Re: [babel] Babel-MAC: Blake2s is 128-bits by default

Donald Eastlake <d3e3e3@gmail.com> Thu, 26 November 2020 19:03 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FF5F3A0978; Thu, 26 Nov 2020 11:03:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aiHvVfb2tQnt; Thu, 26 Nov 2020 11:02:59 -0800 (PST)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3371C3A0980; Thu, 26 Nov 2020 11:02:59 -0800 (PST)
Received: by mail-io1-xd29.google.com with SMTP id i9so2663573ioo.2; Thu, 26 Nov 2020 11:02:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vrL0VjmkKk0LgLOzh2n502fqDf6XUxsbZKtEhU4Sf4M=; b=joWWaEpZ9jSZ/6qbOlE0UmThqw412sfttltSN79UOzbYyq5ojK4vTQ0G3/vD6P8CZ6 Ig2GZihMtvUhempqHEEz9/cM4A8AqICFfHEDXLOmDRnG9v9WbdcVZrCaXkRmGVtd0HEH sF2aVqG6AeRTHL74iFW0qWe07M3NJ41b7s3SkGj7/7UTIh3Je92tUzfOLNoFyT1jj8z/ jqI1spYDbKbPlmJKzV7SPDOKGPxYC9gfXfu4IoqzxRmYGsmbZPAk7Kkuw2NROJdpXyEJ WRizebMrjca3FojFIzHu2lqsd1dIewHaYZtnr6VfsPJrqaI/ubNyscAzVgghW0w9IqPh Wh8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vrL0VjmkKk0LgLOzh2n502fqDf6XUxsbZKtEhU4Sf4M=; b=UAxYFv0/X6PBVkJe94SKOUPhkAjMbea8ZZxbAfbuGTBXrn58VX8uHWwQr/SJKFezuA 0jZOhKWCzBTA9LPMmtesKx7l5Hn1UwFFz9r58gZU909DyA5PwOu4vxBhhnATNPIWpToX aHe0RCxSnaiUM4PPYoQkbU5fdjFqWJM/CFJ6NIKSAomTNTE7alKNlFRn+QXhhVSifUAh onA4hFA96FZgIxgtIVexxWo4JuEObkU7BfSj57IdOFo0efWPRH5Y6xBt4jYAA8HPEnlE XyqVefIb5oGbIwJsfJreq5itI9+7Gl9pyfmtjF6p2oD5X1M6jX4tO4uVKIHnKovpbz8F GiAg==
X-Gm-Message-State: AOAM5321N/xoflV5TutkWX6UhCgbIQcOHog508LF3qX84g0qx2CKvsGe tVf9zQOAobLjDUz1prCOJE2/TzlUCZmX0XrE2Y0=
X-Google-Smtp-Source: ABdhPJzjmf9qElWexZdtcxAc8WxxO+38UNZRj41TOXLKKtPw1lX6ntWvk9ZB8tRVYHOsW+GGmMti1VvRvZOqcSH+zSo=
X-Received: by 2002:a02:ba90:: with SMTP id g16mr4265320jao.96.1606417378439; Thu, 26 Nov 2020 11:02:58 -0800 (PST)
MIME-Version: 1.0
References: <87d00qungk.wl-jch@irif.fr> <87h7q2f6a2.fsf@toke.dk> <87o8jya4jz.wl-jch@irif.fr> <87wnyl4dgi.fsf@toke.dk> <878sazh7ge.wl-jch@irif.fr> <87o8jvylta.fsf@toke.dk> <87o8jomjfb.fsf@toke.dk> <87360xz3yk.wl-jch@irif.fr> <87ft4wl8h6.fsf@toke.dk> <87lfeocoiv.wl-jch@irif.fr>
In-Reply-To: <87lfeocoiv.wl-jch@irif.fr>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Thu, 26 Nov 2020 14:02:47 -0500
Message-ID: <CAF4+nEGnDv__kGKi=WtYEBVSojRah+5YTD1Zor+rOHH8OZK1CA@mail.gmail.com>
To: Juliusz Chroboczek <jch@irif.fr>
Cc: Toke Høiland-Jørgensen <toke@toke.dk>, Babel at IETF <babel@ietf.org>, Valery Smyslov <valery@smyslov.net>, babel-chairs <babel-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000033f59805b507316a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/E8myuS2bDNaVewFs3Y1uK-q4ed4>
Subject: Re: [babel] Babel-MAC: Blake2s is 128-bits by default
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2020 19:03:01 -0000

Hi Juliusz,

On Thu, Nov 26, 2020 at 7:04 AM Juliusz Chroboczek <jch@irif.fr> wrote:

> >> I do not believe that it impacts the security in any way (2^128 ns is
> >> roughly 10^12 times the age of the universe), but I could be wrong.
>
> > Yeah, makes sense, let's keep it at 32 bytes :)
>
> Excellent.  I'm therefore going to make the following change in AUTH48:
>
>   - in Section 4.1, replace
>
>    Every implementation MUST implement HMAC-SHA256 as defined in [RFC6234]
>    and Section 2 of [RFC2104], SHOULD implement keyed BLAKE2s [RFC7693],
>    and MAY implement other MAC algorithms.
>
>    Every implementation MUST implement HMAC-SHA256 as defined in [RFC6234]
>    and Section 2 of [RFC2104], SHOULD implement keyed BLAKE2s with 128-bit
>    (16-octet) digests [RFC7693], and MAY implement other MAC algorithms.
>
> I will not change the following text in Section 7:
>
>     Ideally, they should have a length of 32 octets (both for HMAC-SHA256
>     and Blake2s), and be chosen randomly.
>
> Donald, are you willing to call consensus on this point?
>

All this has been discussed on the WG mailing list with no objection and
there has been some further success but just to be sure, I'd like to wait a
couple of days before declaring consensus.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com


> -- Juliusz
>