Re: [babel] Some open HMAC issues
Juliusz Chroboczek <jch@irif.fr> Mon, 02 July 2018 23:50 UTC
Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E25B5130EDD for <babel@ietfa.amsl.com>; Mon, 2 Jul 2018 16:50:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1AW3mpdhp_Xi for <babel@ietfa.amsl.com>; Mon, 2 Jul 2018 16:50:49 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE057130E1B for <babel@ietf.org>; Mon, 2 Jul 2018 16:50:48 -0700 (PDT)
Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/75695) with ESMTP id w62No3a1022855 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 3 Jul 2018 01:50:03 +0200
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/75695) with ESMTP id w62NoGQo024717; Tue, 3 Jul 2018 01:50:16 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id E9ABEEB22D; Tue, 3 Jul 2018 01:50:44 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id ljv0O-OExu8E; Tue, 3 Jul 2018 01:50:43 +0200 (CEST)
Received: from trurl.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id D9322EB200; Tue, 3 Jul 2018 01:50:43 +0200 (CEST)
Date: Tue, 03 Jul 2018 01:50:43 +0200
Message-ID: <87po05p57w.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: David Schinazi <dschinazi@apple.com>
Cc: babel@ietf.org
In-Reply-To: <375EE128-E5F3-487C-9A9E-89A8C976489F@apple.com>
References: <87sh545st3.wl-jch@irif.fr> <411E2C9F-A910-4899-8DD7-92C0C85EBC54@apple.com> <87sh523xy8.wl-jch@irif.fr> <7E5E0D4C-0049-47D1-ACFA-31EA0F843237@apple.com> <87d0w5ingo.fsf@toke.dk> <375EE128-E5F3-487C-9A9E-89A8C976489F@apple.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Tue, 03 Jul 2018 01:50:03 +0200 (CEST)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Tue, 03 Jul 2018 01:50:16 +0200 (CEST)
X-Miltered: at korolev with ID 5B3ABA2B.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-Miltered: at potemkin with ID 5B3ABA38.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5B3ABA2B.000 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/<jch@irif.fr>
X-j-chkmail-Enveloppe: 5B3ABA38.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5B3ABA2B.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Score: MSGID : 5B3ABA38.000 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/TlegalDJ8CRnzrNdYgCCMVhF3Xg>
Subject: Re: [babel] Some open HMAC issues
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jul 2018 23:50:54 -0000
>> But why is it needed? It's just one more thing to configure, which makes >> configuration more verbose and prone to errors... > Without a KeyID, the receiving complexity is proportional to the number of > configured keys. That means that nodes configured with n keys not > only spend O(n) times more CPU per received packet, Where n is just the number of keys configured, and not something an attacker can control (see Sections 1.1 and 4.3 of draft-do-babel-hmac). In practice, I expect n to be usually just 1, and at most 2 during key rotation. Without an explicit KeyID, the set of keys is just a set -- it can be implemented for example as a directory of keys, where adding a new key is just an scp to the directory, or it can be implemented as a set of TLVs flooded by HNCP, where adding a key consists in flooding a new TLV. If you have an explicit KeyID, then you need to make sure that the KeyID is consistent among all of the routers in a given security domain. You can no longer just scp the key, you need to pick a KeyID that is currently unused. If you're using an automated distribution protocol, then the protocol must be able to choose a KeyID that is currently unused not only by nodes that participate in said protocol, but also by nodes that don't. Worse is better, David. It is better to have a protocol that has a slight inefficiency but is easy to deploy and to manage, than a protocol that is slightly more efficient but that nobody will want to deploy because of the very significant complications due to the KeyID. -- Juliusz
- Re: [babel] Some open HMAC issues Markus Stenberg
- [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues David Schinazi
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues David Schinazi
- Re: [babel] Some open HMAC issues David Schinazi
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues David Schinazi
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues Dave Taht
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues David Schinazi
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues David Schinazi
- [babel] Packet trailer [was: Some open HMAC issue… Juliusz Chroboczek
- Re: [babel] Packet trailer [was: Some open HMAC i… David Schinazi
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Packet trailer [was: Some open HMAC i… Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen