IETF Logo Mail Archive

Re: [OSPF] [karp] Last Call: <draft-ietf-ospf-auth-trailer-ospfv3-05.txt> (Supporting Authentication Trailer for OSPFv3) to Proposed Standard

"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Wed, 24 August 2011 14:38 UTC

Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BE0B21F8B52; Wed, 24 Aug 2011 07:38:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.245
X-Spam-Level:
X-Spam-Status: No, score=-6.245 tagged_above=-999 required=5 tests=[AWL=0.354, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AS0ulxgtOLwI; Wed, 24 Aug 2011 07:38:38 -0700 (PDT)
Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by ietfa.amsl.com (Postfix) with ESMTP id 646C421F8B38; Wed, 24 Aug 2011 07:38:38 -0700 (PDT)
Received: from inbansmailrelay2.in.alcatel-lucent.com (h135-250-11-33.lucent.com [135.250.11.33]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id p7OEdiS3011695 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 24 Aug 2011 09:39:47 -0500 (CDT)
Received: from INBANSXCHHUB03.in.alcatel-lucent.com (inbansxchhub03.in.alcatel-lucent.com [135.250.12.80]) by inbansmailrelay2.in.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id p7OEdgfA008082 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Wed, 24 Aug 2011 20:09:43 +0530
Received: from INBANSXCHMBSA1.in.alcatel-lucent.com ([135.250.12.38]) by INBANSXCHHUB03.in.alcatel-lucent.com ([135.250.12.80]) with mapi; Wed, 24 Aug 2011 20:09:42 +0530
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: Sam Hartman <hartmans-ietf@mit.edu>, "ietf@ietf.org" <ietf@ietf.org>
Date: Wed, 24 Aug 2011 20:09:40 +0530
Thread-Topic: [karp] Last Call: <draft-ietf-ospf-auth-trailer-ospfv3-05.txt> (Supporting Authentication Trailer for OSPFv3) to Proposed Standard
Thread-Index: AcxbcHckAhwFV117ToWRv88q2y5g9gG+iTTg
Message-ID: <7C362EEF9C7896468B36C9B79200D8350CFF9A5F02@INBANSXCHMBSA1.in.alcatel-lucent.com>
References: <20110719145739.5942.53564.idtracker@ietfa.amsl.com> <tsl7h6ed1sp.fsf@mit.edu>
In-Reply-To: <tsl7h6ed1sp.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39
Cc: "ospf@ietf.org" <ospf@ietf.org>, "karp@ietf.org" <karp@ietf.org>
Subject: Re: [OSPF] [karp] Last Call: <draft-ietf-ospf-auth-trailer-ospfv3-05.txt> (Supporting Authentication Trailer for OSPFv3) to Proposed Standard
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2011 14:38:39 -0000

Hi,

[clipped]

> 
> Based on this review I have a few recommendations for the 
> OSPF v3 authentication trailers document.
> 
> 1) The v3 authentication trailer takes a step back in the 
> ability to rekey security associations both from OSPF v2, 
> from IPsec for OSPF v3 and from 

[ ..]

> 
> I believe that draft-ietf-ospf-auth-trailer-ospfv3-05 needs 
> to be revised to require implementation behavior at least as 
> flexible as draft-ietf-karp-crypto-tables. That is, 
> associated with each security association is a time for when 
> sending packets can start with a given SA and for when it 
> must stop. Infinity and 0 should of course be supported for 
> the appropriate times.
> 
> 2) I notice terminology inconsistency between key identifier  
> and security association identifier. This should probably be 
> cleaned up, although it's not that big of a deal.

http://tools.ietf.org/id/draft-ietf-ospf-auth-trailer-ospfv3-06.txt addresses the first two comments.

> 
> 
> 3) draft-ietf-ospf-analysis says that we are going to solve 
> related protocol attacks. That is, we recognize that it's 
> quite likely that some people will use the same preshared key 
> both for OSPF authentication and for something else. We need 
> to mix something into the key or hash or something that is 
> unlikely to appear in any other use in order to make it 
> cryptographically unlikely for the resulting OSPF 
> authentication hash to be a hash useful in some other 
> protocol or for the hash from some other protocol to be 
> useful in OSPF.  This draft does not do that.  One possible 
> way to solve this would be to prepend a constant in front of 
> the key in the key preparation step or a constant in front of 
> every packet that gets hashed. The constant should be the 
> same for OSPFv3 and not used for any other purpose.

We had an offline discussion with Sam and others and we seem to have converged at this text:

We change the hex that's repeated in the Apad from 0x878FE1F3 to 0x878FE1F4. This value will be unique for OSPFv3. Other protocols that use this mechanism must use a different value of Apad - you could think of this as "salting" the Apad.

OLD TEXT in Sec 4.4:

Apad is a value which is the same length as the hash output or message digest.  The first 16 octets contain the IPv6 source address followed by the hexadecimal value 0x878FE1F3 repeated (L-16)/4 times.
This implies that hash output is always a length of at least 16 octets.

NEW TEXT:

Apad is a value which is the same length as the hash output or message digest.  The first 16 octets contain the IPv6 source address followed by the hexadecimal value 0x878FE1F4 repeated (L-16)/4 times.
This implies that hash output is always a length of at least 16 octets.

Cheers, Manav

v2.23.0 | Report a Bug | By Email