Re: [babel] babel-hmac: key requirements
"STARK, BARBARA H" <bs7652@att.com> Mon, 14 January 2019 17:02 UTC
Return-Path: <bs7652@att.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03D9E1311B7 for <babel@ietfa.amsl.com>; Mon, 14 Jan 2019 09:02:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.601
X-Spam-Level:
X-Spam-Status: No, score=-0.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_DYNAMIC=2, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ivIeOW57Lzha for <babel@ietfa.amsl.com>; Mon, 14 Jan 2019 09:02:29 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 868141311B6 for <babel@ietf.org>; Mon, 14 Jan 2019 09:02:29 -0800 (PST)
Received: from pps.filterd (m0049463.ppops.net [127.0.0.1]) by m0049463.ppops.net-00191d01. (8.16.0.22/8.16.0.22) with SMTP id x0EGvBDA018916; Mon, 14 Jan 2019 12:02:28 -0500
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0049463.ppops.net-00191d01. with ESMTP id 2q0wnt1epc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 14 Jan 2019 12:02:28 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x0EH2Rmf012611; Mon, 14 Jan 2019 12:02:28 -0500
Received: from zlp30484.vci.att.com (zlp30484.vci.att.com [135.47.91.179]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x0EH2OBJ012517; Mon, 14 Jan 2019 12:02:24 -0500
Received: from zlp30484.vci.att.com (zlp30484.vci.att.com [127.0.0.1]) by zlp30484.vci.att.com (Service) with ESMTP id 26B784013D3B; Mon, 14 Jan 2019 17:02:24 +0000 (GMT)
Received: from GAALPA1MSGHUBAE.ITServices.sbc.com (unknown [130.8.218.154]) by zlp30484.vci.att.com (Service) with ESMTPS id 13C1D4013D3A; Mon, 14 Jan 2019 17:02:24 +0000 (GMT)
Received: from GAALPA1MSGUSRBF.ITServices.sbc.com ([169.254.5.203]) by GAALPA1MSGHUBAE.ITServices.sbc.com ([130.8.218.154]) with mapi id 14.03.0415.000; Mon, 14 Jan 2019 12:02:23 -0500
From: "STARK, BARBARA H" <bs7652@att.com>
To: 'Juliusz Chroboczek' <jch@irif.fr>
CC: Babel at IETF <babel@ietf.org>
Thread-Topic: [babel] babel-hmac: key requirements
Thread-Index: AdSpKuuhWh3uIPf3TSyfFq2fmw6nrABcdjuAAFt168A=
Date: Mon, 14 Jan 2019 17:02:22 +0000
Message-ID: <2D09D61DDFA73D4C884805CC7865E6114DF9BFAF@GAALPA1MSGUSRBF.ITServices.sbc.com>
References: <2D09D61DDFA73D4C884805CC7865E6114DF96321@GAALPA1MSGUSRBF.ITServices.sbc.com> <874laevyy4.wl-jch@irif.fr>
In-Reply-To: <874laevyy4.wl-jch@irif.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.70.250.162]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-14_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901140139
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/WebG6l5VV5AcYTtms9rAgh6MSzY>
Subject: Re: [babel] babel-hmac: key requirements
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jan 2019 17:02:31 -0000
My goal in this discussion is: 1. Getting rid of ambiguity in HMAC key format that is accepted as an input to a babel-hmac implementation on a device. 2. Understand how human beings are expected to interact with getting keys into an implementation, and making sure these expectations are reasonable. .... > Computation of the key should not happen on the router -- the router > should be given the computed key, and any secrets used to compute the key > should not be distributed on the routers. For example, if the key is obtained > by hashing a passphrase, then the original passphrase should not be stored > on the router. Similarly, if the key is drawn randomly (e.g. by an automated > key distribution protocol), then the PRNG state should not be exposed to the > routers. I'm fine with this, if this is the approach everyone agrees on. But the current draft makes no mention of this expectation, which has resulted in Toke's implementation accepting direct entry of a string it interprets as ASCII and will subsequently hash if the string is longer than the length of the hash (which is inconsistent with the above expectation). I don't blame Toke for doing this -- it seems perfectly reasonable given the lack of specification in the draft and the available tools. I'd like the expectations on the HMAC Key to be easily found by someone scanning the table of contents. Here is a suggestion: Insert new 2nd level header below 3 (Data Structures) ## The HMAC Key The HMAC Key is the exact cryptographic key used with the hash algorithm. How the HMAC Key is provided (e.g., a configuration protocol, a user interface, a separate application that includes a computation algorithm, etc.) is outside the scope of this specification. The provided HMAC Key MUST NOT be modified in any way prior to use with the hash algorithm. ... > If you believe that the key derivation procedure should be described, then > this should happen in a separate draft (that can be used with both Babel- > HMAC and OSPF static keying), or perhaps in an informative appendix to this > draft. In that case, we'd need to consult a cryptographer in order to select a > safe KDF. No, I don't think that's needed, and I don't think we have anything to say about OSPF static keying. What I do think is needed is a lack of ambiguity around what the "HMAC Key" is and a statement that no modification of the provided HMAC Key is permitted. If that's the approach being taken. Barbara
- [babel] babel-hmac: key requirements STARK, BARBARA H
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements Markus Stenberg
- Re: [babel] babel-hmac: key requirements Markus Stenberg
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements STARK, BARBARA H
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements STARK, BARBARA H
- Re: [babel] babel-hmac: key requirements Toke Høiland-Jørgensen
- [babel] (no subject) Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements STARK, BARBARA H
- Re: [babel] babel-hmac: key requirements Juliusz Chroboczek
- Re: [babel] babel-hmac: key requirements STARK, BARBARA H