IETF Logo Mail Archive

[dtn] feedback on draft-birrane-dtn-bpsec-interop-cs-01 was Re: New document acceptance

Mehmet Adalier <madalier@antarateknik.com> Thu, 12 April 2018 17:29 UTC

Return-Path: <madalier@antarateknik.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96A6D127698 for <dtn@ietfa.amsl.com>; Thu, 12 Apr 2018 10:29:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.256
X-Spam-Level:
X-Spam-Status: No, score=0.256 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FSL_HELO_BARE_IP_2=1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_NUMERIC_HELO=1.164, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nFmk1VtRVjEr for <dtn@ietfa.amsl.com>; Thu, 12 Apr 2018 10:29:03 -0700 (PDT)
Received: from sonic301-38.consmr.mail.ne1.yahoo.com (sonic301-38.consmr.mail.ne1.yahoo.com [66.163.184.207]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF1461275F4 for <dtn@ietf.org>; Thu, 12 Apr 2018 10:29:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1523554142; bh=I9QoQs6NR2rTIrC/2XrbRZuzM/8jyEr3iSkrDEdRnpI=; h=Date:Subject:From:To:From:Subject; b=meMhvOUwt+9nwZvTTxxKoRFxJ63JUQjS5r9aPleNBaeV0pqsvfkSgfD0rUrDj7zS1kDqxziqmURsLkTMWAWl1bdSgJ2inJ1yVB0EWWjvb5JyTjUdAuFhSn7PrT5+/TgIEpslO02dFyYUJ7Tza5HHDWmnBFn2ubYRM2UaBoXWnjB94MHVrHlFPhqXwoV5HKTQWV52XOauEK3dtFE6l14PuycT0YZqSnzHwUcHz2iV4U+H8Ku/wHfZzMS7eMsg3QHZOpltgMjRZi7Q/NgHvVLxeg3z0O/kS7pVngEEjAS8U6WPcFwaRRmAcV6jeqDdag1WkoT4xGwxsDXoddpXMcrNAA==
X-YMail-OSG: A2CKmSsVM1l77jHBJKcGT699yy4jokfISieHtXLADmiTBW19Wf5NO1BnZ2.irlb s1faYuJrdDV4mwO2.e834z2ool7rnQTfwoOxIRvM71bnaJvOTDdfAmr8xYsAFmPfEMfYLF96oJnn tI8QZ1xK.h4Y7279u.BmftVrtz0dwlbOlmbO9KfOpke4m1Et6Mz2igO9w_cukmyliKSU1s8nbqik oR9EIoQAHAOhl9fljQSQwmXTjNymjxUBSZiim.quWARzbsF0Ww9BdkrYHgps.iBJtKpe9XTrKaWw uL0LhLxVT77IbOkqqyv65RzCjmXwyWsqWxZnfZfmHlJkA9NbpEnFNngxdwqn2Y4Mde8pZeSCbGC9 AI2lr85JlE_G5u0nMiXE2H5D_mnAmVs4Vsy8KgY4tPA7MCEehuBh0wkcUyFbroPXqgueTmw0gXXn _r.vIXhu1QJNlg6GvTu5j1cLa.NnV0GWZHupOvEID5QT6zrQqQ8iH3hYRb9BDsuonUwkIGUcupdi 9WOgnDamwxh0sI7KGhMxEbquvAi3feEZ92QDMtA5S1.O5kxA-
Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Thu, 12 Apr 2018 17:29:02 +0000
Received: from 67.159.150.85 (EHLO [192.168.1.5]) ([67.159.150.85]) by smtp429.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID fd73a52b7a062e31641f7632a4dc46a7; Thu, 12 Apr 2018 17:29:01 +0000 (UTC)
User-Agent: Microsoft-MacOutlook/10.9.0.180116
Date: Thu, 12 Apr 2018 10:28:57 -0700
From: Mehmet Adalier <madalier@antarateknik.com>
To: Rick Taylor <rick@tropicalstormsoftware.com>, "dtn@ietf.org" <dtn@ietf.org>
Message-ID: <B78A719D-E546-4FFD-B2AD-A12E68756ADB@antarateknik.com>
Thread-Topic: feedback on draft-birrane-dtn-bpsec-interop-cs-01 was Re: [dtn] New document acceptance
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/uKhYuDex_FF8dmEzkNPQ8XZ7i8o>
Subject: [dtn] feedback on draft-birrane-dtn-bpsec-interop-cs-01 was Re: New document acceptance
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2018 17:29:07 -0000

I do believe that the draft-birrane-dtn-bpsec-interop-cs-01 is valuable work for the WG.

I like the layout and per "Second, this specification can serve as a template to be followed by other BPSec cipher suite authors," 
I am using this as a template for another cipher suite. Thanks Ed:)
 
We do have running code based on Ed's BPsec code+ ION and our crypto libraries that implement this draft.

I have a few specific questions/suggestions:
1. Regarding AAD use with GCM. Why is this disallowed? Or did I read it wrong? 
2. Would be it be possible to make AAD optional?
	(i.e., input plain text and AAD as separate buffers), length of AAD buffer is passed in the security header, 0 indicating no AAD.
	AAD length can be restricted to 16bytes (AES block length) to make implementations easier.
	This is what our implementation does at the moment.
3. I would strongly suggest that the IV is more restricted.
	NIST and other research recommend that for IVs: “GCM implementations restrict support to the length of 96 bits, to promote interoperability, 
	efficiency, and simplicity of design.” See SP-800-38D
	Having implemented GCM both on x86, ARM in C & Assembly... implementations using other IV lengths are quite complex, error prone, and require additional cycles.
	See snippet below:
		If len(IV)=96, then let J0 = IV || 0^31 ||1. //that is 31 0s		
		If len(IV) ≠ 96, then let s = 128 ⎡len(IV)/128⎤-len(IV), and let
		J0=GHASHH(IV||0^(s+64)||[len(IV)]base 64).

	I suggest that the IV is set to 96-bits (12-bytes) (i.e., make it a MUST). internally with the inclusion of the counter bits, J0 will end up being 16 bytes

4. I would suggest strong language that the IV MUST be fresh for each use
	A fresh IV must be generated via a Deterministic Random Number Generator as specified by NIST, per instantiation of the GCM algorithm. 
	This IV must not be used for other operations. 
	A breach of the requirement for the uniqueness of the initialization strings may compromise the security assurance *almost entirely*.


I have also read draft-birrane-dtn-ama. This sounds very interesting and would like to further study to investigate a potential implementation using CoAP-over-bp

Best,
Mehmet Adalier
Antara Teknik LLC

 On 4/12/18, 6:41 AM, "dtn on behalf of Rick Taylor" <dtn-bounces@ietf.org on behalf of rick@tropicalstormsoftware.com> wrote:

    Hi All,
    
    At IETF 101 London, the authors of the following documents request WG
    acceptance:
    
     * Asynchronous Management Architecture: draft-birrane-dtn-ama
    
     * BPSec Interoperability Cipher Suites: draft-birrane-dtn-bpsec-
    interop-cs
    
    Both of these documents match work items in the charter.  I believe
    there is rough consensus on their acceptance.
    
    Please comment promptly if you do *not* believe these documents are not
    valuable work for the WG, otherwise they will be accepted.
    
    Cheers,
    
    Rick
    _______________________________________________
    dtn mailing list
    dtn@ietf.org
    https://www.ietf.org/mailman/listinfo/dtn

v2.23.0 | Report a Bug | By Email