IETF Logo Mail Archive

Re: [babel] hmac info model elements

"STARK, BARBARA H" <bs7652@att.com> Mon, 07 January 2019 16:23 UTC

Return-Path: <bs7652@att.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26245130F0E for <babel@ietfa.amsl.com>; Mon, 7 Jan 2019 08:23:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FtSg-_-n6vTw for <babel@ietfa.amsl.com>; Mon, 7 Jan 2019 08:23:15 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90F4A130F04 for <babel@ietf.org>; Mon, 7 Jan 2019 08:23:15 -0800 (PST)
Received: from pps.filterd (m0049458.ppops.net [127.0.0.1]) by m0049458.ppops.net-00191d01. (8.16.0.22/8.16.0.22) with SMTP id x07GHXhN048329; Mon, 7 Jan 2019 11:23:14 -0500
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0049458.ppops.net-00191d01. with ESMTP id 2pv8x9tgy4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 07 Jan 2019 11:23:14 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x07GNCck017221; Mon, 7 Jan 2019 11:23:13 -0500
Received: from zlp30483.vci.att.com (zlp30483.vci.att.com [135.47.91.189]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x07GN5Gc017042; Mon, 7 Jan 2019 11:23:05 -0500
Received: from zlp30483.vci.att.com (zlp30483.vci.att.com [127.0.0.1]) by zlp30483.vci.att.com (Service) with ESMTP id E2EAF401468E; Mon, 7 Jan 2019 16:23:05 +0000 (GMT)
Received: from GAALPA1MSGHUBAD.ITServices.sbc.com (unknown [130.8.218.153]) by zlp30483.vci.att.com (Service) with ESMTPS id CF35F401466C; Mon, 7 Jan 2019 16:23:05 +0000 (GMT)
Received: from GAALPA1MSGUSRBF.ITServices.sbc.com ([169.254.5.5]) by GAALPA1MSGHUBAD.ITServices.sbc.com ([130.8.218.153]) with mapi id 14.03.0415.000; Mon, 7 Jan 2019 11:23:05 -0500
From: "STARK, BARBARA H" <bs7652@att.com>
To: 'Juliusz Chroboczek' <jch@irif.fr>
CC: 'Mahesh Jethanandani' <mjethanandani@gmail.com>, Babel at IETF <babel@ietf.org>
Thread-Topic: [babel] hmac info model elements
Thread-Index: AdSi6E9jJwLKz5kXQlCy2NNONpdJZQA7HaOAAB1GhjAAFlCHAAB9AEdg
Date: Mon, 07 Jan 2019 16:23:04 +0000
Message-ID: <2D09D61DDFA73D4C884805CC7865E6114DF8669E@GAALPA1MSGUSRBF.ITServices.sbc.com>
References: <2D09D61DDFA73D4C884805CC7865E6114DF7EECB@GAALPA1MSGUSRBF.ITServices.sbc.com> <91CABBA9-DFC0-48C5-9A36-E2B12FC376D9@gmail.com> <2D09D61DDFA73D4C884805CC7865E6114DF8354B@GAALPA1MSGUSRBF.ITServices.sbc.com> <87tvio2i9l.wl-jch@irif.fr>
In-Reply-To: <87tvio2i9l.wl-jch@irif.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.70.202.237]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-07_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=538 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901070142
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/Vk9ZUnDwUgPz1c8JV6NQrWKEK14>
Subject: Re: [babel] hmac info model elements
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jan 2019 16:23:17 -0000

Coming back to modeling of HMAC keys (and PSKs) after the weekend...

Juliusz said: "There's a third model -- locally generated from a passphrase on the local host (e.g. using a PSK)." 
<bhs> If I understand this correctly, this is actually what I thought we would be doing (though I would use the word "derived" instead of "generated", because "derive" to me implies the same result will always be had at the end of the derivation, while "generated" may have a random aspect). Example: WPA (for Wi-Fi, using SHA-1) uses an alphanumeric passphrase / pre-shared key (PSK) (and SSID) that are provided to Wi-Fi endpoints, somehow (various possible methods of providing). The PSK (and SSID) are first converted to Unicode representation of the alphanumeric characters, before being used to derive the HMAC-SHA1 key using the RFC 2898 PBKDF2 pseudorandom function. This is the model I've been envisioning would be used for babel (except we have SHA-256 instead of SHA-1). 

Toke said: "Bird uses an unencoded string..." 
<bhs> I'm not sure what "unencoded" means here? But this sounds like maybe the entered string is a "passphrase" / PSK, like what's used for Wi-Fi, which is then used to derive the HMAC key using Unicode encoding?

Dave wants hex or base64.
<bhs> By this, I'm thinking Dave is actually talking about the HMAC key itself (exactly 256 bits)?

Mahesh said: "RFC8177, YANG Key Chain, models keys as either string or hexadecimal".
<bhs> Now that I've been reading up on HMAC keys -- I think if we're modeling the actual key, it should be hex. If a PSK, then string.

If I'm understanding all of this, I think (?) I'm agreeing with Juliusz and that the info model should support supplying a string PSK, and it should be called something like "hmac-psk" so it's not confused with the HMAC key. We could also allow for supplying the actual HMAC key, which I think should be hex. I'm fine with or without supporting the actual HMAC key in the info model. I think PSK is important.
Barbara

> -----Original Message-----
> From: Juliusz Chroboczek <jch@irif.fr>
> Sent: Friday, January 04, 2019 5:03 PM
> To: STARK, BARBARA H <bs7652@att.com>
> Cc: 'Mahesh Jethanandani' <mjethanandani@gmail.com>; Babel at IETF
> <babel@ietf.org>
> Subject: Re: [babel] hmac info model elements
> 
> >> In my experience, these sorts of shared keys are modeled as strings.
> 
> >> I would think the keys are modeled as binary.
> 
> > That depends on how we generally expect the keys to be generated. If
> > we think they'll be randomly generated by a centralized machine, then
> > binary makes sense. If we think they'll be created by a human being
> > who will input them through a keyboard, then string makes sense. I was
> > thinking the latter would be more common. I'm curious what others think?
> 
> There's a third model -- locally generated from a passphrase on the local host
> (e.g. using a PSK).
> 
> -- Juliusz

v2.23.0 | Report a Bug | By Email