IETF Logo Mail Archive

Re: [babel] Some open HMAC issues

Juliusz Chroboczek <jch@irif.fr> Tue, 03 July 2018 00:28 UTC

Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 957BC130E99 for <babel@ietfa.amsl.com>; Mon, 2 Jul 2018 17:28:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qWyMHme3p8IB for <babel@ietfa.amsl.com>; Mon, 2 Jul 2018 17:28:11 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAC721292F1 for <babel@ietf.org>; Mon, 2 Jul 2018 17:28:10 -0700 (PDT)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/75695) with ESMTP id w630ROgf028449; Tue, 3 Jul 2018 02:27:24 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 399C8EB22D; Tue, 3 Jul 2018 02:28:06 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id TTnxruULEDHv; Tue, 3 Jul 2018 02:28:05 +0200 (CEST)
Received: from trurl.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 25371EB279; Tue, 3 Jul 2018 02:28:05 +0200 (CEST)
Date: Tue, 03 Jul 2018 02:28:05 +0200
Message-ID: <87muv9p3hm.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: David Schinazi <dschinazi@apple.com>
Cc: babel@ietf.org
In-Reply-To: <7E81074A-F3BB-470A-8197-C4195AE806DC@apple.com>
References: <87sh545st3.wl-jch@irif.fr> <411E2C9F-A910-4899-8DD7-92C0C85EBC54@apple.com> <87sh523xy8.wl-jch@irif.fr> <7E5E0D4C-0049-47D1-ACFA-31EA0F843237@apple.com> <87d0w5ingo.fsf@toke.dk> <375EE128-E5F3-487C-9A9E-89A8C976489F@apple.com> <87po05p57w.wl-jch@irif.fr> <7E81074A-F3BB-470A-8197-C4195AE806DC@apple.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Tue, 03 Jul 2018 02:27:24 +0200 (CEST)
X-Miltered: at korolev with ID 5B3AC2EC.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5B3AC2EC.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5B3AC2EC.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/hgD9qVx9ZCMMGhYmqyvaeUn5Pdw>
Subject: Re: [babel] Some open HMAC issues
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 00:28:13 -0000

>> you need to pick a KeyID that is currently unused.

> I don't see why. Having a KeyID conflict just means you'll try both keys.

Ah, that's the bit that I was missing -- you allow multiple keys with the
same ID.  So the UI issue goes away -- you just set the KeyID to 0 by
default.  And an implementation is free to ignore KeyIDs on reception.

I lift my opposition.  If the WG wants KeyIDs, and provides me with
suitable text to put in the spec, I'll implement them.  In which case
I reserve the right to make sarcastic comments in public.

> An implementation is free to always send KeyID as 42 and silently drop
> any HMAC TLV KeyID that isn't 42 if it can't handle the complexity.

Nah, you just check all keys, ignoring their KeyID.  In other words, the
KeyID degenerates to a field that "may be ignored on reception".

> In homenet there was discussion of pairwise symmetric keys
> distributed via HNCP.

That's not what the protocol was designed for.  We send one HMAC per key
in every freaking packet, and if we've got more than 60 or so, we'll quite
simply run out of space in the Ethernet frame.  All keys, no data, the
drunken cryptographer's dream.

If you want pairwise keying, use a protocol that uses pairwise communication.
Also known as unicast.  I hear you're the co-author of just such a protocol.

-- Juliusz

v2.23.0 | Report a Bug | By Email