Re: [Hipsec] Eric Rescorla's Discuss on draft-ietf-hip-native-nat-traversal-28: (with DISCUSS and COMMENT)

Miika Komu <miika.komu@ericsson.com> Thu, 20 February 2020 06:50 UTC

Return-Path: <miika.komu@ericsson.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33FF61200D6; Wed, 19 Feb 2020 22:50:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.003
X-Spam-Level:
X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FJijwmMg0yxM; Wed, 19 Feb 2020 22:50:48 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2043.outbound.protection.outlook.com [40.107.22.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AF8F12001E; Wed, 19 Feb 2020 22:50:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b9aPmBWGxK2IpbbqWKbAus2ohbosTq3g9YapGt1VmmVLq04I4sC1VnRPDVkPpYBGHf2JUrVfxPEVUqcDgnDJjVhmXvqZAa3ppJKs6ero+T6c6TdY2itcOlgV4lGAoON6yA2pQ3usDBj5U/aac03n6XXVHxvLSHNSBSL/rAyuB3CanyuWfPnz0py12T98Ftyu3sfGTUyUgNoWhL6H4NhS6/sV5i7KzURN0xv0pZJ6k1Wtx5PYbRJZac02/IXcB/h9LTC4/7hXsaKsHAb//eBrure7G7Bbr8/ICt/coNu+F+0dSxeihBt9S/5YyJARJ1CeeDoAwY5yqxHOte2Up2AL6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/VCks4Js1ynV7fcKgs/uu28xj4IgDXeW5G/0QLMhzSU=; b=OtmytlJOUaEKCwme5pjWlszzzjyJJP1IX47QBRguRCmU6zAg52Wlq8pDLFpG56mI7cwE/fsiKpwrVaKg5R0Wdc9oxiI3RNZ0I5ab/tDQmVSicxUxwmiyeUkRM1VluFriHBWc4KJcsxPL/yJjSZgMbWJ0g0xri+bGMLFhiGNXm/QtHoOpDXKbl48WLLGNMb9Mw3GGVR5HxLQxjUZ1bp2aMlfBmbDuu0/yW//RIyvSMpyunD49DTTkwf3o8kQmvOU7Q5mqOcMZoGvnkhpNtlkp2ecljmO3JvYijlZy8VIYnPLAKCZpjyuv8fuFefT75kRLdFLGJbndWYwvwD4y/5CcKA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/VCks4Js1ynV7fcKgs/uu28xj4IgDXeW5G/0QLMhzSU=; b=bbg5f95l/zqmmdh43jK5G76LRFpR9PupYVYkTur2iigc7iSWLL9ecIiiAYkWDLdsQ4cj9qFxDu874ksXX3PzbKL4OG9jP0eDJp91vqyJYyFNmcl78NNSxOYgE3yUWqRkqn9oerRHHGwhBhFbqvLBIjzxm7A9F4KmzgGhDUef/nA=
Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (52.134.81.144) by AM0PR07MB4948.eurprd07.prod.outlook.com (20.178.17.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.6; Thu, 20 Feb 2020 06:50:45 +0000
Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::790c:4b51:77d2:7767]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::790c:4b51:77d2:7767%5]) with mapi id 15.20.2750.016; Thu, 20 Feb 2020 06:50:45 +0000
From: Miika Komu <miika.komu@ericsson.com>
To: "ekr@rtfm.com" <ekr@rtfm.com>
CC: "draft-ietf-hip-native-nat-traversal@ietf.org" <draft-ietf-hip-native-nat-traversal@ietf.org>, "hip-chairs@ietf.org" <hip-chairs@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, "hipsec@ietf.org" <hipsec@ietf.org>
Thread-Topic: Eric Rescorla's Discuss on draft-ietf-hip-native-nat-traversal-28: (with DISCUSS and COMMENT)
Thread-Index: AQHT497tUmBXmn8MOU+Q++wdbIVom6VF/FUAgE08J4CCk9E3AIAAA4SAgACfMAA=
Date: Thu, 20 Feb 2020 06:50:45 +0000
Message-ID: <20b7460348acc2f3d958ab8ed66a70b49448289a.camel@ericsson.com>
References: <152546246777.11589.13288594519409569524.idtracker@ietfa.amsl.com> <a657ffe0-3574-850e-3b8d-9b21f6f8825b@ericsson.com> <CABcZeBO3gLUZevW0zTN6RHiuYBY+7d-4DefSNBA3FzhXFWfGQw@mail.gmail.com> <47c0cdb7980fa6b9d85d71de926d24ea50a90930.camel@ericsson.com> <CABcZeBOVzKyd1Q6uYi66AFEazhW5OSOwYMBnUqGvjHRk4+0DtA@mail.gmail.com>
In-Reply-To: <CABcZeBOVzKyd1Q6uYi66AFEazhW5OSOwYMBnUqGvjHRk4+0DtA@mail.gmail.com>
Accept-Language: fi-FI, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1
authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com;
x-originating-ip: [89.166.49.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: baad6ade-5552-4772-87b7-08d7b5d1363b
x-ms-traffictypediagnostic: AM0PR07MB4948:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR07MB49489798B71328FBDAAF6BAEFC130@AM0PR07MB4948.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 031996B7EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(396003)(366004)(39860400002)(346002)(199004)(189003)(6506007)(186003)(54906003)(26005)(4326008)(478600001)(71200400001)(316002)(86362001)(8676002)(6512007)(66476007)(66556008)(64756008)(66446008)(76116006)(91956017)(5660300002)(8936002)(81166006)(6916009)(2616005)(81156014)(44832011)(36756003)(6486002)(66946007)(2906002)(99106002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB4948; H:AM0PR07MB3876.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qFEdfKCXf4K2kOh59vQ3Yuy+VW+4JdcEQ0BLZ/4KyZHkTD4eZY8gs9LJN82rPwgDGnYONtvVofJM3TOKTTKVwBippEHlywr5GDCPtZqYKUFUAqjqIHKQo+KxzYtt3WfVpCbcyeY7K9yYnncwCiMVAoplQfybnfBiO6di9fhj72G2he08pqIAl4DRBXh8q4nYMLCu8VhTUJkUQt/HLZLdX1p66Gd8Z+x13qiQMKsab8gd+KHu6pEABfkZ1fpyrFPYY7EiSv2z2CAgipo0W5V/sULgucrwkW9hetwOL88VfHy7dYKKhJ0UWcQVTme+H39O+5FYhSbtgCurTlb7qRr/X6Gl3j7xwv+CKBZznGpu2fAYa2ZAvw2D6owkocTRvuA2KsKB8uaDuMTEwPgXQ1IltveKKVlbF5w5TSZ6SepqwJ/5Y+DbiWM2GF0Zky0Jol2ZRM43j8/2zalJ6ppwypxh51dl+PsFLCxsPaITLD72tngbbr4JoBDeK68Z4R7OJtRN
x-ms-exchange-antispam-messagedata: Pjm0KfN7X9S6JycOJEbpVu1oVCdX8XybisZBdjxgeW0DjPX0odvdsO7A7r5jxEFTPbE8MtnqM2CUgVOJ5jdSdUbcWyD6MUpTmfHytvUIIV/+QbuESzVHsbtpTxaZY4YUmuj2/KehwuuqTVyjpWvRzg==
Content-Type: text/plain; charset="utf-8"
Content-ID: <B3B36E90F3EFDC449E9BAA2B6B3034B6@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: baad6ade-5552-4772-87b7-08d7b5d1363b
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Feb 2020 06:50:45.7838 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: koOPbirVmyLGVpnP6vna+5gqayxn4MprNrXKu2EvjVqCaaMWGRkJbxuUK7ev1yOehLoU9MIQgEFLAJw0gxPdKw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4948
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/SAvB8w5Dy2jd0nZIDgCLGDonwGo>
Subject: Re: [Hipsec] Eric Rescorla's Discuss on draft-ietf-hip-native-nat-traversal-28: (with DISCUSS and COMMENT)
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Feb 2020 06:50:53 -0000

Hi Eric,

ke, 2020-02-19 kello 13:20 -0800, Eric Rescorla kirjoitti:
> > > > > S 5.8.
> > > > >>    
> > > > >>    5.8.  RELAY_HMAC Parameter
> > > > >>    
> > > > >>       As specified in Legacy ICE-HIP [RFC5770], the
> > RELAY_HMAC
> > > > parameter
> > > > >>       value has the TLV type 65520.  It has the same
> > semantics
> > > > as RVS_HMAC
> > > > >>       [RFC8004].
> > > > > 
> > > > > What key is used for the HMAC?
> > > > 
> > > > clarified this as follows:
> > > > 
> > > > [..] It has the same semantics as RVS_HMAC as specified in
> > section
> > > > 4.2.1 
> > > > in [RFC8004].  Similarly as with RVS_HMAC, also RELAY_HMAC is
> > is
> > > > keyed 
> > > > with the HIP integrity key (HIP-lg or HIP-gl as specified in
> > > > section 6.5 
> > > > in [RFC7401]), established during the relay registration
> > procedure
> > > > as 
> > > > described in Section 4.1.
> > > 
> > > This seems like it might have potential for cross-protocol
> > attacks on
> > > the key. Why
> > > is this OK>
> > 
> > this is standard way of deriving keys in HIP. The keying procedure
> > is
> > the same as with specified in RFC8004. If there is some attack
> > scenario, please describe it in detail?
> > Or is there some editorial issue here?
> 
> I'm not sure. When I read this text it appears to say that you should
> be using the same key for two kinds of messages. Is that correct?

the key is always specific to a Host Association, i.e., unique between
a Relay Client and a Relay Server. So if there is a Rendezvous server
(used with RVS_HMAC), this would be a different host and different Host
Association. If the same host provides both rendezvous and relay
service, it should be fine to reuse the same key.