Re: [babel] Information model and YANG: about HMAC
Mahesh Jethanandani <mjethanandani@gmail.com> Fri, 09 November 2018 08:29 UTC
Return-Path: <mjethanandani@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35703127332 for <babel@ietfa.amsl.com>; Fri, 9 Nov 2018 00:29:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gca6-6tru80E for <babel@ietfa.amsl.com>; Fri, 9 Nov 2018 00:29:25 -0800 (PST)
Received: from mail-pg1-x52b.google.com (mail-pg1-x52b.google.com [IPv6:2607:f8b0:4864:20::52b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9CAF124D68 for <babel@ietf.org>; Fri, 9 Nov 2018 00:29:25 -0800 (PST)
Received: by mail-pg1-x52b.google.com with SMTP id y4so544491pgc.12 for <babel@ietf.org>; Fri, 09 Nov 2018 00:29:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:mime-version:in-reply-to:content-transfer-encoding :message-id:cc:from:subject:date:to; bh=19JQ3NuxB7l2XXQtPth9CjTocGqqZjNVrnXWwNCU+vM=; b=PTKhFwa6fHHaJY5tdL4KoSeF2hdBCNXcFCkbX5UukJDCWgi8BK9klcNls1xC4f6aD8 SJ4OkiYyzDa2vtUXMVKg1tfajy6/2ud63o+xhP5yCmf6jJxhZL3C30hlIJRLIB0e7yaL u6Mev/8H3uBW85bpb3BSJU4F3er0nlidA+/NKa8b1YVqDL/84Cd55Uvu77hEjjA6djkw Hduv5ckPPsCQEKBZSYIX8dWXV8jvGpy1kaOlHOgG4aeOMQjAKYA1ARtjdwP0IUoXBU64 GtsHXixgK4jVPQAo9+20LWejdhDREQdSW38t0pVqnHlpJYTLpLLo5zZ4OL1n0Us6lq55 qDKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:mime-version:in-reply-to :content-transfer-encoding:message-id:cc:from:subject:date:to; bh=19JQ3NuxB7l2XXQtPth9CjTocGqqZjNVrnXWwNCU+vM=; b=YvYB0zmScBHlo6F+w3/ur+sHnbJ7ACJhdeVolbKMG2ukWmhimhhvzk5Jbefw5M7X7d dLQnmABJLvW4BDlvu1O/i57fT4zbVyLw7xOEcxq4xqvxVr6zDBeZ7ueJ4k83zHb+PxNQ MHTxCRLUMBncinXAP92/0RrcqumcBNhsW4Fq28Qo2ftrnnOwrkoqyqrMiNO5FoxyUW4G LDd08YoZcL9yRWSv0m0ZxWRUZwVXzdjeAbCLxfhW5YFTdmrGy8v+C/3ni/uL6Lnv29cN RQqL6XIXCqBBo82MkP0YPSBGd8rJVXmbb25OWTtIMS2rgJEpEN/KX9n8YlTplW7XVbP8 YA7w==
X-Gm-Message-State: AGRZ1gJosMhsSbWk7mnHvX39wFtySXOgPqVaOniMpZ6Y4vpro0lKRIkL bFY+NwSkDnIQK16SIuDVClEwxiS0Z/3rYA==
X-Google-Smtp-Source: AJdET5c6605IV75wjzyJfxwq7F3ukh6iDLi8X/0ziwAaNlXurli30gz6wVZaufYyP7c7ypTHg4dmDQ==
X-Received: by 2002:a63:4d0e:: with SMTP id a14mr3734023pgb.408.1541752164979; Fri, 09 Nov 2018 00:29:24 -0800 (PST)
Received: from [192.168.0.110] ([183.182.110.3]) by smtp.gmail.com with ESMTPSA id r81-v6sm10875794pfa.110.2018.11.09.00.29.24 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 09 Nov 2018 00:29:24 -0800 (PST)
References: <87tvktjfq3.wl-jch@irif.fr>
Mime-Version: 1.0 (1.0)
In-Reply-To: <87tvktjfq3.wl-jch@irif.fr>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <1E65766B-72D2-4826-A9F7-AD226FE6E242@gmail.com>
Cc: babel@ietf.org
X-Mailer: iPad Mail (13G36)
From: Mahesh Jethanandani <mjethanandani@gmail.com>
Date: Fri, 09 Nov 2018 15:29:22 +0700
To: Juliusz Chroboczek <jch@irif.fr>
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/GfrFRlTyfk5QMv6H1hoaN5kI9vY>
Subject: Re: [babel] Information model and YANG: about HMAC
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Nov 2018 08:29:27 -0000
Hi Juliusz, My comments inline. > On Nov 7, 2018, at 6:21 PM, Juliusz Chroboczek <jch@irif.fr> wrote: > > My comment during the meeting, expanded. > > HMAC does not carry keys or algorithm identifiers on the wire: algorithm > and key are provisioned by means outside of the Babel protocol (currently > a configuration file, That is correct. > but we're working on implementing key rotation at > runtime), then only the results of the HMAC computation are sent on the > wire. There are and have been several efforts to define key rotation, specially in the now defunct KARP WG, but had a few drafts on this. Let me see if I can dig them up. > > Hence, the base protocol does not need a registry of HMAC algorithm > identifiers: the only place where HMAC algorithms appear is the config > file, and how they are expressed there is purely a local implementation > decision. I am not clear on what you mean by "expressed". I would agree that the HMAC algorithm is something that has to be expressed in YANG for configuration purposes, and also that it be the same for the two ends of the link. > > What the information model and YANG do is, among other things, to export > the configuration in an interoperable format. Hence, if we need to export > the HMAC keys, we'll need a registry of HMAC protocols. The "interoperable" format is the YANG model. There are models that define keychain, and even define some of the HMAC protocols. > > If we do, then the initial value should probably be just one entry: > HMAC-SHA256. Great. I will look to adding it. Thanks. > > -- Juliusz > > > > _______________________________________________ > babel mailing list > babel@ietf.org > https://www.ietf.org/mailman/listinfo/babel
- [babel] Information model and YANG: about HMAC Juliusz Chroboczek
- Re: [babel] Information model and YANG: about HMAC Mahesh Jethanandani