IETF Logo Mail Archive

Re: [Hipsec] Comments on hiccups draft

Jan Melen <Jan.Melen@nomadiclab.com> Tue, 28 July 2009 15:10 UTC

Return-Path: <Jan.Melen@nomadiclab.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B95EB3A701A for <hipsec@core3.amsl.com>; Tue, 28 Jul 2009 08:10:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id av8pYwY6ehZS for <hipsec@core3.amsl.com>; Tue, 28 Jul 2009 08:10:48 -0700 (PDT)
Received: from n2.nomadiclab.com (n2.nomadiclab.com [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id BE7E23A7030 for <hipsec@ietf.org>; Tue, 28 Jul 2009 08:10:47 -0700 (PDT)
Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id AD2D31EF28F; Tue, 28 Jul 2009 18:10:48 +0300 (EEST)
Received: from despair.unknown.com (inside.nomadiclab.com [193.234.219.2]) by n2.nomadiclab.com (Postfix) with ESMTP id 71ADD1EF28E; Tue, 28 Jul 2009 18:10:48 +0300 (EEST)
Message-ID: <4A6F14F5.50905@nomadiclab.com>
Date: Tue, 28 Jul 2009 18:10:45 +0300
From: Jan Melen <Jan.Melen@nomadiclab.com>
User-Agent: Thunderbird 2.0.0.7pre (X11/20090418)
MIME-Version: 1.0
To: Tobias Heer <heer@cs.rwth-aachen.de>
References: <6512FD53-0253-4B49-BC0D-41022DBB9644@cs.rwth-aachen.de> <4A6F0B98.5000006@nomadiclab.com> <DBE7A7ED-1979-4BB3-B349-40773E9780A1@cs.rwth-aachen.de>
In-Reply-To: <DBE7A7ED-1979-4BB3-B349-40773E9780A1@cs.rwth-aachen.de>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
Cc: hip WG <hipsec@ietf.org>
Subject: Re: [Hipsec] Comments on hiccups draft
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2009 15:10:48 -0000

Hi Tobias,

Tobias Heer wrote:
> Am 28.07.2009 um 16:30 schrieb Jan Melen:
>
>>> Section 3: Existence of the HMAC in the packet:
>>> The hiccups draft states that "[the payload is] protected by a 
>>> PAYLOAD_HMAC parameter". To me it is unclear how such protection can 
>>> possibly work. Since there is no previous handshake there are no 
>>> keys for use in the HMAC. Jan explained that the HMAC is merely used 
>>> as a way to create a digest over the packet for making the signature 
>>> more efficient. However, if it is only used for creating the digest, 
>>> I wonder why it is actually transmitted in the packet because 
>>> without a secret included in the packet, the digest can easily be 
>>> calculated and transmitting the digest in a packet seems to be a 
>>> unnecessary waste of space. Am I missing something here? It would be 
>>> nice if the draft was more precise about the nature and the use of 
>>> the HMAC.
>>>
>>
>> if you do send it as the receiving end doesn't have to generate the 
>> actual parameter that was used to create MAC code in order to verify 
>> the signature.
>
> You must recalculate the digest anyway. Otherwise the receiver will 
> only check that the signature covers the HMAC but the receiver will 
> not check that the packet contents match the HMAC. In that sense only 
> the HMAC but not the packet contents would be integrity-protected. 
> Since you have to generate the digest over the whole packet anew 
> anyway I do not see the advantage of sending it in the packet.

Yes you have to calculate it in either case I'm not referring to that. 
I'm just saying that the implementation will be more error prone if the 
host has to calculate the digest and then create the parameter. And we 
send the parameter in the packet the receiver can already after 
calculating the digest drop packets which have been modified on the 
transmit without calculating the signature (the non-malicious errors 
that happen on transmit).

   Jan

v2.31.3 | Report a Bug | By Email | System Status