Re: [secdir] SecDir review of draft-ietf-mpls-ldp-hello-crypto-auth-05
Manav Bhatia <manavbhatia@gmail.com> Sun, 25 May 2014 05:50 UTC
Return-Path: <manavbhatia@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D26B81A024D; Sat, 24 May 2014 22:50:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.901
X-Spam-Level: *
X-Spam-Status: No, score=1.901 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_42=0.6, J_CHICKENPOX_64=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i4iC4yDmAXmy; Sat, 24 May 2014 22:50:05 -0700 (PDT)
Received: from mail-ob0-x22b.google.com (mail-ob0-x22b.google.com [IPv6:2607:f8b0:4003:c01::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 572341A0246; Sat, 24 May 2014 22:50:05 -0700 (PDT)
Received: by mail-ob0-f171.google.com with SMTP id wn1so6988190obc.16 for <multiple recipients>; Sat, 24 May 2014 22:50:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rU090q2IeXFomkr0AZX/CCEQQ4pYunzIfxrVvDIFYuY=; b=pbIhVq2G3rX2NvsC+KO4XoDdp6OUcPFsRFxx3XQDWmDY9r3H24LPrrxB6LtAIuyVw3 zlWevf6XeBpdS5ob/QFYkuAUYh/U+z0SKt5S2mH9GgNrnVOYvlhfKTegG8YRUuYFChBY ytjaGZcTyFniLxopull3DI8wzML1pibGN7Rqv9UYyXMm0F4TMpaMy2nzC/ulwJZUd9F7 FggElySsWr/1uqEPnhPWvYfxpT/RQAbQrjDzcaldQrNH67wx7tMNSU9aU6W943odhnvq bOFhcvtWrFhWnsj/slO6hjTMebZ9gkliQY40x1fOtKa4iFg7jCkiIEoiJ94F3cGGvYE0 XeeQ==
MIME-Version: 1.0
X-Received: by 10.60.146.210 with SMTP id te18mr16653308oeb.44.1400997002543; Sat, 24 May 2014 22:50:02 -0700 (PDT)
Received: by 10.76.77.97 with HTTP; Sat, 24 May 2014 22:50:02 -0700 (PDT)
In-Reply-To: <57ee448f94f94cd7ba040903e604aa3c@SG70XWXCHHUB01.zap.alcatel-lucent.com>
References: <53761B24.1060501@gmail.com> <20211F91F544D247976D84C5D778A4C32E60982F@SG70YWXCHMBA05.zap.alcatel-lucent.com> <537A694C.60101@gmail.com> <537BC7B6.5040406@cs.tcd.ie> <20211F91F544D247976D84C5D778A4C32E60B609@SG70YWXCHMBA05.zap.alcatel-lucent.com> <537C5BCE.4010801@cs.tcd.ie> <20211F91F544D247976D84C5D778A4C32E60B6A8@SG70YWXCHMBA05.zap.alcatel-lucent.com> <537C7EDB.9050000@cs.tcd.ie> <CAG1kdogiEJp=jy5D+tvXnAZ2XD0Xe1=kB-do_=h4PU1V9j7KKQ@mail.gmail.com> <537C86D6.1030703@pi.nu> <20211F91F544D247976D84C5D778A4C32E60BA5C@SG70YWXCHMBA05.zap.alcatel-lucent.com> <537CA2D2.4070103@cs.tcd.ie> <54E263B5-41C7-4523-9941-B3E39AE077CD@mit.edu> <57ee448f94f94cd7ba040903e604aa3c@SG70XWXCHHUB01.zap.alcatel-lucent.com>
Date: Sun, 25 May 2014 11:20:02 +0530
Message-ID: <CAG1kdoj=VpE_EJc1zB=50eTsr=44Jr4yUc3BZVH2QpLJMR6mHQ@mail.gmail.com>
From: Manav Bhatia <manavbhatia@gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Content-Type: multipart/mixed; boundary="047d7b5d42f8ae28c704fa330813"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/7TVn-wnBF2SOSAiT4uqd5nB7plU
Cc: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>, IETF Security Directorate <secdir@ietf.org>, "draft-ietf-mpls-ldp-hello-crypto-auth.all@tools.ietf.org" <draft-ietf-mpls-ldp-hello-crypto-auth.all@tools.ietf.org>, The IESG <iesg@ietf.org>, Loa Andersson <loa@pi.nu>
Subject: Re: [secdir] SecDir review of draft-ietf-mpls-ldp-hello-crypto-auth-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 May 2014 05:50:12 -0000
Hi, Yaron, I and few of us exchanged quite a few emails offline and we have come up with a version that addresses Yaron's and Stephen's concerns about repeating the HMAC stuff thats already present in RFC 2104. We've cleaned it up pretty nicely with very minimal changes. I am unable to submit this latest and the greatest version since i have updated my email ID in this version. The tracker requires one of the co-authors to authenticate/approve the submission. I am attaching the latest version with this email in case folks want to go through this till it becomes available formally. The draft is all set to fly now! :-) Cheers, Manav On Wed, May 21, 2014 at 7:54 PM, Yaron Sheffer <yaronf.ietf@gmail.com>wrote: > IMHO, this is purely a naming problem. Apad does NOT modify the base > HMAC, please see > > http://tools.ietf.org/html/draft-ietf-mpls-ldp-hello-crypto-auth-05#section-5 > . > It is just one more thing that's signed by HMAC. > > My problem with this draft is that they have different ideas about the > key length, compared to RFC 2104 (top of Sec. 5.1). Also, I am unhappy > that they spell out the HMAC construction instead of leaving it as a > black box. > > But I think Apad is just fine, if it weren't for the unfortunate name > that leads people to think it's modifying HMAC. > > Thanks, > Yaron > > > On 05/21/2014 04:28 PM, Uri Blumenthal wrote: > > Once again, please. > > > > 1. Who specifically, at NIST and at IESG, says that HMAC needs Apad for > security reasons (and therefore is not secure as-is)? > > > > 2. What are those security reasons, and what are the attacks that are > foiled by Apad? > > > > 3. What published papers/references/whatever is this documented? As HMAC > came with security proofs, I’d like to see where and how they are > invalidated (if they indeed are). > > > > > > > > On May 21, 2014, at 8:57 , Stephen Farrell <stephen.farrell@cs.tcd.ie> > wrote: > > > >> > >> > >> On 21/05/14 12:14, Bhatia, Manav (Manav) wrote: > >>> I agree with Loa. > >>> > >>> Our current draft is very simple and has gone through multiple > >>> iterations of reviews in at least two WGs. It brings LDP to the same > >>> level of security as other protocols running in the networks. > >> > >> Fully agree with that goal. > >> > >>> > >>> I think we should just push it forward and if there is an interest in > >>> writing a new ID that updates HMAC specification, then we write one > >>> that includes the Apad stuff. I think the latter should anyways be > >>> done, regardless of what happens to this particular draft. > >> > >> I need to read it. But I'd be happier if that HMAC draft existed > >> and was going to be processed - then we wouldn't have to do this > >> discussion again. > >> > >> Cheers, > >> S. > >> > >>> > >>> The IETF submission site is down and hence couldn’t upload the > >>> revised ID (addressing Yaron's comments). Will do it tomorrow once > >>> its up. > >>> > >>> After that its ready to be placed before the IESG. > >>> > >>> Cheers, Manav > >>> > >>>> -----Original Message----- From: Loa Andersson [mailto:loa@pi.nu] > >>>> Sent: Wednesday, May 21, 2014 4:29 PM To: Manav Bhatia; Stephen > >>>> Farrell Cc: Bhatia, Manav (Manav); IETF Security Directorate; The > >>>> IESG; draft- ietf-mpls-ldp-hello-crypto-auth.all@tools.ietf.org; > >>>> Yaron Sheffer Subject: Re: SecDir review of > >>>> draft-ietf-mpls-ldp-hello-crypto-auth-05 > >>>> > >>>> Folks, > >>>> > >>>> I'm only the document shepherd. My feeling is that we are raising > >>>> the hurdle step by step for the KARP - initiated RFCs, the first > >>>> was comparatively smooth, now we are trying to put an 18 months > >>>> effort (individual draft to RFC) in front of approving something > >>>> that is comparatively simple and seen as raising LDP to the same > >>>> security as the other routing protocols. > >>>> > >>>> So if we get to tired to push this, we are all better off not > >>>> doing the security work for this particular protocol? > >>>> > >>>> Someone said - "Never let the best be the enemy of the possible"! > >>>> > >>>> /Loa > >>>> > >>>> > >>>> > >>>> On 2014-05-21 12:39, Manav Bhatia wrote: > >>>>> Stephen, > >>>>> > >>>>>>> This however is a long drawn discussion because everyone > >>>>>>> needs to > >>>> be > >>>>>>> convinced on the merits of updating the HMAC specification -- > >>>>>>> which > >>>> I > >>>>>>> am not sure will take how long. > >>>>>> > >>>>>> So I need to look at this draft, HMAC and the other cases but > >>>>>> it seems to me that you're copying a page or two of crypto spec > >>>>>> each time and changing one line. Doing that over and over is a > >>>>>> recipe for long term pain, isn't it? > >>>>> > >>>>> It sure is. > >>>>> > >>>>> I had volunteered to write a 1-2 page long ID that updated the > >>>>> HMAC > >>>> to > >>>>> include the Apad, but the idea was shot down. The only > >>>>> alternative left was to include the crypto stuff in each standard > >>>>> that we wrote later. > >>>>> > >>>>>> > >>>>>> (And we've had this discussion for each such draft while I've > >>>>>> been on the IESG I think, which is also somewhat drawn out;-) > >>>>> > >>>>> This draft is probably the last one thats coming from the Routing > >>>>> WG which will have this level of crypto mathematics spelled out. > >>>>> All other IGPs are already covered. In case we need to change > >>>>> something > >>>> in > >>>>> the ones already covered we can refer to the base RFC where we > >>>>> have detailed the crypto maths. For example, > >>>>> draft-ietf-ospf-security-extension-manual-keying-08 amongst > >>>>> other things also updates the definition of Apad. It points to > >>>>> the exact mathematics in RFC 5709 and only updates the Apad > >>>>> definition in that draft. This draft btw has cleared the WG LC > >>>>> and would be appearing before you guys very soon. > >>>>> > >>>>> Given this, i think we should just pass this draft with this > >>>>> level of details. Subsequently, when LDP wants to update > >>>>> something, it can normatively refer to this RFC and only give the > >>>>> changes. > >>>>> > >>>>> Cheers, Manav > >>>>> > >>>>>> > >>>>>> S. > >>>>>> > >>>>>> > >>>>>>> > >>>>>>> Cheers, Manav > >>>>>>> > >>>>>>> > >>>>>>>> > >>>>>>>> S > >>>>>>>> > >>>>>>>>> > >>>>>>>>> Cheers, Manav > >>>>>>>>> > >>>>>>>>>> -----Original Message----- From: Stephen Farrell > >>>>>>>>>> [mailto:stephen.farrell@cs.tcd.ie] Sent: Wednesday, May > >>>>>>>>>> 21, 2014 2:53 AM To: Bhatia, Manav (Manav); IETF > >>>>>>>>>> Security Directorate; The IESG; draft- > >>>>>>>>>> ietf-mpls-ldp-hello-crypto-auth.all@tools.ietf.org Cc: > >>>>>>>>>> Yaron Sheffer; manavbhatia@gmail.com Subject: Re: > >>>>>>>>>> SecDir review of > >>>>>>>>>> draft-ietf-mpls-ldp-hello-crypto-auth-05 > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> On 19/05/14 21:27, Yaron Sheffer wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>> * 5.1: Redefining HMAC (RFC 2104) is an extremely > >>>>>>>>>>>>> bad idea. This reviewer does not have the > >>>>>>>>>>>>> appropriate background to critique the proposed > >>>>>>>>>>>>> solution, but there must be an overwhelming > >>>>>>>>>>>>> reason to > >>>>>>>>>> reopen> >>>>> cryptographic primitives. > >>>>>>>>>>>> > >>>>>>>>>>>> This is a decision that was taken by Sec Ads when > >>>>>>>>>>>> we were doing the crypto protection for the IGPs > >>>>>>>>>>>> based on some feedback from NIST. > >>>>>>>>>> This > >>>>>>>>>>>> mathematics is not new and has been done for all > >>>>>>>>>>>> IGPs and has been approved and rather encouraged by > >>>>>>>>>>>> the Security ADs. > >>>>>>>>>> > >>>>>>>>>> The above does not sound like something I recognise. I > >>>>>>>>>> have repeatedly asked that documents not re-define > >>>>>>>>>> HMAC. Perhaps this time, I'll make that a DISCUSS and > >>>>>>>>>> not budge. I probably should have done that before > >>>>>>>>>> TBH. > >>>>>>>>>> > >>>>>>>>>> If you are revising that doc, *please* get rid of the > >>>>>>>>>> re-definition and just properly refer to HMAC. Its > >>>>>>>>>> about time to stop repeating that error. > >>>>>>>>>> > >>>>>>>>>> S. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>> > >>>> -- > >>>> > >>>> > >>>> Loa Andersson email: loa@mail01.huawei.com > >>>> Senior MPLS Expert loa@pi.nu Huawei > >>>> Technologies (consultant) phone: +46 739 81 21 64 > >> > >> _______________________________________________ > >> secdir mailing list > >> secdir@ietf.org > >> https://www.ietf.org/mailman/listinfo/secdir > >> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview > > > > _______________________________________________ > > secdir mailing list > > secdir@ietf.org > > https://www.ietf.org/mailman/listinfo/secdir > > wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview > > >
- [secdir] SecDir review of draft-ietf-mpls-ldp-hel… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Uri Blumenthal
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Bhatia, Manav (Manav)
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Ross Callon
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Bhatia, Manav (Manav)
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Stephen Farrell
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Bhatia, Manav (Manav)
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Bhatia, Manav (Manav)
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Stephen Farrell
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Bhatia, Manav (Manav)
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Stephen Farrell
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Stephen Farrell
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Loa Andersson
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Bhatia, Manav (Manav)
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Stephen Farrell
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Uri Blumenthal
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Barry Leiba
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Bhatia, Manav (Manav)
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Bhatia, Manav (Manav)
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Barry Leiba
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Bhatia, Manav (Manav)
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Manav Bhatia
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Loa Andersson
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Uri Blumenthal
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Loa Andersson
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Barry Leiba
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Manav Bhatia
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Vero Zheng
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Loa Andersson
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Manav Bhatia
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Loa Andersson
- Re: [secdir] SecDir review of draft-ietf-mpls-ldp… Manav Bhatia