Re: [babel] HMAC Key rotation key format (was ripemd)

Dave Taht <dave.taht@gmail.com> Tue, 04 December 2018 17:48 UTC

Return-Path: <dave.taht@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31F63130FAB for <babel@ietfa.amsl.com>; Tue, 4 Dec 2018 09:48:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a7n5JW5WRLCB for <babel@ietfa.amsl.com>; Tue, 4 Dec 2018 09:48:48 -0800 (PST)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F7C4130E44 for <babel@ietf.org>; Tue, 4 Dec 2018 09:48:48 -0800 (PST)
Received: by mail-qk1-x729.google.com with SMTP id w204so10146735qka.2 for <babel@ietf.org>; Tue, 04 Dec 2018 09:48:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=tB5J1TNVautb8lrJdws8ZxtVIXJ9njplddCgke1sKCw=; b=M98+BIzFf7EXA3uuAUxsc+Hp69OU7rsN8St0MjxWZjURY90h0k+cR8ezyldod7mKVX MRi7g/MiigwtZHbuX2lfIYgBQcObgf6HSj+2tBIkPtQ1JNupSSRp69H0fl8+sIwUko7Q kgd98SdB8Y1sNXSpIwSvcZBMftfKP2CGv1X/CV5WEYzj5dCxzeWz5FbJxh153cCPiD7p Q5WkF6rnycsvEKsCqqAwZgjAl65TfXXXJNYx+4h2IK4UA2Z5HUpJ0zj/IeW2WrfjpjpQ QZTbQziWBuTtLhxvrWVh5uMN1zid/A3+mcHzjMq71A5gueEYOnd2D/sgpnQDpeFhFWzA 80xg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=tB5J1TNVautb8lrJdws8ZxtVIXJ9njplddCgke1sKCw=; b=Hq2csN8XQd1kon43FXp7gegdpquD7RnjFYMRzhun7eRSZqCr2d7gJk2fXE8AcQyHr4 ltshLusUtGB3A5T7z1Ruwlgh/2c4MJJuqGesCa231rKwrZDq+LY5SaOyFoKfXwj9Hz1r wUoGn0E+2VCT86QZxMb+j8hdJdVLxntoL7zse3LbdD/nuNcGfnwNaigEzlNunHqgHfXR CDzlh0pmLCvPAu55d/+iVt6YPoy1OIPpCjgpC3CRAVj6f5GPJHeS1UFsz8HMnJdKmCg+ QrAJk8TAmuFhpSgNSNivBlI5I1UUkBUmOi7pD/m4Y//MeJ6d9KpF3aNxpCTCqHC2yfiD nTYQ==
X-Gm-Message-State: AA+aEWbie7shFce9jtimuBkhCpWEmLbiSfECaVoVZTbi5lJvaoQmofWH qldgO1VUChQwKczgYTPdAEP0eLaXQBqVhxCJdlA=
X-Google-Smtp-Source: AFSGD/XVyEe4PfFqmV5JBsD+c5NhZA8k6077I50rrKKfurKU4z4YE15HWSzCTZQQX8ZZZ+BLKS2etRDcZ4w9LEyalY0=
X-Received: by 2002:a37:18d5:: with SMTP id 82mr18970763qky.65.1543945727339; Tue, 04 Dec 2018 09:48:47 -0800 (PST)
MIME-Version: 1.0
References: <CAA93jw5fHRm21yEJsabiiOF1ZP7Zh3M_gEgRo0imBOpRGhf0qA@mail.gmail.com> <87in0koun6.wl-jch@irif.fr> <87in0kx98o.fsf@toke.dk> <CAA93jw5gaYgyUX-ABX156_TnFX25Sy5SLyuRgd28fMLfRW4UHA@mail.gmail.com> <871s78x7z0.fsf@toke.dk> <CAA93jw6268QC1kmHEasJ-FbyXL_mgfQc_C-6cdksHd02ceb2Kw@mail.gmail.com> <875zwb1shp.wl-jch@irif.fr>
In-Reply-To: <875zwb1shp.wl-jch@irif.fr>
From: Dave Taht <dave.taht@gmail.com>
Date: Tue, 4 Dec 2018 09:48:34 -0800
Message-ID: <CAA93jw48gei70oU+=Dyw-u778mUq4T_jXZWt0A6p3boJxG2Fwg@mail.gmail.com>
To: Juliusz Chroboczek <jch@irif.fr>
Cc: =?UTF-8?B?VG9rZSBIw7hpbGFuZC1Kw7hyZ2Vuc2Vu?= <toke@toke.dk>, babel-users <babel-users@lists.alioth.debian.org>, Babel at IETF <babel@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/E9gXsi75oDmXYDyMqkLluTcytWY>
Subject: Re: [babel] HMAC Key rotation key format (was ripemd)
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Dec 2018 17:48:51 -0000

On Sun, Dec 2, 2018 at 2:19 PM Juliusz Chroboczek <jch@irif.fr> wrote:
>
> > Setting that aside for the moment, having a standardized file format
> > for babel keys would be a boon and boost interoperability between
> > bird/babel and other possible implementations.
>
> Have you looked at RFC 7210?
>
> -- Juliusz

https://xkcd.com/927/

It is evident (now!) that my conception of these conceptions was
different than the homenet starting point. I envisioned lots and lots
of keys interconnecting a multitude of networks, where the design as
stands is oriented towards securing a single domain.

further, I've learned now, dtls would be a better interconnect, and
considering how to do that well might factor in the above standard.

I would still rather like to be able to test key rollover by christmas!

-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740