA9OYP4 aMlQCi0xKVf6N6GueuI2kMTYlDkjdTRKPaH/2uynzy9/Q8DEEduWRQKu0mso3HyXQRaI OE2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=05HQfDCdw1U2kM3A4Vf1EDSl+eqdGQrOvGgmeHJIUD8=; b=p0eVGPwgMxsNHW98WrV2Q2jNvDBj4Tom4w2z762e7UorHJZGJidTcvWR1kQj+G+8iT FfA367PqwRQ10dFKf6+ou56+n6DL/ajBMAvvcQpo4PfycZAGvsKWm1vvCqqbT2QqvXbx CPkULeB+K3BP/dm7LMcOWr2cg/muQ5RnzUIetMyyc5WfTjndL4/MGoB1IJCyxjQOi/q7 lWmSpPb9hDgm6HrcEccL2wCFwFV+iEkJj5slH1wFodx5doIsHrZKkrmkiW8CKP3wOPc3 HWvVkGlJiWMAD/6p6Cxopix4K0E7aAJQEapTtmGONo2ZWtBK/qiV3BLGp0fsDgqKpjLK RGow==
X-Gm-Message-State: AOAM5338blsZ6aFF5cKfz8zlgHO5G1/bwxdTHfrXvyhuMBIRhZ4da+GG vYZ5SG+GF4bBNmeOG6sxjwDm10dtOwYM6ry1P+eA6+OhlNo=
X-Google-Smtp-Source: ABdhPJzADC6Pgoj0d4Ep0t1N6Pi/Dl7dyqmFZ942ospyOlxhC+Ign8WZRHwSPt/Yana0pm/dIFFecBFA3Hl77Bveec0=
X-Received: by 2002:a92:d78b:: with SMTP id d11mr4868107iln.40.1605500917061; Sun, 15 Nov 2020 20:28:37 -0800 (PST)
MIME-Version: 1.0
References: <87d00qungk.wl-jch@irif.fr> <87h7q2f6a2.fsf@toke.dk> <87o8jya4jz.wl-jch@irif.fr>
In-Reply-To: <87o8jya4jz.wl-jch@irif.fr>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sun, 15 Nov 2020 23:28:25 -0500
Message-ID: <CAF4+nEHHcUsO6x2DPzs2FTzg-PsFfMOfp-8LWRBxLGpPT=hz8A@mail.gmail.com>
To: Juliusz Chroboczek <jch@irif.fr>
Cc: Babel at IETF <babel@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/1HCmq0F1_pLbMQ1iu2-3OcKHmOk>
Subject: Re: [babel] Babel-MAC: Blake2s is 128-bits by default
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2020 04:28:40 -0000

H Juliusz,

Speaking as a WG participant, I think your argument make sense and I
would supporting going in the direction you suggest.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com

On Sun, Nov 15, 2020 at 12:55 PM Juliusz Chroboczek <jch@irif.fr> wrote:
>
> After reading your replies, and thinking it over carefully, I disagree
> with the apparent consensus.  I think Blake2s in Babel-MAC should use
> 128-bit keys, as in the initial implementation.  Please hear me out.
>
> Toke and Dave originally suggested adding Blake2s to Babel-HMAC for two
> reasons:
>
>   - it is more computationally lightweight on platforms that don't
>     implement SHA-256 in hardware;
>   - it may serve as a fallback if SHA2 is ever broken.
>
> While I am still not quite convinced by these arguments, I've agreed to
> add the SHOULD Blake2s and to implement Blake2s for the following reasons:
>
>   - it serves as a good example of adding a new algorithm to Babel-MAC;
>   - with 128-bit signatures, it is useful on low-rate networks, which
>     Babel is commonly used with.
>
> For these reasons, we implemented Blake2s with 128-bit signatures.
> Unfortunately, some confusion ensued, Toke implemented Blake2s with
> 256-bit signatures, Antonin changed our implementation to interoperate
> with Toke's (without discussing the issue with me beforehand), hence the
> current situation.
>
> If Blake2s uses 256-bit signatures, then I see little convincing reason to
> keep it around in addition to SHA-256.  For this reason, I recommend the
> following course of action:
>
>   1. Toke agrees to switch to 128-bit Blake2s signatures;
>   2. we discard Antonin's branch (which is just a private branch), and do
>      128-bit Blake2s signatures instead;
>   3. during AUTH48, I make the clarification that the SHOULD implement
>      applies to 128-bit signatures.
>
> Two more points.  First, under no circumstances will I go against WG
> consensus on this point -- if the WG strongly believes that the SHOULD
> applies to 256-bit signatures, I will naturally follow the consensus.
> Second, Babel-HMAC is an extensible protocol, so even if the RFC ends up
> recommending n-bit signatures, nothing prevents a given implementation
> from implementing m-bit signatures in addition to the RFC-recommended
> n-bit signatures.
>
> Sorry again for the confusion.
>
> -- Juliusz
>
> _______________________________________________
> babel mailing list
> babel@ietf.org
> https://www.ietf.org/mailman/listinfo/babel

v2.23.0 | Report a Bug | By Email