Re: [secdir] secdir review of draft-ietf-mpls-gach-adv-06
Leif Johansson <leifj@sunet.se> Mon, 18 February 2013 15:07 UTC
Return-Path: <leifj@sunet.se>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0C0E21F87AD; Mon, 18 Feb 2013 07:07:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_12=0.6]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxQqaRTaGaDy; Mon, 18 Feb 2013 07:07:33 -0800 (PST)
Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by ietfa.amsl.com (Postfix) with ESMTP id 9575B21F875C; Mon, 18 Feb 2013 07:07:32 -0800 (PST)
Received: from [10.33.3.161] ([212.247.15.226]) (authenticated bits=0) by backup-server.nordu.net (8.14.5/8.14.3) with ESMTP id r1IF7NKL024283 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 18 Feb 2013 16:07:26 +0100 (CET)
Message-ID: <512243AB.7000400@sunet.se>
Date: Mon, 18 Feb 2013 16:07:23 +0100
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2
MIME-Version: 1.0
To: Dan Frost <danfrost@cisco.com>
References: <512227BF.6050207@sunet.se> <20130218143142.GA26032@cisco.com>
In-Reply-To: <20130218143142.GA26032@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-mpls-gach-adv.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-mpls-gach-adv-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2013 15:07:34 -0000
On 02/18/2013 03:31 PM, Dan Frost wrote: > Hi Leif, > > On Mon, Feb 18, 2013 at 02:08:15PM +0100, Leif Johansson wrote: >> I have reviewed this document as part of the security directorate's >> ongoing effort to review all IETF documents being processed by the IESG. >> These comments were written primarily for the benefit of the security >> area directors. Document editors and WG chairs should treat these >> comments just like any other last call comments. >> >> The technology is somewhat outside my area of expertise but I found >> the document relatively easy to follow anyway. > Thanks for your review. > >> I'm a fan of writing crypto-related algorithms with very little left >> for the imagination of the reader. To that end I would strongly suggest >> specifying what goes into the GAP message hash even more clearly. >> >> In this case I suspect the intent is that the inner hash is over all >> bytes of GAP message except the GAP authentication TLV which is added >> to the message _after_ the hash is computed. > No need to suspect; the current text is explicit. ;) It says: > > 2. First Hash > > First, the Authentication Data field is filled with the value > Apad. > > Then, a first hash, also known as the inner hash, is computed > as follows: > > First-Hash = H(Ko XOR Ipad || (GAP Message)) > > Here the GAP Message is the portion of the packet that follows > the Associated Channel Header. > > The last paragraph specifies that the hash is computed over all bytes of > the GAP Message that follow the Associated Channel Header. This > includes the Authentication TLV, which is not a problem because "First, > the Authentication Data field is filled with the value Apad." if you would just add that last sentence it would have been that much clearer to me at least. > >> Conversely the validation phase needs to clearly say what bits of the >> message are to be included in computing the hash. > The text states that "When the message is received, the receiver > computes a hash for it as described below", where "below" is Section 6.3 > (we should probably s/below/Section 6.3/ here). In other words, the > transmitter and receiver perform the same computation with the same > input (modulo the Authentication Data field, which is normalised by the > computation itself). So in the verification phase you first fill the Authentication Data field with Apad? That wasn't clear to me from reading the text. > >> Also I would change the timestamp verification step to use normative >> language, eg: "... the receiver MUST, upon successfully authenticating >> a message verify that the timestamp field corresponds... The receiver >> MUST silently discard a GAP message that fails timestamp verification." > Well, use of the replay mitigation mechanism is not required, so I'm not > sure that adding "MUST" language is appropriate. I guess I'm then questioning the judgement of not making replay checking a requirement since it seems fairly simple to do. > > Cheers, > -d >
- [secdir] secdir review of draft-ietf-mpls-gach-ad… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-mpls-gac… Dan Frost
- Re: [secdir] secdir review of draft-ietf-mpls-gac… Leif Johansson