IETF Logo Mail Archive

Re: [babel] Babel-MAC: Blake2s is 128-bits by default

Donald Eastlake <d3e3e3@gmail.com> Sat, 28 November 2020 18:42 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEBEC3A0ED9; Sat, 28 Nov 2020 10:42:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L5G966wnBkk0; Sat, 28 Nov 2020 10:42:23 -0800 (PST)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 522183A0ED5; Sat, 28 Nov 2020 10:42:23 -0800 (PST)
Received: by mail-io1-xd2c.google.com with SMTP id d17so7817170ion.4; Sat, 28 Nov 2020 10:42:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=f8uYrgdkLyM8581V4LRhNxVva+k3rtK2PFD0EZu/KKc=; b=ubC9kHvLrX5UV/XBZBORVYDEaoGCnFRY1s+ZvxdMFtLjneFulunAAbxqYu7LSRDiFN QFuF2mu0pYFUM6VvUNLTwO1RmeX7pZXcUEeLRq5BQzap5HYzYcK/ABnUPGvgw+2BIlX2 sMSjhxq78aBeasZKTXik8ThPnQTH9x8z4kOybLyYChL+2nDOMw+J6M7Nmdu3yCO25bV2 LGiFqlmoODyPFCAvpWb9KVpugUKggHHxdoyl+gVplelVY2D+rNfyFkMc83tuIA1iCATK uXxqg+6HbGxIZGaPOnoZN9wTwOdMFIZ+UzgFhRUwBrZhZTRez4n4eC7a995lU0xAJNCk l2Rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=f8uYrgdkLyM8581V4LRhNxVva+k3rtK2PFD0EZu/KKc=; b=axsB39oyZrL3uQHNN2e2Pku7em3VQdySjV5nGRSU8KKpAAuNIl226TQO778NEra8ej cj+RtD0NSf4fScqcdD8AU58xJygA0NZA7dg3aiNTzTIkPCtnGqDJnHLkAvTsBl7H93Ye sN17S6s2ypeH40JCr50ta33WAm0/bwpqko+TxUU/MbBtdTxFsxbIod09m8TklZC7xeuk 0+hTFl7XXGeX16HNtpvOxYFejNnADuS0+v7bZubb9u6O9ETwkkrGvXXZolfzq0/uWEzQ Co6k6jrvugXPlskFXUWYeUXL+GJ79/JxIXubIO50NOh6R0b8x6HpVcV1sGgPz0m9M8e2 oypg==
X-Gm-Message-State: AOAM532849q1RsiCGToBp9EaxsmhF6CutAEGkfnIoQt5osmcSkHQ1D1N 7J2ZI2DFaJE8qYETxEucZmclduCo33Rwn/tuNMWG72KVYhg=
X-Google-Smtp-Source: ABdhPJyZGTnIEH5b4ZkyQuXddNo++bjP4cyB8IMw+3aOYdBwq3d/V2x24Fi4A0IP+gHYW6N7Nik+SgKgJaHfZEKkou4=
X-Received: by 2002:a02:90ca:: with SMTP id c10mr13120645jag.115.1606588942395; Sat, 28 Nov 2020 10:42:22 -0800 (PST)
MIME-Version: 1.0
References: <87d00qungk.wl-jch@irif.fr> <87h7q2f6a2.fsf@toke.dk> <87o8jya4jz.wl-jch@irif.fr> <87wnyl4dgi.fsf@toke.dk> <878sazh7ge.wl-jch@irif.fr> <87o8jvylta.fsf@toke.dk> <87o8jomjfb.fsf@toke.dk> <87360xz3yk.wl-jch@irif.fr> <87ft4wl8h6.fsf@toke.dk> <87lfeocoiv.wl-jch@irif.fr> <CAF4+nEGnDv__kGKi=WtYEBVSojRah+5YTD1Zor+rOHH8OZK1CA@mail.gmail.com>
In-Reply-To: <CAF4+nEGnDv__kGKi=WtYEBVSojRah+5YTD1Zor+rOHH8OZK1CA@mail.gmail.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sat, 28 Nov 2020 13:42:11 -0500
Message-ID: <CAF4+nEGx4h5xC57gbymgOsm0htZ2m+VRNttzsv1SGLTkOUaHtQ@mail.gmail.com>
To: Juliusz Chroboczek <jch@irif.fr>
Cc: Toke Høiland-Jørgensen <toke@toke.dk>, Babel at IETF <babel@ietf.org>, Valery Smyslov <valery@smyslov.net>, babel-chairs <babel-chairs@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/6UJ2lXcXlwY5XKEgvcsfTYiqCW4>
Subject: Re: [babel] Babel-MAC: Blake2s is 128-bits by default
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Nov 2020 18:42:25 -0000

Hi Juliusz,

There having been no further comments and given the extent to the
discussion of this on the WG mailing list, I'm declaring WG consensus
for this minor change.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com

On Thu, Nov 26, 2020 at 2:02 PM Donald Eastlake <d3e3e3@gmail.com> wrote:
>
> Hi Juliusz,
>
> On Thu, Nov 26, 2020 at 7:04 AM Juliusz Chroboczek <jch@irif.fr> wrote:
>>
>> >> I do not believe that it impacts the security in any way (2^128 ns is
>> >> roughly 10^12 times the age of the universe), but I could be wrong.
>>
>> > Yeah, makes sense, let's keep it at 32 bytes :)
>>
>> Excellent.  I'm therefore going to make the following change in AUTH48:
>>
>>   - in Section 4.1, replace
>>
>>    Every implementation MUST implement HMAC-SHA256 as defined in [RFC6234]
>>    and Section 2 of [RFC2104], SHOULD implement keyed BLAKE2s [RFC7693],
>>    and MAY implement other MAC algorithms.
>>
>>    Every implementation MUST implement HMAC-SHA256 as defined in [RFC6234]
>>    and Section 2 of [RFC2104], SHOULD implement keyed BLAKE2s with 128-bit
>>    (16-octet) digests [RFC7693], and MAY implement other MAC algorithms.
>>
>> I will not change the following text in Section 7:
>>
>>     Ideally, they should have a length of 32 octets (both for HMAC-SHA256
>>     and Blake2s), and be chosen randomly.
>>
>> Donald, are you willing to call consensus on this point?
>
>
> All this has been discussed on the WG mailing list with no objection and there has been some further success but just to be sure, I'd like to wait a couple of days before declaring consensus.
>
> Thanks,
> Donald
> ===============================
>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>  2386 Panoramic Circle, Apopka, FL 32703 USA
>  d3e3e3@gmail.com
>
>>
>> -- Juliusz

v2.23.0 | Report a Bug | By Email