IETF Logo Mail Archive

Re: [Hipsec] Comments on hiccups draft

Tobias Heer <heer@cs.rwth-aachen.de> Tue, 28 July 2009 15:50 UTC

Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA59D3A67F6 for <hipsec@core3.amsl.com>; Tue, 28 Jul 2009 08:50:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.801
X-Spam-Level:
X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IqXEn7VhD10F for <hipsec@core3.amsl.com>; Tue, 28 Jul 2009 08:50:04 -0700 (PDT)
Received: from mta-1.ms.rz.rwth-aachen.de (mta-1.ms.rz.RWTH-Aachen.DE [134.130.7.72]) by core3.amsl.com (Postfix) with ESMTP id 9F5433A67EB for <hipsec@ietf.org>; Tue, 28 Jul 2009 08:50:04 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.5.40]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0KNI005YL1BGJJ80@mta-1.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Tue, 28 Jul 2009 17:50:04 +0200 (CEST)
X-IronPort-AV: E=Sophos;i="4.43,284,1246831200"; d="scan'208";a="20667476"
Received: from relay-auth-1.ms.rz.rwth-aachen.de (HELO relay-auth-1) ([134.130.7.78]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Tue, 28 Jul 2009 17:50:03 +0200
Received: from [10.1.200.37] ([unknown] [81.225.222.227]) by relay-auth-1.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0KNI005ZY1BF4B80@relay-auth-1.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Tue, 28 Jul 2009 17:50:04 +0200 (CEST)
Message-id: <A8BDA005-4E25-4C23-A22A-361EAB1271AE@cs.rwth-aachen.de>
From: Tobias Heer <heer@cs.rwth-aachen.de>
To: Jan Melen <Jan.Melen@nomadiclab.com>
In-reply-to: <4A6F14F5.50905@nomadiclab.com>
Date: Tue, 28 Jul 2009 17:50:01 +0200
References: <6512FD53-0253-4B49-BC0D-41022DBB9644@cs.rwth-aachen.de> <4A6F0B98.5000006@nomadiclab.com> <DBE7A7ED-1979-4BB3-B349-40773E9780A1@cs.rwth-aachen.de> <4A6F14F5.50905@nomadiclab.com>
X-Mailer: Apple Mail (2.935.3)
Cc: hip WG <hipsec@ietf.org>
Subject: Re: [Hipsec] Comments on hiccups draft
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2009 15:50:05 -0000

Am 28.07.2009 um 17:10 schrieb Jan Melen:

> Hi Tobias,
>
> Tobias Heer wrote:
>> Am 28.07.2009 um 16:30 schrieb Jan Melen:
>>
>>>> Section 3: Existence of the HMAC in the packet:
>>>> The hiccups draft states that "[the payload is] protected by a  
>>>> PAYLOAD_HMAC parameter". To me it is unclear how such protection  
>>>> can possibly work. Since there is no previous handshake there are  
>>>> no keys for use in the HMAC. Jan explained that the HMAC is  
>>>> merely used as a way to create a digest over the packet for  
>>>> making the signature more efficient. However, if it is only used  
>>>> for creating the digest, I wonder why it is actually transmitted  
>>>> in the packet because without a secret included in the packet,  
>>>> the digest can easily be calculated and transmitting the digest  
>>>> in a packet seems to be a unnecessary waste of space. Am I  
>>>> missing something here? It would be nice if the draft was more  
>>>> precise about the nature and the use of the HMAC.
>>>>
>>>
>>> if you do send it as the receiving end doesn't have to generate  
>>> the actual parameter that was used to create MAC code in order to  
>>> verify the signature.
>>
>> You must recalculate the digest anyway. Otherwise the receiver will  
>> only check that the signature covers the HMAC but the receiver will  
>> not check that the packet contents match the HMAC. In that sense  
>> only the HMAC but not the packet contents would be integrity- 
>> protected. Since you have to generate the digest over the whole  
>> packet anew anyway I do not see the advantage of sending it in the  
>> packet.
>
> Yes you have to calculate it in either case I'm not referring to  
> that. I'm just saying that the implementation will be more error  
> prone if the host has to calculate the digest and then create the  
> parameter. And we send the parameter in the packet the receiver can  
> already after calculating the digest drop packets which have been  
> modified on the transmit without calculating the signature (the non- 
> malicious errors that happen on transmit).

Now everything becomes a bit clearer. Since you do not expect to have  
a UDP header (with checksum) in all cases you use the HMAC as  
checksum? That works... Although a 20-byte checksum from a  
cryptographic hash function is rather large and expensive (compared to  
the usual transport-layer checksums TCP/UDP: 2 byte). Maybe this (non- 
standard?) use of the HMAC could be stated in the draft to avoid  
confusion.

BR, Tobias

>
>  Jan
>




--  

Dipl.-Inform. Tobias Heer, Ph.D. Student
Distributed Systems Group
RWTH Aachen University, Germany
tel: +49 241 80 207 76
web: http://ds.cs.rwth-aachen.de/members/heer

v2.31.3 | Report a Bug | By Email | System Status