Re: [babel] What's up with HNCP security?
Ted Lemon <mellon@fugue.com> Sun, 28 May 2017 23:14 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C45D12949B for <babel@ietfa.amsl.com>; Sun, 28 May 2017 16:14:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ekNebyg7lt98 for <babel@ietfa.amsl.com>; Sun, 28 May 2017 16:14:52 -0700 (PDT)
Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com [IPv6:2607:f8b0:400d:c0d::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24937126BF7 for <babel@ietf.org>; Sun, 28 May 2017 16:14:52 -0700 (PDT)
Received: by mail-qt0-x22d.google.com with SMTP id f55so39649658qta.3 for <babel@ietf.org>; Sun, 28 May 2017 16:14:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=vmdzlcbPTJHNK3oXNHLPbmNvlO8ZAITB/7eUbx6MrlU=; b=mPsrz3lvX7X22/CIHzN6y7qoKVvbijlh18iDXVjvGX/cj9BL+J7anyxceAM2K9mVqs b964FScx3o5KhIwWCfBAMlHLFQNBu0fqt9JUuYBlQhvU2oF45wqNQF59II+ZZaRUiVrb yiSVmdpih24FbhG44kfAZJtJ7YLMdFNjiiVhoX4rSRPIfSKUdXZlrvJEhS/mK6D51p3Q MDllSLwI3zXbbd562BIEuCRmb6VDo30ioLQwRRhs+pWfQMgAFDQia9Z1bPqYEBJ46FJ+ Y0cnVVy9hmtriuKG75spowNthGCHvgidHNShX8WyVCcf+e8mnXjRVWdEKMrO5S8gGxZq ZdYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=vmdzlcbPTJHNK3oXNHLPbmNvlO8ZAITB/7eUbx6MrlU=; b=csLHz/NzCpObbHOvZXlD2G4J1y/FLuSjHZWlc0OXykgD+WbQVdnUFQDK5YCYNKp2cl EP6Wk5R6t9Guogooi7cr1oKgt+Man6GRpTiVE5Pcp3ztuSzBIqI/Fl6CkDNqt53HLaXt NfsAhcZ2eJZ0spRcHvFOJOTzO4/HL/noxgpUoWobLqXknMRGoruGjO80Ga0CM+Tmw2U9 hqLDqU/W1PS2dZOVZWrWZq+kDPkUfa/E7Cpy7la5jOE2jlaEHbJtyavsVIAZ274j4ZQ5 xfscVM7z18yl7DFphUYHU9nBuJE6l5vLviONUsT2xT5yQMh5TSgzxnEfvo+9TC5wse2/ mdHQ==
X-Gm-Message-State: AODbwcBMW82dLUudyP/YNd5WMIa5PsK/Z3UmnnRFwY3k273B1r90v3tT 1TsU/G6dBeMezLbW
X-Received: by 10.200.55.29 with SMTP id o29mr14652555qtb.120.1496013291349; Sun, 28 May 2017 16:14:51 -0700 (PDT)
Received: from [10.0.20.228] (c-73-167-64-188.hsd1.ma.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id n3sm4319058qkd.21.2017.05.28.16.14.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 28 May 2017 16:14:50 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <1F8BA8E0-7518-4288-B679-749906B1B19F@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_E69714F6-D9F1-41EF-AC34-9EEF938646DC"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Sun, 28 May 2017 19:14:48 -0400
In-Reply-To: <B67775FF-31CB-42F6-ABDF-BD47BEA1DB56@iki.fi>
Cc: Juliusz Chroboczek <jch@irif.fr>, homenet-babel-sec@ietf.org, babel@ietf.org
To: Markus Stenberg <markus.stenberg@iki.fi>
References: <87d1ask7d9.wl-jch@irif.fr> <B67775FF-31CB-42F6-ABDF-BD47BEA1DB56@iki.fi>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/lOAGQzP4BhnIM9hqlQveWquq-kI>
Subject: Re: [babel] What's up with HNCP security?
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 May 2017 23:14:53 -0000
On May 28, 2017, at 5:53 PM, Markus Stenberg <markus.stenberg@iki.fi> wrote: > HNCP supports negotiating network-wide shared keys for arbitrary services (such as RPs). If my hncp_proto.h has valid values, TLV to look for is number 42, ironically enough. > > hnetd the implementation does not implement this yet, as I am not convinced it is a good idea. I welcome merge requests though if someone wants to implement it. (it is one of the few missing parts of the spec from hnetd) The idea is to have key pairs, not network wide keys (this is why Juiliusz needs unicast hellos in Babel). Network wide keys are useless.
- [babel] What's up with HNCP security? Juliusz Chroboczek
- Re: [babel] What's up with HNCP security? Markus Stenberg
- Re: [babel] What's up with HNCP security? Juliusz Chroboczek
- Re: [babel] What's up with HNCP security? Ted Lemon
- Re: [babel] What's up with HNCP security? Ted Lemon
- Re: [babel] What's up with HNCP security? Juliusz Chroboczek
- Re: [babel] What's up with HNCP security? Ted Lemon
- Re: [babel] What's up with HNCP security? Markus Stenberg
- Re: [babel] What's up with HNCP security? Juliusz Chroboczek
- Re: [babel] What's up with HNCP security? Toke Høiland-Jørgensen
- Re: [babel] What's up with HNCP security? Ted Lemon
- Re: [babel] What's up with HNCP security? Juliusz Chroboczek