IETF Logo Mail Archive

Re: [babel] babel-hmac: key requirements

Juliusz Chroboczek <jch@irif.fr> Sat, 12 January 2019 14:42 UTC

Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 344F1124BAA for <babel@ietfa.amsl.com>; Sat, 12 Jan 2019 06:42:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P05VZzPRkZYp for <babel@ietfa.amsl.com>; Sat, 12 Jan 2019 06:42:37 -0800 (PST)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76AC5126C7E for <babel@ietf.org>; Sat, 12 Jan 2019 06:42:37 -0800 (PST)
Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id x0CEgRJJ000608 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 12 Jan 2019 15:42:27 +0100
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id x0CEgTQv007165; Sat, 12 Jan 2019 15:42:29 +0100
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 3FE6375D4C; Sat, 12 Jan 2019 15:42:33 +0100 (CET)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id VNUxIf4tMW00; Sat, 12 Jan 2019 15:42:31 +0100 (CET)
Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 1BF4F75D45; Sat, 12 Jan 2019 15:42:31 +0100 (CET)
Date: Sat, 12 Jan 2019 15:42:31 +0100
Message-ID: <87tvieueco.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Markus Stenberg <markus.stenberg@iki.fi>
Cc: BARBARA H STARK <bs7652@att.com>, Babel at IETF <babel@ietf.org>
In-Reply-To: <A2C6A38B-FD48-4C4B-BC7D-48A56996C95E@iki.fi>
References: <2D09D61DDFA73D4C884805CC7865E6114DF96321@GAALPA1MSGUSRBF.ITServices.sbc.com> <874laevyy4.wl-jch@irif.fr> <A2C6A38B-FD48-4C4B-BC7D-48A56996C95E@iki.fi>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Sat, 12 Jan 2019 15:42:27 +0100 (CET)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Sat, 12 Jan 2019 15:42:29 +0100 (CET)
X-Miltered: at korolev with ID 5C39FCD3.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-Miltered: at potemkin with ID 5C39FCD5.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5C39FCD3.000 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/<jch@irif.fr>
X-j-chkmail-Enveloppe: 5C39FCD5.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5C39FCD3.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Score: MSGID : 5C39FCD5.000 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/WREnyNkke1X0cH2ZLhIkaT5EBSM>
Subject: Re: [babel] babel-hmac: key requirements
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jan 2019 14:42:39 -0000

> Draft should possibly state that if passphrases are used, KDF of SOME
> SORT should be used, but the actual KDF is IMHO implementation matter
> and as long as all implementations can be configured with same bytes
> that come out of KDF they would interoperate.

So it looks like I should add something to the Security Considerations
section.  What about

  In addition to the above, the mechanism described in this draft relies
  on an attacker being unable to guess the HMAC key, whether by brute
  force or by other means.  Ideally, the HMAC key SHOULD be generated
  randomly using a strong random number generator [RFC4086] and
  distributed to the routers using some sufficiently secure mechanism
  (e.g., ssh [RFC4251]).  If the HMAC key is generated from user input (a
  "passphrase"), then the passphrase SHOULD NOT be stored on the
  individual routers: the key SHOULD be generated on a secure host using
  a sufficiently strong Key Derivation Function (KDF) RFC5869] [RFC6234]
  and, again, the resulting distributed to the routers using some
  sufficiently secure mechanism.  In order to make offline key generation
  practical, implementations SHOULD use the key provided by the user with
  no transformation of any kind.

v2.23.0 | Report a Bug | By Email