Re: [babel] Babel-MAC: Blake2s is 128-bits by default

"STARK, BARBARA H" <bs7652@att.com> Mon, 30 November 2020 21:10 UTC

Return-Path: <bs7652@att.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98E763A11F2; Mon, 30 Nov 2020 13:10:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jtY_eq0Vp6FI; Mon, 30 Nov 2020 13:10:47 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 263193A1208; Mon, 30 Nov 2020 13:10:47 -0800 (PST)
Received: from pps.filterd (m0049462.ppops.net [127.0.0.1]) by m0049462.ppops.net-00191d01. (8.16.0.43/8.16.0.43) with SMTP id 0AUL5AvK022335; Mon, 30 Nov 2020 16:10:46 -0500
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049462.ppops.net-00191d01. with ESMTP id 3555wc3wpx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 30 Nov 2020 16:10:46 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 0AULAi9H026563; Mon, 30 Nov 2020 16:10:45 -0500
Received: from zlp27125.vci.att.com (zlp27125.vci.att.com [135.66.87.52]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 0AULAgrY026536 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 30 Nov 2020 16:10:43 -0500
Received: from zlp27125.vci.att.com (zlp27125.vci.att.com [127.0.0.1]) by zlp27125.vci.att.com (Service) with ESMTP id DF1F816A59A; Mon, 30 Nov 2020 21:10:42 +0000 (GMT)
Received: from MISOUT7MSGEX2DF.ITServices.sbc.com (unknown [135.66.184.225]) by zlp27125.vci.att.com (Service) with ESMTPS id C6C4B16A593; Mon, 30 Nov 2020 21:10:42 +0000 (GMT)
Received: from MISOUT7MSGED1AA.ITServices.sbc.com (135.66.184.195) by MISOUT7MSGEX2DF.ITServices.sbc.com (135.66.184.225) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2044.4; Mon, 30 Nov 2020 16:10:41 -0500
Received: from MISOUT7MSGETA02.tmg.ad.att.com (144.160.12.220) by MISOUT7MSGED1AA.ITServices.sbc.com (135.66.184.195) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2044.4 via Frontend Transport; Mon, 30 Nov 2020 16:10:41 -0500
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.174) by edgeso2.exch.att.com (144.160.12.220) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2044.4; Mon, 30 Nov 2020 16:10:29 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XttbsCLib31YiLs8rJVP7Smxt4BOVpgTZbo9+mldEXQhbpKML3kvV92HhXGGPp/Hz5UiKC+3r63XYCu7f5i9EO0xjca2jOFdxDOU4oQT3By4s+guy3vSlSo2/q+RhFpPawkVPluiWaQlM8b0yCCdXQP4AIUDM+utAat2u2mczVP9jYqf5hG7yMUNq1fc5bPFMlIqin9oWWW33v0G3TxE+qQ0H8OZx3s+QwO7wrBItu52bCcvKAdaN0zTTf220BdSc1r94upVfEH+BzdWMM8hAnnFJuB77pVXWrPW8LKuDmwe+4jdy2qs/iSGPjtv+iuhbv2nF3M+Wc1bTC8VgKPaMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OxeLjuPM4KPX9cBZM0zv+kE5yZinIdeI37zC6a2Bb6E=; b=OH2BL1s0Xp6RMt9vMd44R0QeoibcOwb0cL9bkrA3aRPBNQ7auZyN5qF0jel28Ee0yFdY3WlZMpr+izpdfw1b8Y/ApqU8lzQPz1aR+r9I2O1d67N9ErqDgPmiDaPs0tuT+10kOoIQnsLlD6NCWAignuww7A1Sq1WlaOjTEHHi9QgYD546IUivbbD2RhSfBaWDyrpn+VWksb3s0SBrhqSaT6nu0u5YlKMHhzbO3CKGbxPxFnGAs099/n0g4734RuG+0gJuOBORtlnoNEPUTPUDAOpL0hpfqskHWrNAMlgPkx08CiPPTFy37qaJABsP6DZk/YKam+kmoFB0zN5ojA7Wkg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=att.com; dmarc=pass action=none header.from=att.com; dkim=pass header.d=att.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OxeLjuPM4KPX9cBZM0zv+kE5yZinIdeI37zC6a2Bb6E=; b=NQySmFg7/C2OXLcBWfMdMIYoEO/1l8jVoe9F+gDXt+MS6alUaec3Z6GH3aEwhkXMwm0me5hCIK8vvTJS+ykP8fbHGkd4XZWhbOOqLjGROhiiiBiB3GbAgvYVVXo/gYsYmjDu+nguNrRZ5P3ykJqXQ8NkTMEK1/HMfw1O5KM6wg8=
Received: from SN6PR02MB4512.namprd02.prod.outlook.com (2603:10b6:805:a4::13) by SN1PR02MB3872.namprd02.prod.outlook.com (2603:10b6:802:31::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Mon, 30 Nov 2020 21:10:27 +0000
Received: from SN6PR02MB4512.namprd02.prod.outlook.com ([fe80::1813:2439:6aac:fc24]) by SN6PR02MB4512.namprd02.prod.outlook.com ([fe80::1813:2439:6aac:fc24%6]) with mapi id 15.20.3611.031; Mon, 30 Nov 2020 21:10:27 +0000
From: "STARK, BARBARA H" <bs7652@att.com>
To: =?iso-8859-1?Q?=27Toke_H=F8iland-J=F8rgensen=27?= <toke=40toke.dk@dmarc.ietf.org>, "'Juliusz Chroboczek'" <jch@irif.fr>
CC: "'Valery Smyslov'" <valery@smyslov.net>, "'babel@ietf.org'" <babel@ietf.org>
Thread-Topic: [babel] Babel-MAC: Blake2s is 128-bits by default
Thread-Index: AQHWtIynqOW2ZrjKv0unDQSqMiR04Km7taWAgA3SHACAAU5LgIACOMyAgAC7PICAB9srAIADoxOAgAELyICABvr/QA==
Date: Mon, 30 Nov 2020 21:10:27 +0000
Message-ID: <SN6PR02MB4512897B1B29744C68D02A46C3F50@SN6PR02MB4512.namprd02.prod.outlook.com>
References: <87d00qungk.wl-jch@irif.fr> <87h7q2f6a2.fsf@toke.dk> <87o8jya4jz.wl-jch@irif.fr> <87wnyl4dgi.fsf@toke.dk> <878sazh7ge.wl-jch@irif.fr> <87o8jvylta.fsf@toke.dk> <87o8jomjfb.fsf@toke.dk> <87360xz3yk.wl-jch@irif.fr> <87ft4wl8h6.fsf@toke.dk>
In-Reply-To: <87ft4wl8h6.fsf@toke.dk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=att.com;
x-originating-ip: [45.18.123.63]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ed0d676e-ef3c-41cb-4249-08d895745c63
x-ms-traffictypediagnostic: SN1PR02MB3872:
x-microsoft-antispam-prvs: <SN1PR02MB38727B0A449C5FEA2BC71FFDC3F50@SN1PR02MB3872.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3S4kanYoQxmsZcEm4K/Mc9sbTq8sfE+gOmM0ONzksmurMT+6+NdgBYjCajMp2Mtr8Mgy/OTKkeI++PPwPnMfjRJtfwnCsHNvpJsQL47++yBJtA8TjkHMla2+1dC8+3URoSk32J5mBvoIYNzBoznxzRZziW27zjPxKcHMaAFKhJx2cZjGCQb3G5BDgwRtdbKhqs7xq3hwmOfWhAR45OK9rT3Mx9UB0zeHKJ2SbFsvY3hiO5rf4Fp0wTWaQm/clJYT3FifRMbWGCfhRXx47HtQS3Mdk+Rf3Cu17hSzosVuyiBXb0gWu8X46U6EYKKB58CGTd/cYOcEDefBl/9oW6bXEA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR02MB4512.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(136003)(366004)(346002)(376002)(4326008)(71200400001)(86362001)(478600001)(64756008)(5660300002)(33656002)(66556008)(52536014)(76116006)(66446008)(8676002)(8936002)(110136005)(82202003)(2906002)(6506007)(9686003)(55016002)(66476007)(316002)(54906003)(7696005)(26005)(186003)(66946007)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?iso-8859-1?Q?KwVXJCV2CmmTkUszxuKHKbgaqqyzq0KoSDmhK7YFu8EVzeHlWGwihGJuy/?= =?iso-8859-1?Q?KZWGiGa0ub6BzwCM9FrmvvmJJBcIdYjpUUrOcCdukLfC8suxA/EhuBoe1e?= =?iso-8859-1?Q?hzYS5GgWT6pUMkL5ejH6G1zdbAfckSnBlC/Ca0FA7woauXxm9VHAKR4WY8?= =?iso-8859-1?Q?s9Sci7foR0IfzRH5J0x16D9JEQeeSrXbcfJ+JkbpawhmSGBB+h8y//POfr?= =?iso-8859-1?Q?HPA7f1bT+3oGM77hkBYbiK7bEBCJeshQgrUgMUNQLyfLLqXOFyUEck/oD0?= =?iso-8859-1?Q?b62AguP4Zhn3d2o+YsV+z1FMhHj3wKy0uG1VjCNCvsj50iTPuZphxGbUlK?= =?iso-8859-1?Q?EdbDxrWeawJQ7XxeVIlO5KqMAWslokwk06DgVCIaMF2AK/PDFVEZIUYtp4?= =?iso-8859-1?Q?wIx78xnppHuMJHPwA0rBRAjD+xaBE1TkYPLV55MD/z9dMb9Od81hK5NjWA?= =?iso-8859-1?Q?Mx1w0GL8m3BNiCyQCPljpfgvT6w9uj7qZEEy0pby/2cfJDTdshGyVWjEdm?= =?iso-8859-1?Q?wXZ4lpFkivMLRRDcp9m9j5hHt/Y7pvQwBxHp5/JvM1FFm5BTdEFwegc4EH?= =?iso-8859-1?Q?wLxkGyGn0jko8br0Ttit6vaowYJBWav9eGHbEDo1YBI5EUG/+PnTFkrO02?= =?iso-8859-1?Q?1PGWvfG8RMK/r45evB9+F1NTqhiWoIIcCkKoDQQh9Am0TWwsHfcuqsZ9J6?= =?iso-8859-1?Q?jSM99DYxmXRlINgrfrG1MWTb1ckM+SQNTeft9dBQAS206fwEBS/W1Vpqob?= =?iso-8859-1?Q?x+6J4B1HDV0rN2asiFUBm9G6rNftfW+ae/2iDDWElderSKNAUyYRiDrnxt?= =?iso-8859-1?Q?J3lVkCxblEsgtSTmjUkikN//b0qpJD/ugPUhCoxLaW+WTZ44Xe8sE+0V+a?= =?iso-8859-1?Q?1dvBKjXY7xCuf6VgVfae9OPvJ+VtIugwQEpcEC7hIud1Zrv7TQEbkQ1UNi?= =?iso-8859-1?Q?7zj7Swy40pATKByVDjcLfjumPIopSY1jxYicNSPZ3ZAbvqm91ZVBCzcmSO?= =?iso-8859-1?Q?Cahx3nG+ynbkyUSRo=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN6PR02MB4512.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ed0d676e-ef3c-41cb-4249-08d895745c63
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2020 21:10:27.0539 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EffW15/5g/IhgpljiVwi2fo+1cd1KzfZlYiG0ZMBYGn6qKOViZOeYpzRzh4yu91Z
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR02MB3872
X-OriginatorOrg: att.com
X-TM-SNTS-SMTP: BC61128B1C9AEE6EE876B8B0D1C4AB80D085159FC657C339FE4CC496F25689222
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-11-30_11:2020-11-30, 2020-11-30 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 lowpriorityscore=0 impostorscore=0 phishscore=0 priorityscore=1501 suspectscore=0 adultscore=0 bulkscore=0 mlxlogscore=270 clxscore=1015 malwarescore=0 mlxscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2011300134
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/wax09oIrJTadGfOWAYgCHoTqhkc>
Subject: Re: [babel] Babel-MAC: Blake2s is 128-bits by default
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2020 21:10:56 -0000

Just to confirm (because assuming is bad)...

> >> This does raise one question, though (as I just found out while
> >> implementing the option for a 128-bit version): How does this impact the
> >> recommendations for key size?
> >
> > I suggest that they remain the same (SHOULD be 32 bytes).
> >
> > The digest size impacts the overhead carried by every packet.  Not so the
> > key size: increasing the key size is essentially free.  As a matter of
> > fact, Blake2s will pad the key with zeroes before it is used.
> >
> > Thus:
> >
> >   - allowing shorter keys gains no generality (the user may achieve the
> >     same result by padding with zeroes before passing the key to Blake2s);
> >
> >   - disallowing shorter keys causes confusion (by using a value different
> >     from both HMAC-SHA-256 and the Blake2s maximum), and has no
> measurable
> >     benefits.
> >
> > I do not believe that it impacts the security in any way (2^128 ns is
> > roughly 10^12 times the age of the universe), but I could be wrong.
> 
> Yeah, makes sense, let's keep it at 32 bytes :)

... this means that other than changing "BLAKE2s" to "BLAKE2s-128" (consistent
with the list of "possible values" change), no other change is needed to the text 
in info model re BLAKE2s key length:

      If the algorithm is "BLAKE2s-128",
      the length MUST be between 0 and 32 bytes inclusive, as described
      in [RFC7693].

Barbara