Re: [babel] babel-hmac: key requirements
Toke Høiland-Jørgensen <toke@toke.dk> Tue, 15 January 2019 21:36 UTC
Return-Path: <toke@toke.dk>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73521130F18 for <babel@ietfa.amsl.com>; Tue, 15 Jan 2019 13:36:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=toke.dk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mogZ0wK3laCF for <babel@ietfa.amsl.com>; Tue, 15 Jan 2019 13:36:02 -0800 (PST)
Received: from mail.toke.dk (mail.toke.dk [IPv6:2a00:7660:6da:2001::664]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1C62130F13 for <babel@ietf.org>; Tue, 15 Jan 2019 13:36:01 -0800 (PST)
From: Toke Høiland-Jørgensen <toke@toke.dk>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1547588157; bh=4VvHZ0UL9oWz9RKwtF/YEQj8Sl+LSVZQ/kjprTJWIf8=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=mm3lpaTth7ExM1iMrBPuxwcg4rzelCK1hkRwu2OiJeb8GucmGLl0dxva8YHgJkX5c AzfzGteYr7RV1KMOq5xJYnglJbXbZB37zDoRmgOM/txZ0EdR8vjO/R4pJydZIQ/GfC 3HFgsxP+Ldi7IapjjzNrX8gBWehdkmtV05m6kxbp+jkn7/lTKF1wAYmkTp33X3OTp6 3XrNDGFp66yItcfjCPsIpu0G9a6fFpFrxOUAfWOeEoFq2hgyFTlqjm5AHOEsuedkJY AbGhiMN4x4sG8UTrt+NHe4woIFWsTkUUkDdaH26F5WrMjPcchpD5ItwNO1p5jbH+PW OIXjICx3oz9Aw==
To: "STARK, BARBARA H" <bs7652@att.com>, 'Juliusz Chroboczek' <jch@irif.fr>
Cc: Babel at IETF <babel@ietf.org>
In-Reply-To: <2D09D61DDFA73D4C884805CC7865E6114DF9E3B4@GAALPA1MSGUSRBF.ITServices.sbc.com>
References: <2D09D61DDFA73D4C884805CC7865E6114DF96321@GAALPA1MSGUSRBF.ITServices.sbc.com> <874laevyy4.wl-jch@irif.fr> <2D09D61DDFA73D4C884805CC7865E6114DF9BFAF@GAALPA1MSGUSRBF.ITServices.sbc.com> <87o98hbt9j.wl-jch@irif.fr> <2D09D61DDFA73D4C884805CC7865E6114DF9E3B4@GAALPA1MSGUSRBF.ITServices.sbc.com>
Date: Tue, 15 Jan 2019 22:35:53 +0100
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <87k1j5ob7q.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/JlbS9_kQ8Vac_7Zw38K291INIyY>
Subject: Re: [babel] babel-hmac: key requirements
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2019 21:36:05 -0000
"STARK, BARBARA H" <bs7652@att.com> writes: >> > The provided HMAC Key MUST NOT be modified in any way prior to use >> > with the hash algorithm. >> >> Which draft are we speaking about? The management draft or the HMAC >> draft? > > The HMAC draft. > >>From your comments, it seems that the "HMAC Key" referenced throughout >>babel-hmac is the exact set of bits used to compute the HMAC. If this >>is true, then this is an important fact that is not currently obvious >>from reading the draft. So the HMAC Key that is an input to an >>implementation of this spec must not be modified by the implementation >>prior to use. > > An implementation of babel-hmac that hashes a provided HMAC Key value > longer than the length of the hash must be considered in violation of > the babel-hmac spec. So this means you want to specify that a key MUST be exactly (or at most?) $blocksize bytes long? > Any user interface that accepts input of ASCII characters to generate > an HMAC Key must be separate from the babel-hmac implementation. How do you define "separate from"? -Toke
- [babel] babel-hmac: key requirements STARK, BARBARA H
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements Markus Stenberg
- Re: [babel] babel-hmac: key requirements Markus Stenberg
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements STARK, BARBARA H
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements STARK, BARBARA H
- Re: [babel] babel-hmac: key requirements Toke Høiland-Jørgensen
- [babel] (no subject) Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements STARK, BARBARA H
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements STARK, BARBARA H