Re: [babel] Éric Vyncke's No Objection on draft-ietf-babel-hmac-08: (with COMMENT)
Juliusz Chroboczek <jch@irif.fr> Mon, 05 August 2019 16:19 UTC
Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4C7F1202C1; Mon, 5 Aug 2019 09:19:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jkE7ZDFcxZYY; Mon, 5 Aug 2019 09:19:50 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C93A51202CD; Mon, 5 Aug 2019 09:19:49 -0700 (PDT)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id x75GJg1Q007665; Mon, 5 Aug 2019 18:19:42 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 9CFD94F03A; Mon, 5 Aug 2019 18:19:45 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id dDP6ZlFezjyc; Mon, 5 Aug 2019 18:19:44 +0200 (CEST)
Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id ECCDF4F036; Mon, 5 Aug 2019 18:19:41 +0200 (CEST)
Date: Mon, 05 Aug 2019 18:19:41 +0200
Message-ID: <87ef1zlh42.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Éric Vyncke <evyncke@cisco.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-babel-hmac@ietf.org, Donald Eastlake <d3e3e3@gmail.com>, babel-chairs@ietf.org, babel@ietf.org
In-Reply-To: <156499182480.24510.10221692265742263303.idtracker@ietfa.amsl.com>
References: <156499182480.24510.10221692265742263303.idtracker@ietfa.amsl.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Mon, 05 Aug 2019 18:19:42 +0200 (CEST)
X-Miltered: at korolev with ID 5D48571E.001 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5D48571E.001 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5D48571E.001 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/6srg6_EdkGu3n8Ll8rSExMIv6lc>
Subject: Re: [babel] Éric Vyncke's No Objection on draft-ietf-babel-hmac-08: (with COMMENT)
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Aug 2019 16:20:04 -0000
> I am a little puzzled by why HMAC keys/mechanisms are not identified to > facilitate the key rollover. The used mechanism appears a little heavy on the > required computing effort to compute several HMAC. This is a difficult tradeoff, and one that was extensively discussed on the mailing list. For any onlookers, the issue that Eric is referring to is that the HMAC TLV only carries the HMAC: there is no key identifier, and there is no indication of the HMAC algorithm used. The receiving peer simply computes its own HMAC of the packet with its configured (algo, key) pair(s), and performs a bitwise comparison with the value(s) included by the sender. This choice has a number of positive consequences: - the user interface is simplified (there's no key identifier) and hence the opportunity for human error is reduced (there's no opportunity for key identifier mismatches between routers); - the packet format is dramatically simplified, which is important for a security mechanism; - there is no need for yet another IANA registry for HMAC algorithms -- a new algorithm can be deployed privately without involving a third party. It also has one negative consequence: - during key rotation, HMAC must be computed twice, once for each configured key. Since this protocol is not designed for carrying large numbers of keys, and since HMAC computation is a reasonably cheap operation (and one that is likely to be hardware-accelerated in production routers), it was felt that the benefits of simplicity and protocol agility override the minor computational cost. For me, the overriding consideration is the simplicity of the user interface -- a security mechanism will not get deployed unless network administrators feel comfortable with it. > The text about attacks on the Babel routing protocol should be better placed in > the security considerations of RFC7216bis. I'll think it over. > The DTLS document use the writing <"babel" port> while here it is <Babel port>. Right. I'll fix that. -- Juliusz
- [babel] Éric Vyncke's No Objection on draft-ietf-… Éric Vyncke via Datatracker
- Re: [babel] Éric Vyncke's No Objection on draft-i… Juliusz Chroboczek