IETF Logo Mail Archive

Re: [babel] rfc6126bis security implementation requirements

Toke Høiland-Jørgensen <toke@toke.dk> Sat, 10 November 2018 09:21 UTC

Return-Path: <toke@toke.dk>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAA61130E11; Sat, 10 Nov 2018 01:21:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=toke.dk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sdxRYCMLdU-Y; Sat, 10 Nov 2018 01:21:35 -0800 (PST)
Received: from mail.toke.dk (mail.toke.dk [IPv6:2001:470:dc45:1000::1]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2371E130DE4; Sat, 10 Nov 2018 01:21:34 -0800 (PST)
From: Toke Høiland-Jørgensen <toke@toke.dk>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1541841692; bh=d4lUfGRsbIjwH2L4fuwxEDYw6JbQ0uEPhCfeONjB48M=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=mrEJEqYnHpLt4qKm/+A0RcXH3HqRnqhBDlQPUZ9ititQ+myVZY7bF1czx4wZa0XK5 8b4bvwFwi8F1YZQYJqifw5rCq33uNwNSWOPw05M5Et/9ySp4kt1TYnz1jccTWek32F IvN5uKQY/Oj5rbva2ubvKAUz/Ue68fBsUB8Wnn5cDJx0wekCDwCdSntCswE6dyqcXS jbmyHMKJS9AQWrM8g7F44w394rXi1g+qbg6AjjqrG4NUeHyjjbBnhk/PX9Sg95P+rH LC6TLB6WkzMoXJo15QK+n3rIWdqVXDosOXgvm3ca+HmiZmXdpYk6v00xLhxYrVjG2V kC7AJ7liY5bVw==
To: Donald Eastlake <d3e3e3@gmail.com>, Babel at IETF <babel@ietf.org>
Cc: babel-chairs <babel-chairs@ietf.org>
In-Reply-To: <CAF4+nEHaYMX_iLvE5teUvk97ZmO03oS1LRaS1A7BiNaLMEwcWw@mail.gmail.com>
References: <CAF4+nEHaYMX_iLvE5teUvk97ZmO03oS1LRaS1A7BiNaLMEwcWw@mail.gmail.com>
Date: Sat, 10 Nov 2018 10:21:24 +0100
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <87pnvdjnjf.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/6Yf_U4FWukWXL4otBJnPcqJnyuA>
Subject: Re: [babel] rfc6126bis security implementation requirements
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Nov 2018 09:21:38 -0000

Donald Eastlake <d3e3e3@gmail.com> writes:

> In discussion at the BABEL WG meeting in Bangkok, there appeared to be
> consensus in the room that rfc6126bis should normatively reference
> both the hmac and the dtls Babel security drafts and should recommend
> implementing both. It should also recommend using hmac unless the
> additional security features of dtls are specifically needed. Neither
> would be mandatory to implement. This email is to confirm that
> consensus.

Sounds good to me :)

-Toke

v2.23.0 | Report a Bug | By Email