Re: [babel] MAC auth. for Babel in babeld
Juliusz Chroboczek <jch@irif.fr> Thu, 27 August 2020 13:14 UTC
Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97EBD3A085A for <babel@ietfa.amsl.com>; Thu, 27 Aug 2020 06:14:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5qgo5nPFzz5Q for <babel@ietfa.amsl.com>; Thu, 27 Aug 2020 06:14:00 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8369E3A0855 for <babel@ietf.org>; Thu, 27 Aug 2020 06:14:00 -0700 (PDT)
Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 07RDDwBr010262 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 27 Aug 2020 15:13:58 +0200
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id 07RDDwCp017695; Thu, 27 Aug 2020 15:13:58 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 5C95BC7545; Thu, 27 Aug 2020 15:13:58 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id s2FhuBuDt8yO; Thu, 27 Aug 2020 15:13:57 +0200 (CEST)
Received: from pirx.irif.fr (82-64-141-196.subs.proxad.net [82.64.141.196]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id CEE60C7542; Thu, 27 Aug 2020 15:13:56 +0200 (CEST)
Date: Thu, 27 Aug 2020 15:13:56 +0200
Message-ID: <871rjsmdt7.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Antonin Décimo <antonin.decimo@gmail.com>
Cc: Babel at IETF <babel@ietf.org>, babel-users <babel-users@lists.alioth.debian.org>
In-Reply-To: <CAC=54BJasxBONeV0dV3Xv56M4R2d9=pTyb6GVEAcr8AfGq-NZw@mail.gmail.com>
References: <CAC=54BJasxBONeV0dV3Xv56M4R2d9=pTyb6GVEAcr8AfGq-NZw@mail.gmail.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Thu, 27 Aug 2020 15:13:58 +0200 (CEST)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Thu, 27 Aug 2020 15:13:58 +0200 (CEST)
X-Miltered: at korolev with ID 5F47B196.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-Miltered: at potemkin with ID 5F47B196.002 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5F47B196.000 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/<jch@irif.fr>
X-j-chkmail-Enveloppe: 5F47B196.002 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5F47B196.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Score: MSGID : 5F47B196.002 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/m59s8kKAvIYbHI_EwtcejF4_Opk>
Subject: Re: [babel] MAC auth. for Babel in babeld
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2020 13:14:03 -0000
> I’ve rolled up my sleeves and finished my implementation of the MAC > authentication protocol in babeld. Excellent! I'll get to work on reviewing that as soon as teaching is under control. (In case anyone is interested -- we've got a lot of COVID-related restrictions, which I happen to support, but we're getting very little help with implementing them. I'm down to buying my own masks to distribute to students who forget theirs.) > There is one feature that I have not implemented (yet): expiring > per-neighbour state (section 4.4) using the Hello history or a timer > based on the last accepted packet. Yes, you have :-) The per-neighbour state is attached to the neighbour entry, and the neighbour entry will be discarded soon after the hello history becomes empty. See the function check_neighbours in neighbour.c, which is called periodically by the main loop. > The code has not undergone review. No interoperability testing has > been done. Please find out if you're allowed to enter the office (not obvious due to COVID). If not, I'll ask the boss for permission, or else we'll meet at my place. > I’m also looking for feedback on the user interface. [...] In > particular, do you think that implementing keysets and allowing an > unbounded number of keys is too much for babeld? As a general rule, I'm in favour of reflecting the implementation details in the user interface to the extent possible -- if you don't do that, the interface becomes confusing to the user who cannot build an accurate mental model of what's going on. If that's too complicated, I'd rather we add some macros than dumb down the interface. (Commands that expand to a sequence of lower-level commands.) You should consider what happens to your code when there are too many keys, and the MACs no longer fit in a packet. A silent failure would be bad. -- Juliusz
- [babel] MAC auth. for Babel in babeld Antonin Décimo
- Re: [babel] MAC auth. for Babel in babeld Juliusz Chroboczek
- Re: [babel] MAC auth. for Babel in babeld Juliusz Chroboczek
- Re: [babel] MAC auth. for Babel in babeld Antonin Décimo
- Re: [babel] [Babel-users] MAC auth. for Babel in … Toke Høiland-Jørgensen
- Re: [babel] [Babel-users] MAC auth. for Babel in … Antonin Décimo
- Re: [babel] [Babel-users] MAC auth. for Babel in … Toke Høiland-Jørgensen
- Re: [babel] [Babel-users] MAC auth. for Babel in … Juliusz Chroboczek
- Re: [babel] [Babel-users] MAC auth. for Babel in … Antonin Décimo
- Re: [babel] [Babel-users] MAC auth. for Babel in … Antonin Décimo
- Re: [babel] [Babel-users] MAC auth. for Babel in … Toke Høiland-Jørgensen
- Re: [babel] [Babel-users] MAC auth. for Babel in … Juliusz Chroboczek
- Re: [babel] [Babel-users] MAC auth. for Babel in … Juliusz Chroboczek
- Re: [babel] [Babel-users] MAC auth. for Babel in … Toke Høiland-Jørgensen
- Re: [babel] [Babel-users] MAC auth. for Babel in … Toke Høiland-Jørgensen