Re: [Homenet-babel-sec] Security Design Team - July is coming!
Juliusz Chroboczek <jch@irif.fr> Tue, 23 May 2017 17:05 UTC
Return-Path: <jch@irif.fr>
X-Original-To: homenet-babel-sec@ietfa.amsl.com
Delivered-To: homenet-babel-sec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEBE1129BB7; Tue, 23 May 2017 10:05:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xuKy9h5ddZWG; Tue, 23 May 2017 10:05:19 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7393C129BBD; Tue, 23 May 2017 10:05:18 -0700 (PDT)
Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/56228) with ESMTP id v4NH5CuO005673 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 23 May 2017 19:05:12 +0200
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/56228) with ESMTP id v4NH58wt027232; Tue, 23 May 2017 19:05:08 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 38698EB200; Tue, 23 May 2017 19:05:08 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id gIaeDe2Fhjwb; Tue, 23 May 2017 19:05:07 +0200 (CEST)
Received: from lanthane.pps.univ-paris-diderot.fr (unknown [172.23.36.54]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id AD877EB204; Tue, 23 May 2017 19:05:04 +0200 (CEST)
Received: from localhost ([::1] helo=lanthane.irif.fr) by lanthane.pps.univ-paris-diderot.fr with esmtp (Exim 4.89) (envelope-from <jch@irif.fr>) id 1dDDF2-0002gw-Ds; Tue, 23 May 2017 19:05:04 +0200
Date: Tue, 23 May 2017 19:05:04 +0200
Message-ID: <7i60gr33nj.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: David Schinazi <dschinazi@apple.com>
Cc: Ted Lemon <mellon@fugue.com>, Mark Townsley <mark@townsley.net>, homenet-babel-sec@ietf.org, babel@ietf.org, Antonin Déci mo <antonin.decimo@gmail.com>
In-Reply-To: <A1A2DC72-FAB0-4E9E-826A-7F15A4110D70@apple.com>
References: <5255AA16-3DA8-418B-8533-B87F1CA78A72@townsley.net> <168E460A-29A7-4AA1-9232-6A777F8F93DE@fugue.com> <A1A2DC72-FAB0-4E9E-826A-7F15A4110D70@apple.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Tue, 23 May 2017 19:05:12 +0200 (CEST)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Tue, 23 May 2017 19:05:12 +0200 (CEST)
X-Miltered: at korolev with ID 59246BC8.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-Miltered: at potemkin with ID 59246BC4.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 59246BC8.000 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/<jch@irif.fr>
X-j-chkmail-Enveloppe: 59246BC4.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 59246BC8.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Score: MSGID : 59246BC4.000 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet-babel-sec/ZvVGWIDdcQ2IozPE28aMeeiXlrQ>
Subject: Re: [Homenet-babel-sec] Security Design Team - July is coming!
X-BeenThere: homenet-babel-sec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Homenet Babel Security <homenet-babel-sec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet-babel-sec>, <mailto:homenet-babel-sec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet-babel-sec/>
List-Post: <mailto:homenet-babel-sec@ietf.org>
List-Help: <mailto:homenet-babel-sec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet-babel-sec>, <mailto:homenet-babel-sec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 May 2017 17:05:21 -0000
> 1) The community agrees that we want to support them I think there's a fair number of people who are. I, for one, would like to see them defined, although I'm not sure if they are really necessary -- I don't see an attack model that targets Hellos specifically. > 2) The community hasn't yet come to a consensus on how to encode them, > proposals included a new TLV, a flag in the existing TLV, and a sub-TLV. I don't think we considered sub-TLVs, although this might be an option now that we have mandatory bits. > While the Homenet Babel profile could technically be achieved without > unicast hellos, I think they expand our options, and since they are at the > top of the Babel WG's agenda, it's worth waiting for them. Agreed. Antonin Décimo (in copy of this mail) will be doing an internship on Babel this July. The plan is to have him implement a prototype of Stenberg-Schinazi security for Babel (unicast everything, protect using DTLS). My current plan is to ask him to do without unicast Hellos for now (this means that Hellos will be unprotected), although it's up to Antonin -- perhaps he'll want to work on unicast Hellos first. -- Juliusz
- [Homenet-babel-sec] Security Design Team - July i… Mark Townsley
- Re: [Homenet-babel-sec] Security Design Team - Ju… Ted Lemon
- Re: [Homenet-babel-sec] Security Design Team - Ju… Ray Bellis
- Re: [Homenet-babel-sec] Security Design Team - Ju… David Schinazi
- Re: [Homenet-babel-sec] Security Design Team - Ju… Juliusz Chroboczek
- Re: [Homenet-babel-sec] Security Design Team - Ju… Juliusz Chroboczek
- Re: [Homenet-babel-sec] Security Design Team - Ju… Juliusz Chroboczek
- Re: [Homenet-babel-sec] Security Design Team - Ju… Jehan Tremback
- Re: [Homenet-babel-sec] Security Design Team - Ju… Ted Lemon
- Re: [Homenet-babel-sec] Security Design Team - Ju… Ted Lemon
- Re: [Homenet-babel-sec] Security Design Team - Ju… Ted Lemon
- Re: [Homenet-babel-sec] Security Design Team - Ju… Toke Høiland-Jørgensen
- Re: [Homenet-babel-sec] Security Design Team - Ju… STARK, BARBARA H
- Re: [Homenet-babel-sec] Security Design Team - Ju… Ted Lemon