Re: [manet] packetbb-sec WGLC comments (was: Re: WG adoption of NHDP-sec)
Ulrich Herberg <ulrich@herberg.name> Thu, 26 May 2011 08:37 UTC
Return-Path: <ulrich@herberg.name>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1D1DE06E0 for <manet@ietfa.amsl.com>; Thu, 26 May 2011 01:37:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.376
X-Spam-Level:
X-Spam-Status: No, score=-2.376 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_46=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ab6u81kq5zE7 for <manet@ietfa.amsl.com>; Thu, 26 May 2011 01:37:31 -0700 (PDT)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 9BF1CE06B7 for <manet@ietf.org>; Thu, 26 May 2011 01:37:31 -0700 (PDT)
Received: by vws12 with SMTP id 12so435909vws.31 for <manet@ietf.org>; Thu, 26 May 2011 01:37:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herberg.name; s=dkim; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=x1LqMkIyTE7yti/FljmmRRG/tbJNK4ilITMY+bdO0Uo=; b=JvVFmlBDNtQAHlutkh820UTytbnU5AXVo4seeQP2LxW8bmkcCAJcrJmK7fYINoQsZw tNStJXXwitS7HzbI1X2fTIE4odDanFIN453yjSL3+xhZceTZowENvQ4iGF22JVbMvdlH pScYOzpaFezetYUiAMDQsy7/g7rWkfEQfV3pk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=herberg.name; s=dkim; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=1IGwMdlOVp9Pl4THviEXYRbP/4t9XK9k9QWuNfamaoDWZzi8zZH1hhvnTW3vWe/msg SlpE6bbFUEhMtH446WMyNNqDfuG6IMAUlVNKfHa0xOUbAWuooJkZ4A+cwMC6hsutuRWk vlTJfGIHUBIxmpsKrLNP4+T1WOEVXnt37HpnQ=
MIME-Version: 1.0
Received: by 10.220.9.8 with SMTP id j8mr195411vcj.228.1306399050541; Thu, 26 May 2011 01:37:30 -0700 (PDT)
Received: by 10.220.158.138 with HTTP; Thu, 26 May 2011 01:37:30 -0700 (PDT)
In-Reply-To: <BANLkTinM6GvPrb1n_tOgSV+mqRyR_8Q+=w@mail.gmail.com>
References: <BANLkTinM6GvPrb1n_tOgSV+mqRyR_8Q+=w@mail.gmail.com>
Date: Thu, 26 May 2011 10:37:30 +0200
Message-ID: <BANLkTimH1v5S7CyyP7OdrfLV2BwBOhkCYg@mail.gmail.com>
From: Ulrich Herberg <ulrich@herberg.name>
To: "Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com>
Content-Type: multipart/alternative; boundary="bcaec54eecd657abc704a429bbd8"
Cc: MANET IETF <manet@ietf.org>, Thomas Heide Clausen <thomas@thomasclausen.org>
Subject: Re: [manet] packetbb-sec WGLC comments (was: Re: WG adoption of NHDP-sec)
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2011 08:37:33 -0000
Chris, after some more discussions between the authors of packetbb-sec, we can agree with your point of view. We will work on a new revision, which we will submit soon. Regards Ulrich On Tue, May 24, 2011 at 5:34 PM, Ulrich Herberg <ulrich@herberg.name> wrote: > Chris, > > sorry for the late reply, I was very busy these last weeks ;-) > > On Thu, Apr 21, 2011 at 5:17 PM, Dearlove, Christopher (UK) < > Chris.Dearlove@baesystems.com> wrote: > >> Brief version: I think there's a two part change that should >> be included before finishing WGLC. >> >> My apologies in advance in that should this spark a discussion, >> I'll be out of the loop for a week and a half and no able to >> contribute. (The UK is largely shutting down, we have for a >> combination of rare reasons, two four day weekends, with a >> three day gap. Many of us are taking those three days off too.) >> >> My main concern over this document is that it specifies a >> signature as the composition of a hash function and a >> cryptographic function, in that order. There are other ways >> of constructing signatures that do not correspond to such >> a decomposition. >> > > I agree that there other ways of constructing signatures. In your case, > couldn't you just select the identity function as hash function and then > only use the cryptographic function for creating the signature (i.e. > chris_special_signature_function(id(message)) )? > > If that is not suitable, of course, a new type extension could be used: > > >> >> The obvious response to that is to pick a new type extension >> for such. > > > yes > > >> This can't be normative text in this document, but >> I think it should be described in the applicability statement, >> which should say that this specification describes a general >> approach to signatures (much of the document, such as how to >> traety hop counts/limits is not specific to this decomposition) >> and then a specific approach to signatures, and should provide >> the comment that other mathematical forms of signature are >> possible, and should be handled by use of alternative type >> extensions. In the main body of the specification, a bit more >> clarity on what is form-specific and what is not would then >> help. >> > > Yes, I agree to that and will update the text accordingly. > > >> >> This then leads to the question a to whether the form described >> should be the privileged type extension = 0 case. Actually I >> would suggest it should be type extension = 1, with 0 reserved >> for "I'm not providing any information on algorithms, this is >> defined out of band, not in each packet. The reason I suggest >> that as type 0 (and including it in this document) is that it >> puts the two lowest-overhead options together (type extension 0, >> which can be omitted, and no algorithm information). >> >> Note that for timestamp, what other type extensions may be is >> alraedy covered, but not so for signatures, and timestamp uses >> the type extension 0 for the analogous case I suggest for type >> extension 0 for signature, i.e. detertmined otherwise (should >> the phrase "administrative action" be used in both cases?) >> > > I see your point. However, I am not convinced that the additional overhead > of setting the type extension for the proposed decomposition into > hash+crypto is desirable. Most signatures mechanisms that I am aware of use > this decomposition. There are certainly other ways of calculating a > signature, but sending an additional octet in every message for these -- at > least currently -- rare cases needs to be justified. As for timestamps, I > don't see one single prevalent way of representing a timestamp, which is why > we use the type extension 0 for a general case. > > Ulrich > > >> >> I think there should be another iteration before going to >> SECDIR and IESG, as I think it will avoid work further down the >> line, as well as being a better specification this way. >> >> -- >> Christopher Dearlove >> Technology Leader, Communications Group >> Communications and Networks Capability >> BAE Systems Advanced Technology Centre >> West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK >> Tel: +44 1245 242194 Fax: +44 1245 242124 >> >> BAE Systems (Operations) Limited >> Registered Office: Warwick House, PO Box 87, >> Farnborough Aerospace Centre, Farnborough, Hants, GU14 6YU, UK >> Registered in England & Wales No: 1996687 >> >> -----Original Message----- >> From: manet-bounces@ietf.org [mailto:manet-bounces@ietf.org] On Behalf >> Of Joe Macker >> Sent: 07 April 2011 17:17 >> To: MANET IETF >> Subject: [manet] WG adoption of NHDP-sec >> >> >> *** WARNING *** >> >> This message has originated outside your organisation, >> either from an external partner or the Global Internet. >> Keep this in mind if you answer this message. >> >> >> As discussed in Prague we are presently considering adoption of NHDP >> security related document as a WG document. >> >> reference is draft-herberg-manet-nhdp-sec-01 >> >> Please comment if you have an opinion. >> >> -Joe >> _______________________________________________ >> manet mailing list >> manet@ietf.org >> https://www.ietf.org/mailman/listinfo/manet >> >> >> ******************************************************************** >> This email and any attachments are confidential to the intended >> recipient and may also be privileged. If you are not the intended >> recipient please delete it from your system and notify the sender. >> You should not copy it or use it for any purpose nor disclose or >> distribute its contents to any other person. >> ******************************************************************** >> >> > > _______________________________________________ > manet mailing list > manet@ietf.org > https://www.ietf.org/mailman/listinfo/manet > >
- [manet] packetbb-sec WGLC comments (was: Re: WG a… Ulrich Herberg
- Re: [manet] packetbb-sec WGLC comments (was: Re: … Ulrich Herberg