IETF Logo Mail Archive

Re: [babel] Comments on the MAC authentication for Babel draft

Antonin Décimo <antonin.decimo@gmail.com> Wed, 26 August 2020 12:22 UTC

Return-Path: <antonin.decimo@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70EE73A122F for <babel@ietfa.amsl.com>; Wed, 26 Aug 2020 05:22:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7A9AIH1bjuig for <babel@ietfa.amsl.com>; Wed, 26 Aug 2020 05:22:09 -0700 (PDT)
Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE4103A122E for <babel@ietf.org>; Wed, 26 Aug 2020 05:22:08 -0700 (PDT)
Received: by mail-wm1-x330.google.com with SMTP id z9so1566215wmk.1 for <babel@ietf.org>; Wed, 26 Aug 2020 05:22:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:content-transfer-encoding:cc:subject:from:to:date :message-id:in-reply-to; bh=eC5ncwmby64OAouDFJaQxco+dhAK5SKo3vgYmErMpaM=; b=AbVMyiPgrTOLK6vjAwR4ng/Ofu3yLWQw5YlvSVqNZtFBinAcGMKdOGS4CBPcRPARRw DbmxjrofaMlAYNuvmwg0Q5fxltHwllygYe9nmYIvgqSE/N3GfRxvCl7KA5Ld2YHjCtB4 IK1292AW/PTFPLaTFC8Rk6PhBvqYKcsRTJi7JlSf8Kn9kTG0L2cbm9KsgEWGHXBcWBog EpCBdrHLs6uMTOJMLDPUlsezwObIO89KFN9448ztH3INyFm4DF6budUUD+p9oAcakdUP caWyLyhXakUW22+XENK6rtVPiW7L0OSaoU3nHM5Wu+ez8d3PRUWOP2afXSEwWQJRpFEQ 2TKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:content-transfer-encoding:cc :subject:from:to:date:message-id:in-reply-to; bh=eC5ncwmby64OAouDFJaQxco+dhAK5SKo3vgYmErMpaM=; b=SgyNSowh9/FY9bpEtCo8iuF+zY7xCwx+QKp7F1nRN95l6uKmgqmorD0t6wjCNBOZHR RZ/QlIfYKiTT65dYpWN9zKb2QfRe9zIBRCPxA5a7pfu4MPU3btn/w/63toWiWPsFqboa zI00zVEnjPTenbhzzj2DwUTyat/Y3eyqYEfBuMJha1yKj5P65jAicmyEGrcZq0Fc2cyN GC9iBxaMCRAFwI8UDzdbOSUlr3GLP/M0/+Iwx+TOogUGyGTGZXgfo2UtULIKIxBQ6y0+ 6ND6GrxSIVknuO2iTXijpTOx6eEtgMxaZMfPJrm/ubLlXYNlEsqHLiblscqlozzJV7bl zB8A==
X-Gm-Message-State: AOAM533yLpVCPpWReryJf3WGt9ZyDx1Ldtp8ijHTQ4tvtVZIW0T7rHS5 7RXWKSqnrrwllh+QuFg/aqY=
X-Google-Smtp-Source: ABdhPJzyvatT75qBCBf+2ZDpmxMIy8iHHmeE6cgZT4gGIOmO7ealXBlumDDopNubRHxLgEnbfD9deg==
X-Received: by 2002:a7b:c197:: with SMTP id y23mr6739489wmi.48.1598444526933; Wed, 26 Aug 2020 05:22:06 -0700 (PDT)
Received: from localhost (176-190-174-144.abo.bbox.fr. [176.190.174.144]) by smtp.gmail.com with ESMTPSA id n18sm5342517wrp.58.2020.08.26.05.22.06 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 26 Aug 2020 05:22:06 -0700 (PDT)
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Cc: Babel at IETF <babel@ietf.org>
From: Antonin Décimo <antonin.decimo@gmail.com>
To: Juliusz Chroboczek <jch@irif.fr>
Date: Wed, 26 Aug 2020 13:52:24 +0200
Message-Id: <C56WNVF0GCG7.2H25FHRQ1LL3F@kobain>
In-Reply-To: <87zh6hem9u.wl-jch@irif.fr>
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/b5-9EYUSMtEUU3j0iqidTYacefc>
Subject: Re: [babel] Comments on the MAC authentication for Babel draft
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2020 12:22:11 -0000

> > 1. Key length
>
> I disagree. Using 64 octets for SHA-256 gives no additional security.
>
> https://crypto.stackexchange.com/questions/34864/key-size-for-hmac-sha256

Ok, thanks.

> > 2. Digest length
> when a key is configured in a router, it is configured together with
> the associated algorithm. The algorithm implies a digest length.

Ah, I see. This is just what I had missed.


Thanks for reviewing my comments. I don’t see any bugs left in the
draft. I’m sorry to see that it’s too late for clarifications.

-- Antonin

v2.23.0 | Report a Bug | By Email