IETF Logo Mail Archive

Re: [babel] info-model: preparing -09 on github

David Schinazi <dschinazi.ietf@gmail.com> Thu, 15 August 2019 19:26 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 224FE1200BA for <babel@ietfa.amsl.com>; Thu, 15 Aug 2019 12:26:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ws-qeSIQX4BK for <babel@ietfa.amsl.com>; Thu, 15 Aug 2019 12:26:39 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A7D1120074 for <babel@ietf.org>; Thu, 15 Aug 2019 12:26:39 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id p197so2412521lfa.2 for <babel@ietf.org>; Thu, 15 Aug 2019 12:26:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fsYHq3uc96OJ93xMcYb7o4ltrA3h/h73XCrx2dS1OKQ=; b=ZhjVIe8LQSbEmVZmRrWb3DNojf9mXLs6Atrc/TNXaNxmldkPIUNwv89nGGg+cfD4ZA EK9kFQRNMm2MEBGj0uWuAUObx3oXiSWEIM62OS5K2Rz4M0geQpKuV8OOJiBiw7Iq1T8t uJuPWBbjBKGmbK1begane1KNsU2eyF34aPFSPt/N5lzmB9XDag5H1R5pYJKhQWoJVfeb S0luuqcdhO6AvNSLKX0asoA/x1PDfOJ3gFwaXWdg/5Ocmyb1B11bDtfMm/utBnRdU4KS WqnVIoQ3zfII6ISq/ix/uLFj4eYr/lrpDgmuxZRelQTzv9zGDoAuP+za0iVhL8jyaNTp LE0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fsYHq3uc96OJ93xMcYb7o4ltrA3h/h73XCrx2dS1OKQ=; b=suLOjWmb1piYNF/6dwJnjW7vGSBDyX8jKq5PxnQ5SI04WXQCeHXlq2OtkTfxQZoscR D/z+6IUC/FHepi3k9QTgOzQ5hj+IDPKjHF+Bji0mxjalyxlyASdEDBOnkXWvUS0rE/Di MeOAtSLmjsCYjQWdgxVLKyYfmMfqWr0j0z4Xv9yVuXsQfhsMFvVW9P7zanPKsLv91iEK q4biDdyouE7EfejTf6JrNS1fR+fnkZE5lgFl9v5mVTTqO83Y1bGD+4oukTMEVIeAuP7k /F6PR3QAJUfkH2d0ZwxjbLu4MSS8KWnBe5MRoCqeVamvcoZPCdtl2LXK6iIWXViwCgtM UlsA==
X-Gm-Message-State: APjAAAXZsr1DvpWj9LXq7c23oo0GB+OpfA9bTRp3x8WobNVzBnNyklaW sVgmqU5oR3SOwAey1UdSyNvT0qaNpKj/9i0955o=
X-Google-Smtp-Source: APXvYqz3pDq5wDTOU3LLFsBOZ9ZmxNfuz9eE7Td5du0BKwGKRUeBm4wAjv8xV/mtxjXexEbkFdKA/YnE8mG3N2wjYMI=
X-Received: by 2002:a19:ec0c:: with SMTP id b12mr3246623lfa.107.1565897197522; Thu, 15 Aug 2019 12:26:37 -0700 (PDT)
MIME-Version: 1.0
References: <2D09D61DDFA73D4C884805CC7865E6114E2694DE@GAALPA1MSGUSRBF.ITServices.sbc.com> <87ftm3u0a6.wl-jch@irif.fr> <2D09D61DDFA73D4C884805CC7865E6114E269981@GAALPA1MSGUSRBF.ITServices.sbc.com> <87blwrtudx.wl-jch@irif.fr> <2D09D61DDFA73D4C884805CC7865E6114E275E65@GAALPA1MSGUSRBF.ITServices.sbc.com>
In-Reply-To: <2D09D61DDFA73D4C884805CC7865E6114E275E65@GAALPA1MSGUSRBF.ITServices.sbc.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Thu, 15 Aug 2019 12:26:26 -0700
Message-ID: <CAPDSy+4+46nUbUF=C-U1Jvw2QDZMRZ9-vXrRVwh71y8ne6e0Mg@mail.gmail.com>
To: "STARK, BARBARA H" <bs7652@att.com>
Cc: Juliusz Chroboczek <jch@irif.fr>, "babel@ietf.org" <babel@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003691fe05902cdadc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/EFmQ9J81jsQJaGxZuRzpe2OOpBo>
Subject: Re: [babel] info-model: preparing -09 on github
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2019 19:26:42 -0000

According to RFC 7693, Blake2s keys must be of length kk where 0 <= kk <=
32. So having the info model dictate that keys MUST follow that is
perfectly reasonable to me.

However, according to RFC 6234, HMAC-SHA-256 allows all key lengths kk
where 0 <= kk. I don't think the information model should express an
opinion as to whether keys longer than 64 bytes are safe or not. If we
choose to add that distinction we'll need to justify why we think the key
hashing is unsafe, and I don't think there is an RFC we can cite for that.

So going back to Juliusz's listed options in the other thread <
https://mailarchive.ietf.org/arch/msg/babel/QlvsPB9yYFPTPwQxaLcWIN3Hl2Y>, I
would argue for option 3 "bureaucratic" because it follows the design
principle "The Babel WG does not make security decisions, we follow what
RFCs tell us".

David

On Thu, Aug 15, 2019 at 9:58 AM STARK, BARBARA H <bs7652@att.com> wrote:

> > > Is this suggesting that it's ok for info-model to provide babel-hmac
> > > with any value between 0 and 64 bytes in length for HMAC-SHA256 or
> > > between 0 and 32 bytes in length for Blake2s and babel-hmac can be
> > > expected to zero-pad? Or are you still expecting info-model to do the
> > > zero-padding before providing to babel-hmac?
> >
> > The former.  You give me anything between 0 and 32/64, and I deal with
> it.
>
> Cool. Then from a purely info-model perspective, it sounds like the
> key-value parameter length constraints are:
>
>   This value is of a length suitable for the associated
>   babel-mac-key-algorithm.  If the algorithm is based on the HMAC
>   construction, the length MUST be between 0 and the block size of the
>   underlying hash inclusive (where "HMAC-SHA256" block size is 64 bytes
>   as described in {{RFC4868}}).
>   If the algorithm is "BLAKE2s", the length MUST be between 0 and 32 bytes
>   inclusive, as described in {{RFC7693}}.
>
> Anything complying with info-model won't supply anything longer than the
> identified max length.
> A babel-hmac implementation may get something as short as zero length, but
> will be expected to deal with it. Info-model doesn't care and doesn't need
> to know what "deal with it" means.
> For HMAC and Blake2s algorithms, "deal with it" means hmac-babel will
> zero-pad shorter strings, because that's what the algorithm RFCs say to do
> (and not because babel-hmac has any extra requirements going beyond the
> algorithm specs).
> Info-model won't send strings longer than the indicated length. If there
> is a UI to info model that accepts a longer string, hashes it, and then
> info-model provides the hashed value, that is what it is. Neither
> info-model nor babel-hmac care or know or need to know about this.
> If a babel-hmac implementation does have special handling for longer
> strings, that's fine, too. But a value coming from info-model will never
> trigger this special code.
> Does that sound right?
> Barbara
>
> _______________________________________________
> babel mailing list
> babel@ietf.org
> https://www.ietf.org/mailman/listinfo/babel
>

v2.23.0 | Report a Bug | By Email