IETF Logo Mail Archive

Re: [babel] info-model: preparing -09 on github

"STARK, BARBARA H" <bs7652@att.com> Fri, 16 August 2019 20:56 UTC

Return-Path: <bs7652@att.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2394D12086C for <babel@ietfa.amsl.com>; Fri, 16 Aug 2019 13:56:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d_3QNF3-ukpd for <babel@ietfa.amsl.com>; Fri, 16 Aug 2019 13:56:32 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEC76120899 for <babel@ietf.org>; Fri, 16 Aug 2019 13:56:31 -0700 (PDT)
Received: from pps.filterd (m0083689.ppops.net [127.0.0.1]) by m0083689.ppops.net-00191d01. (8.16.0.27/8.16.0.27) with SMTP id x7GKmG1v021150; Fri, 16 Aug 2019 16:56:28 -0400
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0083689.ppops.net-00191d01. with ESMTP id 2ue2pt2494-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 16 Aug 2019 16:56:19 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x7GKta5b014735; Fri, 16 Aug 2019 16:55:36 -0400
Received: from zlp30488.vci.att.com (zlp30488.vci.att.com [135.47.91.93]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x7GKtU31014604 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 16 Aug 2019 16:55:30 -0400
Received: from zlp30488.vci.att.com (zlp30488.vci.att.com [127.0.0.1]) by zlp30488.vci.att.com (Service) with ESMTP id 9954E4009E7B; Fri, 16 Aug 2019 20:55:30 +0000 (GMT)
Received: from GAALPA1MSGHUBAC.ITServices.sbc.com (unknown [130.8.218.152]) by zlp30488.vci.att.com (Service) with ESMTPS id 8372A4009E65; Fri, 16 Aug 2019 20:55:30 +0000 (GMT)
Received: from GAALPA1MSGUSRBF.ITServices.sbc.com ([169.254.5.177]) by GAALPA1MSGHUBAC.ITServices.sbc.com ([130.8.218.152]) with mapi id 14.03.0439.000; Fri, 16 Aug 2019 16:55:30 -0400
From: "STARK, BARBARA H" <bs7652@att.com>
To: 'David Schinazi' <dschinazi.ietf@gmail.com>
CC: "'babel@ietf.org'" <babel@ietf.org>, 'Juliusz Chroboczek' <jch@irif.fr>
Thread-Topic: [babel] info-model: preparing -09 on github
Thread-Index: AdVSswKr0W4Y1vOsQfS00DtIY7BoYgAM83CAAAdXLCD//+jbAP//C3uggAKFBgCAAUiwgP//9U3QgABlNYCAAD+U0A==
Date: Fri, 16 Aug 2019 20:55:29 +0000
Message-ID: <2D09D61DDFA73D4C884805CC7865E6114E27A10F@GAALPA1MSGUSRBF.ITServices.sbc.com>
References: <2D09D61DDFA73D4C884805CC7865E6114E2694DE@GAALPA1MSGUSRBF.ITServices.sbc.com> <87ftm3u0a6.wl-jch@irif.fr> <2D09D61DDFA73D4C884805CC7865E6114E269981@GAALPA1MSGUSRBF.ITServices.sbc.com> <87blwrtudx.wl-jch@irif.fr> <2D09D61DDFA73D4C884805CC7865E6114E275E65@GAALPA1MSGUSRBF.ITServices.sbc.com> <CAPDSy+4+46nUbUF=C-U1Jvw2QDZMRZ9-vXrRVwh71y8ne6e0Mg@mail.gmail.com> <87pnl5i25g.wl-jch@irif.fr> <2D09D61DDFA73D4C884805CC7865E6114E279DAD@GAALPA1MSGUSRBF.ITServices.sbc.com> <CAPDSy+53ZM1YBe2mRhRUqYf3V4-DuL5NY_eS9Nwi0sCCmPTTLA@mail.gmail.com>
In-Reply-To: <CAPDSy+53ZM1YBe2mRhRUqYf3V4-DuL5NY_eS9Nwi0sCCmPTTLA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.10.216.153]
Content-Type: multipart/alternative; boundary="_000_2D09D61DDFA73D4C884805CC7865E6114E27A10FGAALPA1MSGUSRBF_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-08-16_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1908160211
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/NwCZtZAEzQZ0S2Rpr1KP5SmdmRk>
Subject: Re: [babel] info-model: preparing -09 on github
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Aug 2019 20:56:39 -0000

I think it may be useful to put some additional text in the info-model security considerations (similar to what Juliusz suggests for babel-hmac).
Following are some of the points:

  *   Explain that using ASCII from user-input text as a MAC key for production systems isn’t recommended.
  *   Length of keys for HMAC algorithms is restricted to the block size for the algorithm, because the algorithm will simply hash a longer key down to the block size.
  *   Zero length keys are a really bad idea for a production system, but are supported for testing purposes.
  *   Current recommended best practices from NIST are to use length of at least 16 bytes for SHA-256. It’s a good idea to identify and use best practice recommendations for key length and complexity.
  *   Read babel-hmac and specifications defining MAC algorithm for additional security advice around keys.
  *   Read babel-dtls and DTLS specifications for additional security advice in using DTLS.

Barbara

From: babel <babel-bounces@ietf.org> On Behalf Of David Schinazi
Sent: Friday, August 16, 2019 4:27 PM
To: STARK, BARBARA H <bs7652@att.com>
Cc: babel@ietf.org; Juliusz Chroboczek <jch@irif.fr>
Subject: Re: [babel] info-model: preparing -09 on github

I'm getting a sense that I'm in the rough here. I don't feel too strongly about this issue, and I can live with this choice even though it's not my favorite. Thanks for letting me say my piece, and considering it as an option.

David

On Fri, Aug 16, 2019 at 12:42 PM STARK, BARBARA H <bs7652@att.com<mailto:bs7652@att.com>> wrote:
> Barbara suggested:
>
> > This value is of a length suitable for the associated
> > babel-mac-key-algorithm.  If the algorithm is based on the HMAC
> > construction, the length MUST be between 0 and the block size of the
> > underlying hash inclusive (where "HMAC-SHA256" block size is 64 bytes
> > as described in {{RFC4868}}).  If the algorithm is "BLAKE2s", the
> > length MUST be between 0 and 32 bytes inclusive, as described in
> {{RFC7693}}.
>
> I fully support this formulation.

I'm happy to go with this. I'm putting it in my editor's copy.
Barbara

v2.23.0 | Report a Bug | By Email