Re: [babel] Comments on the MAC authentication for Babel draft
Juliusz Chroboczek <jch@irif.fr> Wed, 26 August 2020 10:26 UTC
Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDCEE3A0A87 for <babel@ietfa.amsl.com>; Wed, 26 Aug 2020 03:26:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G6hsVGOCeH7F for <babel@ietfa.amsl.com>; Wed, 26 Aug 2020 03:26:15 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9B193A0A40 for <babel@ietf.org>; Wed, 26 Aug 2020 03:26:14 -0700 (PDT)
Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 07QAQB5K031756 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 26 Aug 2020 12:26:11 +0200
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id 07QAQB1B018723; Wed, 26 Aug 2020 12:26:11 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id B95DDBD3C6; Wed, 26 Aug 2020 12:26:11 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id VEln2XEneDBO; Wed, 26 Aug 2020 12:26:10 +0200 (CEST)
Received: from pirx.irif.fr (82-64-141-196.subs.proxad.net [82.64.141.196]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 5FB0EBD3C1; Wed, 26 Aug 2020 12:26:07 +0200 (CEST)
Date: Wed, 26 Aug 2020 12:26:05 +0200
Message-ID: <87zh6hem9u.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Antonin Décimo <antonin.decimo@gmail.com>
Cc: Babel at IETF <babel@ietf.org>
In-Reply-To: <CAC=54B+aJAZ3KhSUAjJyXiAujzHarRCDYXcERLx3gkHswJ6Sgg@mail.gmail.com>
References: <CAC=54B+aJAZ3KhSUAjJyXiAujzHarRCDYXcERLx3gkHswJ6Sgg@mail.gmail.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Wed, 26 Aug 2020 12:26:11 +0200 (CEST)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Wed, 26 Aug 2020 12:26:11 +0200 (CEST)
X-Miltered: at korolev with ID 5F4638C3.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-Miltered: at potemkin with ID 5F4638C3.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5F4638C3.000 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/<jch@irif.fr>
X-j-chkmail-Enveloppe: 5F4638C3.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5F4638C3.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Score: MSGID : 5F4638C3.000 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/qYtlmCrlUhbHIjWsGYCWwC3LbSA>
Subject: Re: [babel] Comments on the MAC authentication for Babel draft
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2020 10:26:18 -0000
Dear Antonin, While many of these are good changes, Donald is telling me that at this stage we're not making any changes that are not actual bug fixes. (He's been telling me that for the best part of a year now, sigh.) Antonin -- what we're dealing with here is a hostile bureaucratic organisation (similar to our University's administration), so we must choose our battles. I don't think any of the battles below are worth fighting. > 1. Key length I disagree. Using 64 octets for SHA-256 gives no additional security. https://crypto.stackexchange.com/questions/34864/key-size-for-hmac-sha256 > 2. Digest length > Reading the length of the MAC TLV in order to compute a MAC of this > length is not compliant with the protocol (§4.3) since MACs are > computed without looking into the packet. No. The digest length is part of the algorithm. The algorithm is carried out-of-band. In other words -- when a key is configured in a router, it is configured together with the associated algorithm. The algorithm implies a digest length. For example, SHA-256 truncated to 128 bits is a different algorithm than SHA-256 with full digests. I agree that this could be made clearer, but we're not tweaking this at this stage. > 3. Lazy computation This is already legal — your proposed tweak doesn't violate any of the MUST in this paragraph. I agree that your wording is better, but we're not making this change at this stage. > 4. Accepting Challenges > When receiving a challenge reply, a node must check if there was a > challenge in progress before validating the challenge. > However the text does not explicitly describe if there are changes > to be made to the overall state when the challenge succeeds. Right. The obvious implementation strategy is to discard the challenge state after a challenge has succeded. Not doing that does not cause any security issues (it's not required by the proof of correctness). I think we should add « SHOULD discard the state » here, but it requires Donald's permission. > I was confused at first between the "challenge expiry timer", the two > rate limits, and the neighbour state expiry timer. I suggest, for > consistency, the following changes: Right. Unfortunately, we're no longer allowed to improve the wording. > 5. Replying to challenges > Section 4.3.1.2. Replying to challenges, the sentence [...] could be moved > earlier Right again. Not worth fighting for, IMHO. > 7. TLV names shouldn't be pluralised Same. > The MAC draft defines (amongst other) three optionaly tunable parameters: [...] > Should they be reflected in the models? No. The protocol is robust enough that the exact values are irrelevant to its security. -- Juliusz
- Re: [babel] Comments on the MAC authentication fo… Antonin Décimo
- [babel] Comments on the MAC authentication for Ba… Antonin Décimo
- Re: [babel] Comments on the MAC authentication fo… Juliusz Chroboczek
- Re: [babel] Comments on the MAC authentication fo… David Schinazi
- Re: [babel] Comments on the MAC authentication fo… Donald Eastlake
- Re: [babel] Comments on the MAC authentication fo… Donald Eastlake
- Re: [babel] Comments on the MAC authentication fo… Juliusz Chroboczek
- Re: [babel] Comments on the MAC authentication fo… Donald Eastlake