IETF Logo Mail Archive

Re: [babel] Comments on the MAC authentication for Babel draft

Donald Eastlake <d3e3e3@gmail.com> Wed, 26 August 2020 22:00 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF1003A08EE for <babel@ietfa.amsl.com>; Wed, 26 Aug 2020 15:00:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iiIVpK1KOdxp for <babel@ietfa.amsl.com>; Wed, 26 Aug 2020 15:00:50 -0700 (PDT)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BB7E3A08DB for <babel@ietf.org>; Wed, 26 Aug 2020 15:00:50 -0700 (PDT)
Received: by mail-io1-xd2a.google.com with SMTP id v6so3756057iow.11 for <babel@ietf.org>; Wed, 26 Aug 2020 15:00:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ed0mJtno2/i7a5HDZcPiGuZayz+jk5qW4X6V/89a3ss=; b=t5vfyEzcb4b/i+BpozbivTKsbEZDouz/iwTdPDFdrqBMx8YOjax2BE/PQLNio3x9a7 zrT0zlRp0fpCet86MrO5BCDIHl2SoB0z7NW+wzXBPwj8IayosH3L90dr3wHFgpkUWHyu vTrfTn4F47F9xb6kzpj0PbNayhlLYTVGCoTwZQud4SHsIZ057BDUHljkLmCjMJBQv1Lk nz18iupLzgjFk6Sc3wPmf0xVICTBxqWkOPeXtWnrQ5Ld+OUU2Xjtq63wXMNKuJXgtjmm INSi4DsKC2ywlFsk+2ybW1pKVjunyM/sWYGkPeziXGO64rKxPBwpPremXCRzj/AtoHTz vhCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ed0mJtno2/i7a5HDZcPiGuZayz+jk5qW4X6V/89a3ss=; b=KI9kh1XB66xpb5xKrNKNQBPoHgHEReSEgnxh/Wxj95UasmGZh3usy+EGk+X2N1bHH4 Ig4R7PtmFsF/A0Evxquwo21RQ6S9Zqfh4uhVJj2KXr5BvZHI/v0lOB8Zff+H48pCFpqb t/e5LRh2JY+HvYYdLtlFmLMrpj1gEQQFFepMZThTjL3A0AFQLC5iNQilJgl9FuJy5owz eurqLxCgDObXojEw/zEq0dxqOlWnGdSlCaysKgy2AOZpp9exZog0kCHui7scoIyFQnql v1tONrxfMITaj62xrq+kR0ibPLxessyg2Xh+u5njf8SWi7WHQVD/WrEMOQkuv5elKaH3 41Ew==
X-Gm-Message-State: AOAM533PQ70SISGf+mtnjt+1vhd3Vl+2nfneqJVosUZ+sfIR8JQYebRR qnFvRImzntLRfVf9AVq7MMQrgaT+deFrcThUi0M=
X-Google-Smtp-Source: ABdhPJx1wJnHQrULqC9KfFGkzjS6FqRZosXrvtd3tifKPbQB/IkfLnVkJ0Q91Fl3/McySvzWR3iLDqMQeayqNc32wow=
X-Received: by 2002:a02:9149:: with SMTP id b9mr16593795jag.50.1598479249414; Wed, 26 Aug 2020 15:00:49 -0700 (PDT)
MIME-Version: 1.0
References: <87zh6hem9u.wl-jch@irif.fr> <C56WNVF0GCG7.2H25FHRQ1LL3F@kobain> <CAPDSy+7DaR2RTJ5cdf02=ECSgbaDN=14Spdz3U6D1NvZed25CA@mail.gmail.com>
In-Reply-To: <CAPDSy+7DaR2RTJ5cdf02=ECSgbaDN=14Spdz3U6D1NvZed25CA@mail.gmail.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Wed, 26 Aug 2020 18:00:38 -0400
Message-ID: <CAF4+nEGXdy3-OSjnrj9=zoKSoQ_M57o0cvgD0=SiRbr7VHHcfA@mail.gmail.com>
To: David Schinazi <dschinazi.ietf@gmail.com>
Cc: Antonin Décimo <antonin.decimo@gmail.com>, Babel at IETF <babel@ietf.org>, Juliusz Chroboczek <jch@irif.fr>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/jGs8IyHgcUJ5urUvtRvHtlL6vYs>
Subject: Re: [babel] Comments on the MAC authentication for Babel draft
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2020 22:00:52 -0000

Hi David,

On Wed, Aug 26, 2020 at 2:09 PM David Schinazi <dschinazi.ietf@gmail.com> wrote:
>
> To be slightly pedantic about the IETF process here
> (chairs, please correct me if I'm wrong), it's not too late
> to make editorial changes to the document. It is too
> late to make big technical changes, as that would require
> the relevant ADs to re-review the document, but as authors
> you can feel free to clarify the wording.

It's just a little complicated to cover all the paths a draft can take
but at this point the draft has been through AD review, IETF Last
Call, Directorate Reviews, and IESG balloting. If significant
technical changes/extensions are made at this stage, it might require
sending the draft back to the WG to go through that process again.
However, the draft can simply be cloned under a new file name (like
draft-ietf-babel-hmacbis-00 or the like) and the changes made there.

Of course, if there is a fatal technical flaw, it is probably the
right thing to pull the draft back and have it go through the process
again. If it is a bad enough problem, it can even be pulled back from
the RFC Editor's queue or at any point until it is actually released
as an RFC. (After that, you have to do a new RFC to obsolete it.)

> Another option is that
> you'll be able to also change wording during AUTH48 (one
> of the very last steps of the process where the authors go
> back and forth with the RFC Editor to get all the editorial
> details right). All that will be required is for the responsible
> AD (in this case Martin Vigoureux) to review the AUTH48
> changes and confirm that they are editorial. I would suggest
> making small editorial changes now right before we send
> this off to the RFC Editor.

We can make small editorial/clarification changes at this point.

After the RFC Editor gets it, you don't have to wait for AUTH48. The
RFC Editor will send out editorial questions and suggestions to the
authors along with a request that they review the document and
editorial fixes can be resolved then.

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 33896 USA
 d3e3e3@gmail.com

> David
>
> On Wed, Aug 26, 2020 at 5:22 AM Antonin Décimo <antonin.decimo@gmail.com> wrote:
>>
>> > > 1. Key length
>> >
>> > I disagree. Using 64 octets for SHA-256 gives no additional security.
>> >
>> > https://crypto.stackexchange.com/questions/34864/key-size-for-hmac-sha256
>>
>> Ok, thanks.
>>
>> > > 2. Digest length
>> > when a key is configured in a router, it is configured together with
>> > the associated algorithm. The algorithm implies a digest length.
>>
>> Ah, I see. This is just what I had missed.
>>
>>
>> Thanks for reviewing my comments. I don’t see any bugs left in the
>> draft. I’m sorry to see that it’s too late for clarifications.
>>
>> -- Antonin
>>
>> _______________________________________________
>> babel mailing list
>> babel@ietf.org
>> https://www.ietf.org/mailman/listinfo/babel
>
> _______________________________________________
> babel mailing list
> babel@ietf.org
> https://www.ietf.org/mailman/listinfo/babel

v2.23.0 | Report a Bug | By Email