[Rift] Security interop testing between RIFT-Juniper and RIFT-Python successfully completed

Bruno Rijsman <brunorijsman@gmail.com> Fri, 19 July 2019 10:52 UTC

Return-Path: <brunorijsman@gmail.com>
X-Original-To: rift@ietfa.amsl.com
Delivered-To: rift@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1F25D1200B6 for <rift@ietfa.amsl.com>; Fri, 19 Jul 2019 03:52:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id sZbRn8D6vYvJ for <rift@ietfa.amsl.com>; Fri, 19 Jul 2019 03:52:12 -0700 (PDT)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F47812001A for <rift@ietf.org>; Fri, 19 Jul 2019 03:52:12 -0700 (PDT)
Received: by mail-ed1-x536.google.com with SMTP id x19so28179687eda.12 for <rift@ietf.org>; Fri, 19 Jul 2019 03:52:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=zRUuMkboxZT/r8+nEWbUlaDMqEP3NL9/Hg1caa+GL5w=; b=Ug+neiyHdWcdL+Z0Nz2Ij0hjtvqXNTpAikjEuRz7f52X0nkAbll6pnHCL2AGDVbbIx QOl6n4dH0mYTy8JuCN4LF+HDcbyWQuU1HcQ2Krt1ITH6F/wjY2BBT05mC2C+C2HS0jV1 i6mD/xVjSDzLxDC5OWhngDGK/x36tTf25iFOlpbSMW13Me3F/4c1a0tfjwFRIKQPMuI2 xCW3bnQBchN+jClLrkDD+ER9coCClX4d3v7p6pqAuEQ2KGUgahF52xN2cTIqDrmTfwhH 7gKjDI8ArlJgfkiLMU/uHOXq2M9qlEctGipYDYfSSu/eWoZKAjvuWLL0kAKIVbx4a9oL ptWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=zRUuMkboxZT/r8+nEWbUlaDMqEP3NL9/Hg1caa+GL5w=; b=TL8xTQqTrJ1pVwMlFTgHpOd1YQ+2c5DSzUGzs/o/dCjqawyDXTIWKNPaEXhfPDs2Q3 TIzT6P2tdrBm1bzm9FJAsxnKX6iApOnguUOxENgiiwH+9yRgvuLvi6luG1LRRxVRMy8I GvEWvz92AIV7mBOogwcJpx41INVXrM3F3USCqn/1PJZC31SCSa1mIr/elEZYi8bepddm tbV8tkJEFk6DgCymPaNVSIEBo+rsu+jmMRyqgVYzK3A9Tj1/CIVSrUVbpW5pspQO6yCN zebngqR9Q49A9QuazqcFMiOkXeyA1nB13Uwl5ODpVTIdC389CcED82BivtQMtViJ9iRO XBcw==
X-Gm-Message-State: APjAAAUoNcBXBr71pNJZuP0deMW6dlNqOchCbUU8L4+raRr0rrjjt7kO LkIFs4HtsBFwDIf66DFXxNI=
X-Google-Smtp-Source: APXvYqyV/vIlhT4qSv1D+FPkdYflw4L+JmaKhjK7nCh5Bt8OD3/SSGjxH0LQs9Hs4t01jXYj+fLndg==
X-Received: by 2002:a50:9f4e:: with SMTP id b72mr45559734edf.252.1563533530629; Fri, 19 Jul 2019 03:52:10 -0700 (PDT)
Received: from [] (ip-213-127-48-174.ip.prioritytelecom.net. []) by smtp.gmail.com with ESMTPSA id j10sm6142674ejk.23.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 03:52:10 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_8020FE13-F45D-486C-B8DE-D8FE3E29BE9E"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Bruno Rijsman <brunorijsman@gmail.com>
In-Reply-To: <0DEC8C31-BFEE-42B9-B8D2-9F0A7ED88756@gmail.com>
Date: Fri, 19 Jul 2019 12:52:08 +0200
Cc: rift@ietf.org, Bruno Rijsman <brunorijsman@gmail.com>
Message-Id: <0DB7371D-EF03-4DEB-9A26-0193AD4D57FE@gmail.com>
References: <0DEC8C31-BFEE-42B9-B8D2-9F0A7ED88756@gmail.com>
To: Tony Przygienda <tonysietf@gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rift/pXH4fLNmiCJyNN5Gd4I9paqr26g>
Subject: [Rift] Security interop testing between RIFT-Juniper and RIFT-Python successfully completed
X-BeenThere: rift@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Routing in Fat Trees <rift.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rift>, <mailto:rift-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rift/>
List-Post: <mailto:rift@ietf.org>
List-Help: <mailto:rift-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rift>, <mailto:rift-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jul 2019 10:52:15 -0000

I am happy to report that I have successfully completed interop testing of RIFT security between RIFT-Juniper and RIFT-Python [1].

In my earlier e-mail I had already reported that interoperability was achieved for the outer security envelope.

Now, interoperability for origin security envelope is also working. As before, interop testing included both positive and negative test cases. This completes the interop testing of RIFT security.

We did not find any issues that require changes in the draft. (There was only one very minor implementation issue which was quickly fixed.)

For an updated feature guide of security in RIFT-Python see [2] (many enhancements were added during interop testing).

Much has changed since I wrote the "RIFT Security Review" document [3] and, as a result, it is now out of date. I will update it to reflect the changes in the draft since May and the recent experiences from interop testing. I hope to post the updated version before the RIFT meeting at the IETF-105 in Montreal.

[1] https://github.com/brunorijsman/rift-python <https://github.com/brunorijsman/rift-python>

[2] http://bit.ly/rift-python-security-feature-guide <http://bit.ly/rift-python-security-feature-guide>

[3] http://bit.ly/rift-security-review <http://bit.ly/rift-security-review>

— Bruno

PS: The interoperability tests are fully automated using the “interop.py” script in the RIFT-Python repository. The results can easily be reproduced by anyone with access to the RIFT-Python code (which is publicly available in GitHub), the RIFT-Juniper executable, and an AWS instance or physical Ubuntu server.

> On Jul 17, 2019, at 2:41 PM, Bruno Rijsman <brunorijsman@gmail.com> wrote:
> Status update on security interop testing between RIFT-Juniper and RIFT-Python:
> The outer keys are now interoperating fine.
> (A) As expected, the adjacency between RIFT-Juniper and RIFT-Python comes up to state 3way, when 
>  (A1) authentication is disabled or
>  (A2) authentication is enabled with the same active keys or 
>  (A3) authentication is enabled with different active keys and corresponding accept keys.
> (B) As expected, the adjacency between RIFT-Juniper and RIFT-Python does not come up to state 3way, when 
>  (B1) Authentication is enabled on one side but not the other side
>  (B2) Authentication is enabled with different active keys and without corresponding accept keys
> Challenges along the way:
>  (C1) Juniper uses SHA-256(key + payload) whereas RIFT-Python uses HMAC-SHA-256(key, payload).  Solution: add support for SHA-256(key + payload) to RIFT-Python (in addition to HMAC-SHA-256).
>  (C2) RIFT-Juniper used different YAML configuration keywords than RIFT-Python.  Solution: change RIFT-Python to use the same configuration keywords.
>  (C3) RIFT-Juniper only support configuration of outer keys on a per-interface basis, whereas RIFT-Python support configuring the outer keys on a per-node and per-interface basis with an inheritance rule.  Solution: for interop testing, only use per-interface configuration.
>  (C4) RIFT-Juniper only supports SHA-256, whereas RIFT-Python also supports other key lengths (e.g. SHA-224, SHA-384, and more).  Solution: limit interop testing to SHA-256.
> All four of these issues are implementation issues, and none of these issues require any changes to the draft.
> Next step: finish interop testing for the origin keys. (I plan to do this Thursday  morning, Netherlands time)
> — Bruno