Re: [babel] Mirja Kühlewind's Discuss on draft-ietf-babel-hmac-08: (with DISCUSS and COMMENT)
Juliusz Chroboczek <jch@irif.fr> Wed, 07 August 2019 13:49 UTC
Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F4AC12006D; Wed, 7 Aug 2019 06:49:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.12
X-Spam-Level:
X-Spam-Status: No, score=-1.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tJm-BU_Ak5ca; Wed, 7 Aug 2019 06:49:45 -0700 (PDT)
Received: from smtp4-g21.free.fr (smtp4-g21.free.fr [212.27.42.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB18D120041; Wed, 7 Aug 2019 06:49:45 -0700 (PDT)
Received: from pirx.irif.fr (unknown [IPv6:2a01:e34:ec22:84a2:40cc:4a9b:caf5:e938]) by smtp4-g21.free.fr (Postfix) with ESMTPS id 8AAD719F5AD; Wed, 7 Aug 2019 15:49:31 +0200 (CEST)
Date: Wed, 07 Aug 2019 15:49:31 +0200
Message-ID: <87imr9hyqc.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Mirja Kühlewind <ietf@kuehlewind.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-babel-hmac@ietf.org, Donald Eastlake <d3e3e3@gmail.com>, babel-chairs@ietf.org, babel@ietf.org
In-Reply-To: <156518028058.8361.10940272410936686016.idtracker@ietfa.amsl.com>
References: <156518028058.8361.10940272410936686016.idtracker@ietfa.amsl.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/gbUwqVKs1DxqM39LDnDPiinvz8g>
Subject: Re: [babel] Mirja Kühlewind's Discuss on draft-ietf-babel-hmac-08: (with DISCUSS and COMMENT)
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2019 13:49:48 -0000
Dear Mirja, Thank you for your review. (Please be aware that I cannot check my work mail until Thursday, please copy the list if you desire a timely response.) > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > I would like to quickly discuss the following approach taken in section > 4.3.1.1: [...] > there might be a better approach than static rate-limiting given this is > a request-response mechanism. [...] In your case the easiest approach > would be when the 30 sec timer is expired, or if the RTT is known (or > can be estimated) then a value of e.g. 3xRTT could be appropriate well. > for further guidance. First of all, what we're trying to avoid here is an attacker causing the current node to generate unbounded amounts of traffic. With static rate limiting, we guarantee that an attacker can cause at most n/0.3 packets per second to be sent, where n is the number of distinct source addresses in the attacker's collection of captured packets. No such guarantee exists if the rate limiting is made dynamic. Second, in normal usage the challenge/response mechanism is used when establishing state with a new neighbour. No RTT information is likely to be available at that early stage. Thus, your suggestion would cause a 30s delay whenever a challenge reply is lost. > Further Appendix A (Incremental deployment and key rotation) contains > normative language and therefore should probably be moved into the body > of the document. Is that a hard requirement? It makes sense to me to separate operational requirements from the description of the protocol. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > The shepherd write-up says: "This document updates the rfc6126bis draft > as noted on the title page and in the Abstract." However, that seems not > to be the case...? The "updates" was removed in -05 at the request of Martin Vigoureux. > This brings me to a separate question I would like to ask: Why is this an > extension in a separate document and not an (optional) part of rfc6126bis? I want it to be easily readable by people who are not interested in the specifics of Babel, as this makes it more likely that it will be reviewed by competent security specialists. (In addition, since this protocol was designed to solve some of the issues described in RFC 6039, I have some hope that it will come to the attention of the OSPF community.) Thanks again, -- Juliusz
- [babel] Mirja Kühlewind's Discuss on draft-ietf-b… Mirja Kühlewind via Datatracker
- Re: [babel] Mirja Kühlewind's Discuss on draft-ie… Juliusz Chroboczek
- Re: [babel] Mirja Kühlewind's Discuss on draft-ie… Mirja Kuehlewind
- Re: [babel] Mirja Kühlewind's Discuss on draft-ie… Juliusz Chroboczek
- Re: [babel] Mirja Kühlewind's Discuss on draft-ie… Mirja Kuehlewind
- Re: [babel] Mirja Kühlewind's Discuss on draft-ie… Juliusz Chroboczek
- Re: [babel] Mirja Kühlewind's Discuss on draft-ie… Mirja Kuehlewind
- Re: [babel] Mirja Kühlewind's Discuss on draft-ie… Juliusz Chroboczek
- Re: [babel] Mirja Kühlewind's Discuss on draft-ie… Mirja Kuehlewind