IETF Logo Mail Archive

Re: [babel] hmac info model elements

Toke Høiland-Jørgensen <toke@toke.dk> Fri, 04 January 2019 20:35 UTC

Return-Path: <toke@toke.dk>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AE43130E8F for <babel@ietfa.amsl.com>; Fri, 4 Jan 2019 12:35:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=toke.dk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lVbSMXXiOCcl for <babel@ietfa.amsl.com>; Fri, 4 Jan 2019 12:35:24 -0800 (PST)
Received: from mail.toke.dk (mail.toke.dk [52.28.52.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B8AE1200D7 for <babel@ietf.org>; Fri, 4 Jan 2019 12:35:24 -0800 (PST)
From: Toke Høiland-Jørgensen <toke@toke.dk>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1546634090; bh=sruLINbRIWe95BBjyR5rTW4o+2uDd5UpPemOXdulEvg=; h=From:To:Subject:In-Reply-To:References:Date:From; b=P8zbR5VW2ZxX0wdLlq3LgzloHiJPnxkwlM+K8/nTKJz06tm8+Us1+UBL32wPCsZVc eRQbwLssMlyQTKHhJ/RSwOR79DPXvU0LyBeYsAb48iLKfaQHU0YSnwXXHiXHsSwZKl PS+avRhp8V/EuK63G5ueBlH6HBW0Uq60n4HBIvBNJ9Y9UAqKTMsxLeEmUirFY/Nu6N 7ehR79WH6SK8unichabsrkh5OCI8mBNUNSHaiH7so+DMKxO9FC1v5JfaZNAcHq8lih bsvxDtbtyyt5DaH0VZGNYB3UynVeXG633wi8Oiv4uB9iTPVjy+zirRGOEjntk+M8IL IywYb2pN9mdoQ==
To: "STARK, BARBARA H" <bs7652@att.com>, Babel at IETF <babel@ietf.org>
In-Reply-To: <2D09D61DDFA73D4C884805CC7865E6114DF83500@GAALPA1MSGUSRBF.ITServices.sbc.com>
References: <2D09D61DDFA73D4C884805CC7865E6114DF7EECB@GAALPA1MSGUSRBF.ITServices.sbc.com> <87a7khxxu6.fsf@toke.dk> <2D09D61DDFA73D4C884805CC7865E6114DF83500@GAALPA1MSGUSRBF.ITServices.sbc.com>
Date: Fri, 04 Jan 2019 21:34:45 +0100
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <87bm4wyxei.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/jbrMuMMZ14jY0Kx-DJ_HX9AT9zo>
Subject: Re: [babel] hmac info model elements
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2019 20:35:26 -0000

"STARK, BARBARA H" <bs7652@att.com> writes:

>> > Appendix A (incremental deployment and key rotation) indicates it should
>> be possible to configure a mode where authenticated packets are sent but all
>> packets are accepted.
> ...
>> > Proposed HMAC model:
>> > add to top level information-obj:
>> > babel-hmac-algorithms (enumerated list of supported HMAC computation
>> algorithms)
>> >
>> > security-hmac-obj
>> >   security-hmac-enable (boolean: enable / disable this instance)
>> >   security-hmac-mode (Boolean: do or don't authenticate received
>> > packets)
>> 
>> How do those two interact?
>
> If an HMAC instance is disabled it's as if this instance doesn't exist. Its keys and hmac-mode values are irrelevant (don't care), and it causes no HMAC to be sent, expected, or checked, and no challenges to be responded to or sent.
> If an HMAC instance is enabled (and there is at least one key to use for signing), then authenticated packets are always sent.
> The hmac-mode toggles whether or not received packets are checked, for
> an enabled HMAC instance.

As I noted I think the setting of whether to check or not should be
per-key; not sure it makes sense to have another global toggle? A global
off switch may be useful, though...

>> >   security-hmac-algorithm (string: one of the supported HMAC algorithms)
>> >   security-interfaces (string list of references to interfaces-obj: the
>> interfaces this instance applies to; if empty, it applies to all interfaces)
>> >   security-add-hmac-key (operation: inputs (reference name, key))
>> >      hmac-key-obj
>> 
>> IMO, we'll need two per-key booleans as well: "use for authentication"
>> and "use for signing". They should be set independent of each other.
>
> OK. We could do this either with 2 Booleans or with a single
> enumeration (sign-only, check-only, sign-and-check, [would an "unused"
> value also be needed?]). Would people prefer Booleans or an
> enumeration? I'm fine either way, but find enumerations easier for
> people to read and understand.

No strong opinion, but I think you are right that an enumeration is
easier to understand. The 'unused' state would be, e.g., for keys that
are retired but not removed entirely (in case they need to be re-enabled
later).

-Toke

v2.23.0 | Report a Bug | By Email