IETF Logo Mail Archive

Re: [babel] Minor clarification to HMAC

Juliusz Chroboczek <jch@irif.fr> Sat, 29 June 2019 10:54 UTC

Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C68AC12011C for <babel@ietfa.amsl.com>; Sat, 29 Jun 2019 03:54:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cd1FkAHXXmGB for <babel@ietfa.amsl.com>; Sat, 29 Jun 2019 03:54:12 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 272111200DB for <babel@ietf.org>; Sat, 29 Jun 2019 03:54:11 -0700 (PDT)
Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id x5TAs7Re024499 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 29 Jun 2019 12:54:07 +0200
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id x5TAs7es014333; Sat, 29 Jun 2019 12:54:07 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 71EB64CB65; Sat, 29 Jun 2019 12:54:09 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id DyHntL9mdrzG; Sat, 29 Jun 2019 12:54:08 +0200 (CEST)
Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 5CEA04CB60; Sat, 29 Jun 2019 12:54:05 +0200 (CEST)
Date: Sat, 29 Jun 2019 12:54:05 +0200
Message-ID: <874l481x2q.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Markus Stenberg <markus.stenberg@iki.fi>
Cc: babel@ietf.org
In-Reply-To: <2EACCFA6-6214-4C95-9951-873B9C0F4B98@iki.fi>
References: <874l49j158.wl-jch@irif.fr> <6C3AA518-8EF8-493A-835D-DE096E75D07B@iki.fi> <87ef3c20fh.wl-jch@irif.fr> <3CFB1069-5307-40F2-89DD-CA82CE2976A1@iki.fi> <87a7e01yxe.wl-jch@irif.fr> <5154BFF0-4BE3-4F72-AAA4-AC65DEDF2A97@iki.fi> <877e941xu9.wl-jch@irif.fr> <2EACCFA6-6214-4C95-9951-873B9C0F4B98@iki.fi>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Sat, 29 Jun 2019 12:54:07 +0200 (CEST)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Sat, 29 Jun 2019 12:54:08 +0200 (CEST)
X-Miltered: at korolev with ID 5D17434F.002 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-Miltered: at potemkin with ID 5D17434F.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5D17434F.002 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/<jch@irif.fr>
X-j-chkmail-Enveloppe: 5D17434F.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5D17434F.002 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Score: MSGID : 5D17434F.000 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/mW4x1OegkHImlUzdIO1-37GC1TQ>
Subject: Re: [babel] Minor clarification to HMAC
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Jun 2019 10:54:14 -0000

> So at most you can have # of network size spurious replayed neighbour
> table entries.

Right.  We're hoping that implementations don't change their link-local IP
addresses too often, i.e. that (genuine) link-locals are reasonably stable.

> No idea how limited implementations might behave with that (e.g. fixed
> neighbour table size in a largish network with same HMAC key),

I'll add a note to the Security Considerations that implementations want
to ensure that they fail gracefully when the neighbour table overflows
(i.e. that they fail to establish any new adjacencies rather than
crashing.)

> I think that given security consideration text it is fine then as long
> as the behavior is mentioned somewhere.

Are you retracting your -1?

-- Juliusz

v2.23.0 | Report a Bug | By Email