Re: [secdir] SecDir review of draft-ietf-mpls-ldp-hello-crypto-auth-05

Manav Bhatia <manavbhatia@gmail.com> Wed, 21 May 2014 10:39 UTC

Return-Path: <manavbhatia@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D6861A0327; Wed, 21 May 2014 03:39:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N324a6b5JW73; Wed, 21 May 2014 03:39:48 -0700 (PDT)
Received: from mail-oa0-x235.google.com (mail-oa0-x235.google.com [IPv6:2607:f8b0:4003:c02::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 202DA1A04B0; Wed, 21 May 2014 03:39:48 -0700 (PDT)
Received: by mail-oa0-f53.google.com with SMTP id m1so1976091oag.26 for <multiple recipients>; Wed, 21 May 2014 03:39:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=5pRq24jYsQ9oMBs/dusrVV+ZnmcNV0daHhUy+npd8HM=; b=M5TohfC2JhqnpZfUuiv2NM8uRF8H56IuFbzCmwJdgPWI8O4eSi3Yd6Hem1sNzpJf6i ZmbxkkSYMQ5tvC7Ci/myrPU7LkMlYuWFrb2iykxt7inW1Y2NH18e/5WdtWlrYx0+XY1A n4rIJCgvxKKGiRYAqSXQimo+yr7zcBNoBCmrOjCsg1pESr77bzQdb38jdXTL2OgGTwQH NY3OYX86LcJLvrJMSCYlKdWQYwLzSA/yL4HbgbM2AZHMHu9FUobgu0X1Q609+sSVUAGj nXm8W55gCsHMffERWSSZ1aPiDaLaLPJQa549s5rHfyUQHYyjBIE/J+rdnQNSbt2pICOi j+vA==
MIME-Version: 1.0
X-Received: by 10.182.99.198 with SMTP id es6mr17963518obb.69.1400668787034; Wed, 21 May 2014 03:39:47 -0700 (PDT)
Received: by 10.76.77.97 with HTTP; Wed, 21 May 2014 03:39:46 -0700 (PDT)
In-Reply-To: <537C7EDB.9050000@cs.tcd.ie>
References: <53761B24.1060501@gmail.com> <20211F91F544D247976D84C5D778A4C32E60982F@SG70YWXCHMBA05.zap.alcatel-lucent.com> <537A694C.60101@gmail.com> <537BC7B6.5040406@cs.tcd.ie> <20211F91F544D247976D84C5D778A4C32E60B609@SG70YWXCHMBA05.zap.alcatel-lucent.com> <537C5BCE.4010801@cs.tcd.ie> <20211F91F544D247976D84C5D778A4C32E60B6A8@SG70YWXCHMBA05.zap.alcatel-lucent.com> <537C7EDB.9050000@cs.tcd.ie>
Date: Wed, 21 May 2014 16:09:46 +0530
Message-ID: <CAG1kdogiEJp=jy5D+tvXnAZ2XD0Xe1=kB-do_=h4PU1V9j7KKQ@mail.gmail.com>
From: Manav Bhatia <manavbhatia@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/YYWZPgSNtDGChHDlFpSdTpZgCmU
X-Mailman-Approved-At: Wed, 21 May 2014 08:12:45 -0700
Cc: "draft-ietf-mpls-ldp-hello-crypto-auth.all@tools.ietf.org" <draft-ietf-mpls-ldp-hello-crypto-auth.all@tools.ietf.org>, "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>, The IESG <iesg@ietf.org>, IETF Security Directorate <secdir@ietf.org>
Subject: Re: [secdir] SecDir review of draft-ietf-mpls-ldp-hello-crypto-auth-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 May 2014 10:39:50 -0000

Stephen,

>> This however is a long drawn discussion because everyone needs to be
>> convinced on the merits of updating the HMAC specification -- which I
>> am not sure will take how long.
>
> So I need to look at this draft, HMAC and the other cases but
> it seems to me that you're copying a page or two of crypto
> spec each time and changing one line. Doing that over and over
> is a recipe for long term pain, isn't it?

It sure is.

I had volunteered to write a 1-2 page long ID that updated the HMAC to
include the Apad, but the idea was shot down. The only alternative
left was to include the crypto stuff in each standard that we wrote
later.

>
> (And we've had this discussion for each such draft while I've
> been on the IESG I think, which is also somewhat drawn out;-)

This draft is probably the last one thats coming from the Routing WG
which will have this level of crypto mathematics spelled out. All
other IGPs are already covered. In case we need to change something in
the ones already covered we can refer to the base RFC where we have
detailed the crypto maths. For example,
draft-ietf-ospf-security-extension-manual-keying-08 amongst other
things also updates the definition of Apad. It points to the exact
mathematics in RFC 5709 and only updates the Apad definition in that
draft. This draft btw has cleared the WG LC and would be appearing
before you guys very soon.

Given this, i think we should just pass this draft with this level of
details. Subsequently, when LDP wants to update something, it can
normatively refer to this RFC and only give the changes.

Cheers, Manav

>
> S.
>
>
>>
>> Cheers, Manav
>>
>>
>>>
>>> S
>>>
>>>>
>>>> Cheers, Manav
>>>>
>>>>> -----Original Message----- From: Stephen Farrell
>>>>> [mailto:stephen.farrell@cs.tcd.ie] Sent: Wednesday, May 21,
>>>>> 2014 2:53 AM To: Bhatia, Manav (Manav); IETF Security
>>>>> Directorate; The IESG; draft-
>>>>> ietf-mpls-ldp-hello-crypto-auth.all@tools.ietf.org Cc: Yaron
>>>>> Sheffer; manavbhatia@gmail.com Subject: Re: SecDir review of
>>>>> draft-ietf-mpls-ldp-hello-crypto-auth-05
>>>>>
>>>>>
>>>>>
>>>>> On 19/05/14 21:27, Yaron Sheffer wrote:
>>>>>>>>
>>>>>>>> * 5.1: Redefining HMAC (RFC 2104) is an extremely bad
>>>>>>>> idea. This reviewer does not have the appropriate
>>>>>>>> background to critique the proposed solution, but there
>>>>>>>> must be an overwhelming reason to
>>>>> reopen> >>>>> cryptographic primitives.
>>>>>>>
>>>>>>> This is a decision that was taken by Sec Ads when we were
>>>>>>> doing the crypto protection for the IGPs based on some
>>>>>>> feedback from NIST.
>>>>> This
>>>>>>> mathematics is not new and has been done for all IGPs and
>>>>>>> has been approved and rather encouraged by the Security
>>>>>>> ADs.
>>>>>
>>>>> The above does not sound like something I recognise. I have
>>>>> repeatedly asked that documents not re-define HMAC. Perhaps
>>>>> this time, I'll make that a DISCUSS and not budge. I probably
>>>>> should have done that before TBH.
>>>>>
>>>>> If you are revising that doc, *please* get rid of the
>>>>> re-definition and just properly refer to HMAC. Its about time
>>>>> to stop repeating that error.
>>>>>
>>>>> S.
>>>>
>>>>
>>>>
>>
>>
>>