Re: [babel] Alissa Cooper's Discuss on draft-ietf-babel-rfc6126bis-12: (with DISCUSS and COMMENT)
Juliusz Chroboczek <jch@irif.fr> Sat, 10 August 2019 02:35 UTC
Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0341012016E; Fri, 9 Aug 2019 19:35:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZSs9eiQOWhp; Fri, 9 Aug 2019 19:35:36 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D94C3120120; Fri, 9 Aug 2019 19:35:35 -0700 (PDT)
Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id x7A2ZP1W021970 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 10 Aug 2019 04:35:25 +0200
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id x7A2ZPdV018926; Sat, 10 Aug 2019 04:35:25 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id C0FC0350DE; Sat, 10 Aug 2019 04:35:27 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id X2zXmOGtPPec; Sat, 10 Aug 2019 04:35:26 +0200 (CEST)
Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 6D379350DB; Sat, 10 Aug 2019 04:35:26 +0200 (CEST)
Date: Sat, 10 Aug 2019 04:35:26 +0200
Message-ID: <87tvap7no1.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Alissa Cooper <alissa@cooperw.in>
Cc: The IESG <iesg@ietf.org>, draft-ietf-babel-rfc6126bis@ietf.org, d3e3e3@gmail.com, babel-chairs@ietf.org, babel@ietf.org
In-Reply-To: <156526956251.7467.592630566164228470.idtracker@ietfa.amsl.com>
References: <156526956251.7467.592630566164228470.idtracker@ietfa.amsl.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Sat, 10 Aug 2019 04:35:25 +0200 (CEST)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Sat, 10 Aug 2019 04:35:25 +0200 (CEST)
X-Miltered: at korolev with ID 5D4E2D6D.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-Miltered: at potemkin with ID 5D4E2D6D.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5D4E2D6D.000 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/<jch@irif.fr>
X-j-chkmail-Enveloppe: 5D4E2D6D.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5D4E2D6D.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Score: MSGID : 5D4E2D6D.000 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/ZWHrcJYY39PRkyMJzLd92wm5wyY>
Subject: Re: [babel] Alissa Cooper's Discuss on draft-ietf-babel-rfc6126bis-12: (with DISCUSS and COMMENT)
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Aug 2019 02:35:38 -0000
Dear Alissa,
> I support Roman's DISCUSS.
There are no less than 7 points raised by Roman in his Discuss. We have
tried our best to answer them, please let us know which are the ones you
feel strongly about and whether you feel we have answered them to your
satisfaction.
> I'm also unclear on the over-arching recommendation this document is
> making for securely deploying this protocol. Given that the protocol
> itself is insecure, I would have expected some normative requirement for
> correcting that (e.g., Minimally, Babel deployments MUST be secured
> using a lower-layer security mechanism, Babel over DTLS, or HMAC-based
> authentication.) This still would not bring it into line with BCP 61
> Section 7, but perhaps there is some argument for making an exception
> for this protocol.
Section 6 of RFC 6126bis describes the two inline security mechanisms
developed for Babel (Babel-DTLS and Babel-HMAC), and recommends that
Babel-HMAC should be used in preference to Babel-DTLS unless
confidentiality or asymmetric keying is required.
We do not think, however, that marking either of these protocols as MTI
would have a positive outcome, either for the security of the Internet,
for the Babel protocol, the Babel standardisation process, or the already
somewhat frayed reputation of the IETF in the free software community.
Please let me give you some background. Our decision to go to IETF for
standardisation was criticised by part of our user base, who felt that it
would push the protocol in a direction that is not directly useful to
them. Indeed, before Babel became an IETF protocol, its development was
driven by the needs of our users. While this is still the case to a great
extent, going to the IETF has meant that we had to suspend development of
Babel for many months while we worked on Babel-DTLS and Babel-HMAC, that
were both developed not to meed the needs of our user community, but
solely to satisfy the requirements of the IETF and the potential future
needs of the IETF Homenet WG.
Babel-DTLS and Babel-HMAC have been duly developed, implemented and
documented in the form of their respective internet-drafts. We have made
the code publicly available, and are encouraging our users to consider
with the new technologies.
However, we do not feel entitled to impose any more on our users. If the
Babel user community decide that they do not want to carry code for
security protocols that they are not using, there is nothing we can do to
force them. Thus, making either security protocol MTI at this time would
have one of the following consequences:
- it would either force a majority of our users to carry code that they
do not use, which would fail to improve security in any significant
way but cause further resentment against us and against the IETF; or
- it would force a majority of the deployed implementations of Babel to
become non-compliant, with no improvement security but with
a resulting dilution of the authority of the IETF.
Either outcome would fail to improve security in any meaningul way, while
being bad for us, bad for our users, and bad for the reputation of the
IETF. For this reason, we respectfully request that this document should
be allowed to advance without either protocol being marked mandatory to
implement.
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> I support Suresh's DISCUSS.
I have tried to answer it.
> An explanation of why this document obsoletes RFC 6126 and RFC 7557 needs to
> appear in the introduction of this document.
Could you please give me an example of suitable text?
> Section 3.2.3: It's a bit odd that the Multicast Hello is introduced here but
> the difference between the two kinds of hellos is not explained until Section
> 3.4.1. It makes me wonder if 3.2 should come after 3.4.
Section 3.2 defines the (conceptual) data structures. The reset of
Section 3 describes how they are used. There are many more instances of
data structures that are defined in Section 3.2 and not used until later.
> Section 3.6: s/is not left-distributive Section 3.5.2/is not left-distributive
> (Section 3.5.2)/
Fixed.
> Appendix C: This section should be in the body of the document.
(This is now Appendix D.)
This is an informative section, and is of no interest to implementers of
the base protocol. I believe it should remain an appendix.
-- Juliusz
- [babel] Alissa Cooper's Discuss on draft-ietf-bab… Alissa Cooper via Datatracker
- Re: [babel] Alissa Cooper's Discuss on draft-ietf… Juliusz Chroboczek