Re: [babel] Extension of Call for WG adoption of draft-ovsienko-babel-rfc7298bis through 2018-05-28
Donald Eastlake <d3e3e3@gmail.com> Thu, 24 May 2018 20:30 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A66C12EB33; Thu, 24 May 2018 13:30:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Level:
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iTH3ChohP_v9; Thu, 24 May 2018 13:30:16 -0700 (PDT)
Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7FE212EB32; Thu, 24 May 2018 13:30:15 -0700 (PDT)
Received: by mail-io0-x22c.google.com with SMTP id g1-v6so3885087iob.2; Thu, 24 May 2018 13:30:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=4+pEnbgHSqTGxlmds0PD7XwxZFE4K50G3ieP0WOJ6sA=; b=kGw5zx5te0sGj6nyaayQirvDpd4f3UNPUkWocJQihXR7+k9/zCVw9eJDZcepNS7W0/ P2g5B3wxC6S6fTAqX8TD2e2VLzWklouRpAjeAYIgWZ8LzWlYcuqF5Qh5CE8uRvpk7Uxt DYThqIbKU1u9blRCfUg1U/bcqun2nvG9NjC4Vjpy9HmEcBc2/W5lTqdih2meiPbq9zdd J26Z2VY1CYQhOJ2LptHjSUskldOfKKofzwIvhBJ6fJW0JEow8FuPpjzE27w92402ePZU +Yzf0QJg6WK3o8YwcnRRkjWOcRD/nGEObay40nSZle0y5Rj1ReICdWsoLF5k47ieO1f/ lIOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=4+pEnbgHSqTGxlmds0PD7XwxZFE4K50G3ieP0WOJ6sA=; b=bzK/9yX0wmEzwFtcvqV/hWpqagXSkJrFKxFfPTHQRV4Hznkldgm9UwtGZdTeSatmAY 5fJ/0LpCRaj6AugnXdLIWaS4veETkuAXOqMBhH3ZelY/bAB/5EcU3jbtkWkR8KOX18BK Ujzoo9R/Vh6P2hg/tk2RkzCqyhtHqzMl2uXk1Y62vFb4F+9Y7lGI1q9xImxZhhiP1AuD I4K6j1QSIxw/aIJVHuJDSFxy6xXsbxUeZ3KEWTZNHqoerPH9H9ZmsglbspGaIokEAHOy iOQlRXzQOyRAnioCaTqkgugmudX+8jyItpyPRHznDYhxGeKzOErnmCu6YL3tZeWMQR6w HQpg==
X-Gm-Message-State: ALKqPwf1KsUZrgfkR72z99XrsfMyi+uXvoWjUttHHx84ByKZN/gU73+v rkX11ucJjQLwA58b3PgPsAGEN7OzKk5nBtCGzYNTtQ1E
X-Google-Smtp-Source: ADUXVKJ5y4WMWz9RNX5brCGgLjXmy2c93Of6htNKWH50qeiFAC0WPDsAInXtuiwdkZGceV/ukzJnPP9gYup6jBOrmyk=
X-Received: by 2002:a6b:264d:: with SMTP id m74-v6mr8095931iom.154.1527193814663; Thu, 24 May 2018 13:30:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a6b:a20f:0:0:0:0:0 with HTTP; Thu, 24 May 2018 13:29:59 -0700 (PDT)
In-Reply-To: <1638a21f72a.f115e721115322.8073557499992170629@ovsienko.info>
References: <CAF4+nEGV94Vwdoo+gG_-x-nyQcjjJtv9+JMaM_m3YuZ511_e5g@mail.gmail.com> <877eo1jf82.wl-jch@irif.fr> <2D09D61DDFA73D4C884805CC7865E6114DDC604A@GAALPA1MSGUSRBF.ITServices.sbc.com> <CAF4+nEEFfsMGTv9cp8Sbsp7=fsMKy1GejMgL+hGo3v84-tmKug@mail.gmail.com> <1638a21f72a.f115e721115322.8073557499992170629@ovsienko.info>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Thu, 24 May 2018 16:29:59 -0400
Message-ID: <CAF4+nEF+u1J4FW=UQ6Tc4=P2jLWf5d7Pj94Hkw8BrdiSMPRpog@mail.gmail.com>
To: Babel at IETF <babel@ietf.org>
Cc: "babel-chairs@ietf.org" <babel-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d38685056cf984bb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/C4ICQw6Lo3CmwVernGiypbyCWYA>
Subject: Re: [babel] Extension of Call for WG adoption of draft-ovsienko-babel-rfc7298bis through 2018-05-28
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2018 20:30:18 -0000
Hi, Commenting at a slightly higher level, although it is obviously up to the WG whether or not to adopt this draft, the replay discussion seem good and is typical of discussions that happen on security draft that have been adopted. So, I would say that the current questions would not, by most WGs, be considered a bar to acceptance. I have attempted to review the draft. It seems clear that a lot of work went into but it is very wordy and also has a lot of justification and design background material that usually does not appear in an IETF protocol specification. The "bits-on-the-wire" and any necessary state / state-machine at the end points are usually the focus for an IETF protocol specification. The draft seems to provide a lot of implementation options. For example, quantities that can either be implemented as per-interface or implemented per-babel-speaker -- I would have said that if there is clear need for it sometimes being per-interface, then just specify it as always being per-interface. It's an operator interface issue, which is mostly not in scope for a typical protocol specification, whether or not to provide a command to set it for all interfaces or set a default or whatever. On cryptographic algorithms, I think it should just say what you MUST/SHOULD implement and very briefly give the necessary characteristics for the crypto algorithms. Lots of detail about algorithms considered bad by the crypto community and listing possibly good algorithms that could be used does not seem necessary. Assuming this is adopted as an IETF Proposed Standard, or whatever, any future changes will be by a document that will go through the IETF process including security review and it should just be assumed that bad algorithms won't be approved in the future. There is no need to try to give commands about future IETF actions ("MUST NOT consider hash algorithms ... meaningful attacks exist or that are commonly viewed as deprecated") since they are unnecessary and unenforceable. I have a number of other detailed suggestions that I am sending directly to Denis. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com On Tue, May 22, 2018 at 7:14 PM, Denis Ovsienko <denis@ovsienko.info> wrote: > Hello all. > > Thank you for making your reasons, let me provide a digest of the main > technical points of the proposed work item. > > HMAC result(s) prove a packet was not modified in transit and was send by > a speaker that has the shared secret. This will require adding the packet > destination address into the HMAC input in 7298-bis as discussed. > > RFC 7298 specifies a simple optional way to guarantee that the > per-interface outgoing TS/PC number is strictly increasing over the > lifetime of a speaker. 7298-bis will need to mandate this property. This > way any speaker can tell if any other speaker's sequence of packets runs > strictly uphill and never repeats itself. > > In addition to the above, the IHU-specific TS/PC sub-TLV and the sent > TS/PC numbers table in 7298-bis make it possible to tell if an IHU proves > (because the local TS/PC number also runs strictly uphill and never > repeats) freshness (not just uphill but roughly at the same elevation) that > does not exceed the configured threshold. This threshold is specified in > real time seconds but does not require the clocks to be synchronous. > > The latest technical problem Juliusz had pointed out was that the main > protocol instance could change its state in response to replayed/delayed > [authentic, non-duplicate, in-order] packets with Update(s) but without > IHU, and then a fresh IHU could activate those old routes regardless if the > speaker currently intends to advertise respective prefixes. I suggested to > let only Hello and IHU TLVs through before the first freshness proof occurs. > > Having thought about it for some time, it seems to me this attack could > also work _after_ the freshness has been proved for the first time, it just > requires a long enough time span and many enough topology changes to > prepare the Update(s) to be sent before the next IHU. At the moment it > seems to me to make the most sense to maintain an age timer in 7298-bis for > every proof of freshness (i.e. to add a column to ANM table and to use it > to tell what TLVs can reach the main protocol instance). > > Although the proposed concept has slightly moved ahead of the I-D, my > understanding is the job is doable and the document is an OK work item. > That said, the working group makes the decision, I just need to know what > specifically it is to be able to plan my further contributions. > > Thanks. > > -- > Denis Ovsienko > > >
- [babel] Extension of Call for WG adoption of draf… Donald Eastlake
- Re: [babel] Extension of Call for WG adoption of … Juliusz Chroboczek
- Re: [babel] Extension of Call for WG adoption of … STARK, BARBARA H
- Re: [babel] Extension of Call for WG adoption of … Juliusz Chroboczek
- Re: [babel] Extension of Call for WG adoption of … Donald Eastlake
- Re: [babel] Extension of Call for WG adoption of … Denis Ovsienko
- Re: [babel] Extension of Call for WG adoption of … Donald Eastlake
- Re: [babel] Extension of Call for WG adoption of … Denis Ovsienko
- Re: [babel] Extension of Call for WG adoption of … Donald Eastlake
- Re: [babel] Extension of Call for WG adoption of … Juliusz Chroboczek
- Re: [babel] Extension of Call for WG adoption of … Denis Ovsienko
- Re: [babel] Extension of Call for WG adoption of … Denis Ovsienko