IETF Logo Mail Archive

[babel] rfc6126bis security implementation requirements

Donald Eastlake <d3e3e3@gmail.com> Sat, 10 November 2018 04:17 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4F01130E07; Fri, 9 Nov 2018 20:17:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xO97yvLbuiGC; Fri, 9 Nov 2018 20:17:18 -0800 (PST)
Received: from mail-it1-x134.google.com (mail-it1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AB09128D0C; Fri, 9 Nov 2018 20:17:18 -0800 (PST)
Received: by mail-it1-x134.google.com with SMTP id a205-v6so312735itd.4; Fri, 09 Nov 2018 20:17:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=AQF07CAvnJyWOhVeoBKwgL7wudU1Xs7m292GVxZ9fto=; b=P2GU96DbTrxaMjmvsbXvh3jKAFgsUiPijPEO1Ge2SF+GcPJHY40IjIb3/AULADwfhL hP1gS8+JzqKgarCNXPkr7621ApnMaQopQd1AyrElEKYulxn3H4X9anquABcdRTm0rPe3 GcysYletNr0OrknvCT52TbI7pq0v2FGaOD45iVQXD7Rbrjl3p/fjoMvQqSEpelUtA0t4 itudjGPo+EkeoXJ9hqhhL5a6W+6w2tsqL6+iUwEkALbrEqKnQRUEDsUS/FE9XFWjtP4H iitCuyqhJPkM1E8QCWNp6CbernoXXJdO5g4QnLtdanLFcMEM6sHTTgfMPNob/KPgKe0t 3O2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=AQF07CAvnJyWOhVeoBKwgL7wudU1Xs7m292GVxZ9fto=; b=bxPGu1iK2vugY5UNUCMSNZKWiOGlGOZA3eHvkUIFJkGoIsMAKOgM0m0VPCgevB+bFd QK4c8BFCLpQIenFkTu0I9j2DRGZRThzIp5Ynn8Dko0iMi5xALRPf7d+e1f6oB8mutdVs OrZKXzP01SVn1EU3robHn0NRsU74ph0lfX2zyawjyDsIQBij6vYlqfaTOcte+9JL03me 6aBVEKHfp2eG9pQH7SSMzvDsN70EsT6Uqcj09OBtH68ij2q1/nd1E3ygCpvhLBlsVMHW 3JCBs6RbFWcA+lg0smvMW63HJGtC0xCYbzPyp7KCC7RIjVGaOXquCtw/qr2ewDd5nHjf vmnA==
X-Gm-Message-State: AGRZ1gL275201phSUA5vc4h9+XzalcDd+FnbnrtqygJfwhnlWMYpfMtt yOeIsicek+0VZJuRvUnutjwLMoIey4YQvazR5GXOnpjW
X-Google-Smtp-Source: AJdET5dMRFFz/ZS3aOKTfz9ud/XPyvxYstvY5yHePCq89sUzRCFCb1A+9bs6ii1rYyXa0kLEp6v687MImkYlLtD5Wxg=
X-Received: by 2002:a24:39d8:: with SMTP id l207-v6mr4387496ita.103.1541823436893; Fri, 09 Nov 2018 20:17:16 -0800 (PST)
MIME-Version: 1.0
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Fri, 09 Nov 2018 23:17:05 -0500
Message-ID: <CAF4+nEHaYMX_iLvE5teUvk97ZmO03oS1LRaS1A7BiNaLMEwcWw@mail.gmail.com>
To: Babel at IETF <babel@ietf.org>
Cc: babel-chairs <babel-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000043352a057a47be84"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/xknshzm-hgYJ0p57cIad3hULyqM>
Subject: [babel] rfc6126bis security implementation requirements
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Nov 2018 04:17:19 -0000

In discussion at the BABEL WG meeting in Bangkok, there appeared to be
consensus in the room that rfc6126bis should normatively reference both the
hmac and the dtls Babel security drafts and should recommend implementing
both. It should also recommend using hmac unless the additional security
features of dtls are specifically needed. Neither would be mandatory to
implement. This email is to confirm that consensus.

If you have any opinion on this, please reply within the next week or two.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 1424 Pro Shop Court, Davenport, FL 33896 USA
 d3e3e3@gmail.com

v2.23.0 | Report a Bug | By Email