Re: [babel] Proposed appendix to Babel-HMAC
"STARK, BARBARA H" <bs7652@att.com> Mon, 21 January 2019 21:40 UTC
Return-Path: <bs7652@att.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD34812950A for <babel@ietfa.amsl.com>; Mon, 21 Jan 2019 13:40:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.601
X-Spam-Level:
X-Spam-Status: No, score=-0.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_DYNAMIC=2, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5pEKdgCUYSnO for <babel@ietfa.amsl.com>; Mon, 21 Jan 2019 13:40:07 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0a-00191d01.pphosted.com [67.231.149.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 474E31200B3 for <babel@ietf.org>; Mon, 21 Jan 2019 13:40:07 -0800 (PST)
Received: from pps.filterd (m0049295.ppops.net [127.0.0.1]) by m0049295.ppops.net-00191d01. (8.16.0.27/8.16.0.27) with SMTP id x0LLa3mA023102; Mon, 21 Jan 2019 16:40:06 -0500
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0049295.ppops.net-00191d01. with ESMTP id 2q5ks8uqk6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 21 Jan 2019 16:39:59 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x0LLdpTt016786; Mon, 21 Jan 2019 16:39:51 -0500
Received: from zlp30488.vci.att.com (zlp30488.vci.att.com [135.47.91.93]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x0LLdlIP016740; Mon, 21 Jan 2019 16:39:47 -0500
Received: from zlp30488.vci.att.com (zlp30488.vci.att.com [127.0.0.1]) by zlp30488.vci.att.com (Service) with ESMTP id 8597C40002C2; Mon, 21 Jan 2019 21:39:47 +0000 (GMT)
Received: from GAALPA1MSGHUBAF.ITServices.sbc.com (unknown [130.8.218.155]) by zlp30488.vci.att.com (Service) with ESMTPS id 6E56E4048C31; Mon, 21 Jan 2019 21:39:47 +0000 (GMT)
Received: from GAALPA1MSGUSRBF.ITServices.sbc.com ([169.254.5.203]) by GAALPA1MSGHUBAF.ITServices.sbc.com ([130.8.218.155]) with mapi id 14.03.0415.000; Mon, 21 Jan 2019 16:39:46 -0500
From: "STARK, BARBARA H" <bs7652@att.com>
To: 'Dave Taht' <dave@taht.net>, Juliusz Chroboczek <jch@irif.fr>
CC: "babel@ietf.org" <babel@ietf.org>
Thread-Topic: [babel] Proposed appendix to Babel-HMAC
Thread-Index: AQHUrTAuG985DzKsXkaxl3m9pr67o6W2pyewgAOeNDA=
Date: Mon, 21 Jan 2019 21:39:46 +0000
Message-ID: <2D09D61DDFA73D4C884805CC7865E6114DFA4C1E@GAALPA1MSGUSRBF.ITServices.sbc.com>
References: <87h8e9bgv3.wl-jch@irif.fr> <877ef0pwlu.fsf@taht.net>
In-Reply-To: <877ef0pwlu.fsf@taht.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.10.193.205]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-21_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901210168
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/5o645h2zd0o2iJiKt-RTfJloWTA>
Subject: Re: [babel] Proposed appendix to Babel-HMAC
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2019 21:40:09 -0000
Hi Dave, I'm not sure this proposed appendix is still being considered? In mine and Juliusz' last exchange re the babel-hmac draft, I said I would be satisfied with an easy-to-fine (i.e., in the Table of Contents) definition for the term "HMAC Key" in the draft. Which we agreed was ## The HMAC Key The HMAC key is a string of bytes the length of which is exactly the block size of the HMAC algorithm being used. Note this is different from the [RFC2104] definition. This doesn't specify base64 or hex format. But in the information model, I proposed the parameter be binary datatype (noting that I would be using a hexBinary datatype with the TR-181 data model). No-one disagreed with me, so I declared the decision made. If we think there is value in an appendix on configuration of the HMAC key, I'm fine with that. But I sense an anxiousness to proceed with declaring WGLC triumphant and sending babel-hmac on to IESG. Alternately, I could see such an appendix potentially belonging in the information-model -- where it wouldn't clutter up hmac-babel, and where we could also discuss (more generically) distribution of credentials. Barbara > -----Original Message----- > From: Dave Taht > > Juliusz Chroboczek <jch@irif.fr> writes: > > > Key representation > > ================== > > > > The protocol described in this document assumes the presence of one or > > more keys in entries of the interface table (Section 3.1) that have > > been securely provisioned by means outside of the protocol. In this > > appendix, we describe how this provisioning might happen. > > > > Static configuration file > > ------------------------- > > > > In the simplest case, the keys are taken from a static configuration file. > > When that is the case, the keys should either be drawn randomly using > > a good source of entropy, or generated from a user-provided passphrase > > using a good Key Derivation Function (KDF). > > > > In either case, the keys should be distributed to all routers using a > > some secure channel (e.g., ssh login or human slaves carrying USB > flashkeys). > > human slavery is usually not in the domain of the ietf, and is usually only in > the domain of corporations and oppressive governments. > > yes, I laughed, but there is a huge movement to rid the language of the > master/slave analogy across all of tech. > > > The user-provided passphrase, if any, should not be distributed to the > > routers, but rather kept on a secure central host where key generation > > happens. > > > > In the interest of interoperability, it is recommended that all Babel > > implementations support a configuration syntax where the key is > > expressed as a string of hexadecimal digits (both uppercase or > > lowercase should be > > accepted) of exactly the right size to yield an HMAC key (e.g., 64 > > hexadecimal digits for a SHA-256 key). It is recommended that keys of > > the wrong size should be rejected rather than extended or hashed. > > I figure I've lost on the BASE64 idea. Still I felt 0xthekey for hex was a good > idea rather than just thekey > > > Static provisioning through a management protocol > > ------------------------------------------------- > > > > In a slightly more advanced implementation, HMAC keys are provisioned > > using a management protocol, either a standard XML over HTTP horror > > [NETCONF, TR-69], or an elegant ad-hoc protocol. In that case, the > > keys should be expressed in whatever format the management protocol > > uses for representing raw binary data, and keys should be rejected > > unless they have exactly the right size for a given HMAC algorithm > > (e.g., 32 octets for a SHA-256 key). If the management protocol has > > no usual syntax for binary blobs, hexadecimal is recommended. > > > > Key distribution protocol > > ------------------------- > > > > The recommended approach is to use a centralised key distribution > > server that periodically generates a new key. In that approach, the > > central server generates a new key every 20 minutes or so and installs > > it on all the secure interfaces of all the routers in a given routing > > domain; after all routers have been updated, the central server > > performs a second pass to remove the now-obsolete keys. The > > on-the-wire protocol involved could be something as simple as > > connecting over ssh to every router and editing the relevan > > configuration files, something as complex as a an XML over > > spelling:relevant. > > > HTTP monster, or something as elegant as a secure hop-to-hop flooding > > algorithm. > > It is obvious that some frustration and perhaps, vodka, were leaking through > this proposed appendix. > > ", something as complex as XML over HTTP, or a secure hop-to-hop" > > > It is important that the key distribution algorithm should be able to > > recover from failed key installation, which may happen if a router was > > not reachable at the time a new key was being installed. In the case > > of a protocol that uses global unicast, this can be ensured either by > > using a separate management network, or by designing the network so > > that there is a connected backbone that is not secured by HMAC. The > > elegant solution to the problem is to use a key distribution protocol > > that only relies on link-local IPv6 communication. > > Feel free to reference hnet here... > > > > > _______________________________________________ > > babel mailing list > > babel@ietf.org > > https://urldefense.proofpoint.com/v2/url?u=https- > 3A__www.ietf.org_mail > > man_listinfo_babel&d=DwICAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=LoGzhC- > 8sc8SY8T > > > q4vrfog&m=rVTf2a9q1YuL5raIl0tB7LvZBM3KmepN__mx0Jhtx88&s=uSNNUw > MZqU_Co5 > > Dltj5FVWGdMLHE4m1R1Jc9CfFlha0&e= > > _______________________________________________ > babel mailing list > babel@ietf.org > https://urldefense.proofpoint.com/v2/url?u=https- > 3A__www.ietf.org_mailman_listinfo_babel&d=DwICAg&c=LFYZ- > o9_HUMeMTSQicvjIg&r=LoGzhC- > 8sc8SY8Tq4vrfog&m=rVTf2a9q1YuL5raIl0tB7LvZBM3KmepN__mx0Jhtx88&s= > uSNNUwMZqU_Co5Dltj5FVWGdMLHE4m1R1Jc9CfFlha0&e=
- [babel] Proposed appendix to Babel-HMAC Juliusz Chroboczek
- Re: [babel] Proposed appendix to Babel-HMAC Dave Taht
- Re: [babel] Proposed appendix to Babel-HMAC STARK, BARBARA H
- Re: [babel] Proposed appendix to Babel-HMAC Dave Taht
- Re: [babel] Proposed appendix to Babel-HMAC Juliusz Chroboczek