Re: [babel] DTLS Cached Info support in Babel

Juliusz Chroboczek <jch@irif.fr> Fri, 18 June 2021 23:37 UTC

Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ECF83A155F for <babel@ietfa.amsl.com>; Fri, 18 Jun 2021 16:37:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qcU7W7nDTPeE for <babel@ietfa.amsl.com>; Fri, 18 Jun 2021 16:37:26 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D0A63A155E for <babel@ietf.org>; Fri, 18 Jun 2021 16:37:25 -0700 (PDT)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 15INbKWU003033; Sat, 19 Jun 2021 01:37:20 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 13547110A52; Sat, 19 Jun 2021 01:37:20 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id pER9GgiBxC9p; Sat, 19 Jun 2021 01:37:18 +0200 (CEST)
Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id E2314110A50; Sat, 19 Jun 2021 01:37:16 +0200 (CEST)
Date: Sat, 19 Jun 2021 01:37:16 +0200
Message-ID: <87lf76zqvn.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: "STARK, BARBARA H" <bs7652@att.com>
Cc: "'Babel at IETF'" <babel@ietf.org>
In-Reply-To: <DM6PR02MB69248067593B6110F622817DC30F9@DM6PR02MB6924.namprd02.prod.outlook.com>
References: <DM6PR02MB69248067593B6110F622817DC30F9@DM6PR02MB6924.namprd02.prod.outlook.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/28.0 Mule/6.0
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Sat, 19 Jun 2021 01:37:20 +0200 (CEST)
X-Miltered: at korolev with ID 60CD2E30.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 60CD2E30.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 60CD2E30.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/n1OV_rq6foYfXpF-BMtF1OKcbUc>
Subject: Re: [babel] DTLS Cached Info support in Babel
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jun 2021 23:37:31 -0000

> On the YANG model, we're dealing with some questions around the parameters included to support the Cached Information Extension and Raw Public Keys in DTLS. This is briefly mentioned in 
> https://datatracker.ietf.org/doc/html/rfc8968#appendix-A

[...]

> Do any of the DTLS implementations support the cached info extension?

It's definitely not supported by OpenSSL.  I haven't been able to find any
mention of it in the gnutls docs.

> Do any of the DTLS implementations support multiple types of certs?

Raw public keys are supported by gnutls but not by OpenSSL.

> Do they implement sending the server_certificate_type and
> client_certificate_type in the ClientHello? If so, how do they populate
> these?

As far as I understand, you set a key on the session structure, and the
behaviour will depend on the kind of key that you set.

> Should we allow the programmatic default to be overridden per interface
> (or is that just too much complexity for a very optional feature)?

I'm a little confused -- isn't the cert type implied by the value of
babel-dtls-cert-set-obj?

-- Juliusz