Re: [secdir] Secdir last call review of draft-ietf-babel-hmac-07
Juliusz Chroboczek <jch@irif.fr> Fri, 28 June 2019 23:44 UTC
Return-Path: <jch@irif.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FE9A120709; Fri, 28 Jun 2019 16:44:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bmnvqk0ftS1p; Fri, 28 Jun 2019 16:44:40 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D287120705; Fri, 28 Jun 2019 16:44:36 -0700 (PDT)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id x5SNiWAO009110; Sat, 29 Jun 2019 01:44:32 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id A1D5D4A4E3; Sat, 29 Jun 2019 01:44:34 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id O1ir-0GRb5SA; Sat, 29 Jun 2019 01:44:33 +0200 (CEST)
Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 709134A4E0; Sat, 29 Jun 2019 01:44:33 +0200 (CEST)
Date: Sat, 29 Jun 2019 01:44:33 +0200
Message-ID: <878stlz34u.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Robert Sparks <rjsparks@nostrum.com>
Cc: secdir@ietf.org, draft-ietf-babel-hmac.all@ietf.org, ietf@ietf.org, babel@ietf.org
In-Reply-To: <156174806170.21879.2999727589481093933@ietfa.amsl.com>
References: <156174806170.21879.2999727589481093933@ietfa.amsl.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Sat, 29 Jun 2019 01:44:32 +0200 (CEST)
X-Miltered: at korolev with ID 5D16A660.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5D16A660.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5D16A660.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/dTc_9yZfqqvzpUUloInZEYlVHSk>
Subject: Re: [secdir] Secdir last call review of draft-ietf-babel-hmac-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2019 23:44:43 -0000
Dear Robert, > Nit: (This was part of my early review of -00) > The claim in 1.1 about not requiring persistent storage is contradicted by the > definition of the protocol. At the very least, there is the need to persist the > most recent (index,PC) seen. I most respectfully disagree. The whole point of the challenge/response mechanism is to avoid the need for persistent storage. If a node loses the information about a neighbour (e.g. because it has rebooted and lost the index/PC of the neighbour), it can simply send a new challenge to recover the state. Here is what is written in Section 2 (Conceptual overview): By itself, the PC mechanism is not sufficient to protect against replay. Consider a peer A that has no information about a peer B (e.g., because it has recently rebooted). Suppose that A receives a packet ostensibly from B carrying a given PC; since A has no information about B, it has no way to determine whether the packet is freshly generated or a replay of a previously sent packet. In this situation, A discards the packet and challenges B to prove that it knows the HMAC key. It sends a "challenge request", a TLV containing a unique nonce, a value that has never been used before and will never be used again. B replies to the challenge request with a "challenge reply", a TLV containing a copy of the nonce chosen by A, in a packet protected by HMAC and containing the new value of B's PC. Since the nonce has never been used before, B's reply proves B's knowledge of the HMAC key and the freshness of the PC. Should you disagree with the fact that this mechanism allows a node to recover the state that it has discarded, I request that you provide an example scenario in which this mechanism fails. -- Juliusz
- [secdir] Secdir last call review of draft-ietf-ba… Robert Sparks via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Juliusz Chroboczek