[babel] Information model and YANG: about HMAC
Juliusz Chroboczek <jch@irif.fr> Wed, 07 November 2018 11:21 UTC
Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 285C3129619 for <babel@ietfa.amsl.com>; Wed, 7 Nov 2018 03:21:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M-youFshVauz for <babel@ietfa.amsl.com>; Wed, 7 Nov 2018 03:21:12 -0800 (PST)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4474128CF2 for <babel@ietf.org>; Wed, 7 Nov 2018 03:21:11 -0800 (PST)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id wA7BL4VX021658 for <babel@ietf.org>; Wed, 7 Nov 2018 12:21:04 +0100
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 593EB59A4B for <babel@ietf.org>; Wed, 7 Nov 2018 12:21:10 +0100 (CET)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id GGLM_Jl6W0ny for <babel@ietf.org>; Wed, 7 Nov 2018 12:21:08 +0100 (CET)
Received: from lanthane.irif.fr (unknown [172.23.36.89]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 6507B59A48 for <babel@ietf.org>; Wed, 7 Nov 2018 12:21:08 +0100 (CET)
Date: Wed, 07 Nov 2018 12:21:08 +0100
Message-ID: <87tvktjfq3.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: babel@ietf.org
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Wed, 07 Nov 2018 12:21:04 +0100 (CET)
X-Miltered: at korolev with ID 5BE2CAA0.001 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5BE2CAA0.001 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5BE2CAA0.001 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/VtlGPwuJFz5c0G2CdQRGp-pM0to>
Subject: [babel] Information model and YANG: about HMAC
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2018 11:21:13 -0000
My comment during the meeting, expanded. HMAC does not carry keys or algorithm identifiers on the wire: algorithm and key are provisioned by means outside of the Babel protocol (currently a configuration file, but we're working on implementing key rotation at runtime), then only the results of the HMAC computation are sent on the wire. Hence, the base protocol does not need a registry of HMAC algorithm identifiers: the only place where HMAC algorithms appear is the config file, and how they are expressed there is purely a local implementation decision. What the information model and YANG do is, among other things, to export the configuration in an interoperable format. Hence, if we need to export the HMAC keys, we'll need a registry of HMAC protocols. If we do, then the initial value should probably be just one entry: HMAC-SHA256. -- Juliusz
- [babel] Information model and YANG: about HMAC Juliusz Chroboczek
- Re: [babel] Information model and YANG: about HMAC Mahesh Jethanandani