Re: [babel] hmac info model elements
"STARK, BARBARA H" <bs7652@att.com> Fri, 04 January 2019 16:22 UTC
Return-Path: <bs7652@att.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 784D5130E0C for <babel@ietfa.amsl.com>; Fri, 4 Jan 2019 08:22:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fo2UsdNv74A5 for <babel@ietfa.amsl.com>; Fri, 4 Jan 2019 08:22:41 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0a-00191d01.pphosted.com [67.231.149.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF8A2130E0F for <babel@ietf.org>; Fri, 4 Jan 2019 08:22:41 -0800 (PST)
Received: from pps.filterd (m0048589.ppops.net [127.0.0.1]) by m0048589.ppops.net-00191d01. (8.16.0.22/8.16.0.22) with SMTP id x04GG9DH046432; Fri, 4 Jan 2019 11:22:33 -0500
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0048589.ppops.net-00191d01. with ESMTP id 2ptafmgwcn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 04 Jan 2019 11:22:33 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x04GMVop002867; Fri, 4 Jan 2019 11:22:31 -0500
Received: from zlp30484.vci.att.com (zlp30484.vci.att.com [135.47.91.179]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x04GMTZ1002856; Fri, 4 Jan 2019 11:22:29 -0500
Received: from zlp30484.vci.att.com (zlp30484.vci.att.com [127.0.0.1]) by zlp30484.vci.att.com (Service) with ESMTP id D91D74013D2E; Fri, 4 Jan 2019 16:22:29 +0000 (GMT)
Received: from GAALPA1MSGHUBAH.ITServices.sbc.com (unknown [130.8.218.157]) by zlp30484.vci.att.com (Service) with ESMTPS id C49B44013D2F; Fri, 4 Jan 2019 16:22:29 +0000 (GMT)
Received: from GAALPA1MSGUSRBF.ITServices.sbc.com ([169.254.5.5]) by GAALPA1MSGHUBAH.ITServices.sbc.com ([130.8.218.157]) with mapi id 14.03.0415.000; Fri, 4 Jan 2019 11:22:29 -0500
From: "STARK, BARBARA H" <bs7652@att.com>
To: 'Juliusz Chroboczek' <jch@irif.fr>
CC: Babel at IETF <babel@ietf.org>
Thread-Topic: [babel] hmac info model elements
Thread-Index: AdSi6E9jJwLKz5kXQlCy2NNONpdJZQA09T8AACFGxRA=
Date: Fri, 04 Jan 2019 16:22:29 +0000
Message-ID: <2D09D61DDFA73D4C884805CC7865E6114DF83139@GAALPA1MSGUSRBF.ITServices.sbc.com>
References: <2D09D61DDFA73D4C884805CC7865E6114DF7EECB@GAALPA1MSGUSRBF.ITServices.sbc.com> <87o98xlhmr.wl-jch@irif.fr>
In-Reply-To: <87o98xlhmr.wl-jch@irif.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.70.254.227]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-04_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901040141
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/JZntXpiL2Q2FqbV1IqEDEqrAplI>
Subject: Re: [babel] hmac info model elements
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2019 16:22:44 -0000
> > Multiple HMAC algorithms are possible. The draft doesn't say how the > > nodes know which algorithm is being used (if multiple are implemented). > > It's a local configuration issue, and therefore out of scope for the protocol > description. > > > The draft does say that only one HMAC is calculated per key. Is it > > assumed the algorithm choice is configured? > > Yes. Good -- I wasn't suggesting it should be in the protocol description. I was just reading through the draft to find things that might need to be configured and therefore supported in the info model. It sounds like we agree HMAC algorithm selection is such a thing. 😊 > > Should the challenge expiry timer be configurable? > > No. It's an implementation detail, and any value between a few seconds and > a few minutes will do. Good. I didn't really think so either but wanted to check. > > security-hmac-obj > > [...] > > > security-interfaces (string list of references to interfaces-obj: the > > interfaces this instance applies to; if empty, it applies to all > > interfaces) > > Hmm... that got me confused for a while, but I see what you're doing here. Good? My goal is to make it easy for a simple implementation to just support HMAC either enabled (on all interfaces) or disabled, with a single set of keys; but to allow for implementations where HMAC can be enabled/disabled per interface (or set of interfaces) and with different keys per interface (set). Even with the more complex implementation, it should still be easy to enable HMAC across all interfaces with a single set of keys. The simple implementation wouldn't even need to implement the security-interfaces parameter -- where absence of the parameter means the same thing as an empty string (i.e., this instance of the HMAC security object applies to all interfaces). > > security-add-hmac-key (operation: inputs (reference name, key)) > > hmac-key-obj > > key-name (string: reference name) > > key-date (datetime: timestamp when key was added) > > Please make key-date optional. Yes, I agree. Barbara > -- Juliusz
- [babel] hmac info model elements STARK, BARBARA H
- Re: [babel] hmac info model elements Juliusz Chroboczek
- Re: [babel] hmac info model elements Toke Høiland-Jørgensen
- Re: [babel] hmac info model elements Mahesh Jethanandani
- Re: [babel] hmac info model elements STARK, BARBARA H
- Re: [babel] hmac info model elements STARK, BARBARA H
- Re: [babel] hmac info model elements STARK, BARBARA H
- Re: [babel] hmac info model elements Dave Taht
- Re: [babel] hmac info model elements Toke Høiland-Jørgensen
- Re: [babel] hmac info model elements Toke Høiland-Jørgensen
- Re: [babel] hmac info model elements Juliusz Chroboczek
- Re: [babel] hmac info model elements Mahesh Jethanandani
- Re: [babel] hmac info model elements Mahesh Jethanandani
- Re: [babel] hmac info model elements STARK, BARBARA H
- Re: [babel] hmac info model elements Toke Høiland-Jørgensen
- Re: [babel] hmac info model elements Dave Taht
- Re: [babel] hmac info model elements Toke Høiland-Jørgensen
- Re: [babel] hmac info model elements STARK, BARBARA H
- Re: [babel] hmac info model elements Toke Høiland-Jørgensen