IETF Logo Mail Archive

Re: [secdir] SecDir review of draft-ietf-mpls-ldp-hello-crypto-auth-05

"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Wed, 21 May 2014 07:20 UTC

Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82A121A0466; Wed, 21 May 2014 00:20:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xfDrKzAC5ROv; Wed, 21 May 2014 00:20:33 -0700 (PDT)
Received: from ihemail3.lucent.com (ihemail3.lucent.com [135.245.0.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EAF01A0245; Wed, 21 May 2014 00:20:33 -0700 (PDT)
Received: from us70uusmtp4.zam.alcatel-lucent.com (h135-5-2-66.lucent.com [135.5.2.66]) by ihemail3.lucent.com (8.13.8/IER-o) with ESMTP id s4L7KUwd017464 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 21 May 2014 02:20:30 -0500 (CDT)
Received: from US70UWXCHHUB02.zam.alcatel-lucent.com (us70uwxchhub02.zam.alcatel-lucent.com [135.5.2.49]) by us70uusmtp4.zam.alcatel-lucent.com (GMO) with ESMTP id s4L7KUrx003392 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 21 May 2014 03:20:30 -0400
Received: from SG70YWXCHHUB04.zap.alcatel-lucent.com (135.253.2.38) by US70UWXCHHUB02.zam.alcatel-lucent.com (135.5.2.49) with Microsoft SMTP Server (TLS) id 14.2.247.3; Wed, 21 May 2014 03:20:30 -0400
Received: from SG70YWXCHMBA05.zap.alcatel-lucent.com ([169.254.5.212]) by SG70YWXCHHUB04.zap.alcatel-lucent.com ([135.253.2.38]) with mapi id 14.02.0247.003; Wed, 21 May 2014 15:20:27 +0800
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, IETF Security Directorate <secdir@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-mpls-ldp-hello-crypto-auth.all@tools.ietf.org" <draft-ietf-mpls-ldp-hello-crypto-auth.all@tools.ietf.org>
Thread-Topic: SecDir review of draft-ietf-mpls-ldp-hello-crypto-auth-05
Thread-Index: AQHPcRACnDeFnD7gHUOXWsSAGM4MlZtGKCeAgAGxPwCAAWJn0IAAMnOAgAE5o+A=
Date: Wed, 21 May 2014 07:20:26 +0000
Message-ID: <20211F91F544D247976D84C5D778A4C32E60B565@SG70YWXCHMBA05.zap.alcatel-lucent.com>
References: <53761B24.1060501@gmail.com> <20211F91F544D247976D84C5D778A4C32E60982F@SG70YWXCHMBA05.zap.alcatel-lucent.com> <537A694C.60101@gmail.com> <20211F91F544D247976D84C5D778A4C32E60AAFE@SG70YWXCHMBA05.zap.alcatel-lucent.com> <537BBCE9.3060803@gmail.com>
In-Reply-To: <537BBCE9.3060803@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.253.19.18]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/yhH7BQURxJCTMDTKj-LXaPsm_A0
Cc: "manavbhatia@gmail.com" <manavbhatia@gmail.com>
Subject: Re: [secdir] SecDir review of draft-ietf-mpls-ldp-hello-crypto-auth-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 May 2014 07:20:35 -0000

Hi Yaron,

> >
> > Can you suggest what else needs to be added to make it clearer?
> 
> I suggest to add: "Any unspecified values are encoded as zero."

Sure, will do.

> >
> >>
> [...]
> >>
> >>>> * 7: 128-bit keys are OK (or overkill) for some algorithms, but
> too
> >>>> short for others. In general, the recommended key length is not
> >>>> constant. It depends on the algorithm.
> >>>
> >>> This needs to be punched on each router console. For an internal
> >> network, do you think 128 bit isnt good enough?
> >>
> >> Personally, I think 128 bits are great :-) Seriously, if people are
> >> using HMAC-SHA-512 then 128 is not appropriate. You can argue that
> you
> >> don't need more than 128 bits of entropy, but then I would suggest
> to
> >> remove SHA-512 from the draft. The general point is that different
> >> algorithms require different key lengths.
> >
> > I think you missed the text in Sec 5.1 which says:
> >
> >     The LDP Cryptographic Protocol ID is appended to the
> Authentication
> >     Key (K) yielding a Protocol Specific Authentication Key (Ks).  In
> >     this application, Ko is always L octets long.  While [RFC2104]
> >     supports a key that is up to B octets long, this application uses
> L
> >     as the Ks length consistent with [RFC4822], [RFC5310], [RFC5709]
> and
> >     [RFC7166].
> >
> > In case of HMAC-SHA-512 the key size would be 512 bits.
> >
> > We never restrict the key size to 128.
> >
> 
> I was referring to the following text, which I still think is
> misguided:
> "Deployments SHOULD use sufficiently long and random values for the
> Authentication Key so that guessing and other cryptographic attacks on
> the key are not feasible in their environments.  Furthermore, it is
> RECOMMENDED that Authentication Keys incorporate at least 128
> pseudo-random bits to minimize the risk of such attacks."
> 
> Crypto keys should have random bits amounting to their full length,
> rather than just a 128-bit subset of the key.

Thanks for the catch. I agree, it doesn't make sense to use a subset of the key. Will remove this.

Cheers, Manav

> 
> >>
> >>>>
> [...]
> 
> >
> > Cheers, Manav
> >

v2.23.0 | Report a Bug | By Email