[Babel-users] [babel] Reworked implementation of HMAC authentication

Mahesh Jethanandani mjethanandani at gmail.com
Wed Mar 13 23:26:37 GMT 2019 


> On Mar 12, 2019, at 4:10 PM, Juliusz Chroboczek <jch at irif.fr> wrote:
> 
>> So, currently, as defined, both HMAC and DTLS are global.  Based on what
>> I am reading here, it appears that is not what was intended. So I will
>> join Barbara in saying we do not want to cause a rebellion by suggesting
>> something totally radical here :-)
> 
>> BTW, do we want to maintain the ability to have a global config for security
>> such that it applies to all interfaces?
> 
> What happens when a new interface is added to an existing configuration?
> With a global configuration, it is automatically and hopefully atomically
> configured with the global configuration.  Without a global configuration,
> the new interface might be created with a default security configuration,
> which might (or might not) constitute a security hole.

Agree. Will keep the global configuration option. Requires an update to the IM and DM.

> 
> Both of our security protocols have two properties:
> 
> 1. the ability to have multiple credentials configured on a single
>    interface at the same time;
> 2. the ability to have different sets of credentials on different
>    interfaces.
> 
> The first property is what allows incremental key rotation (add the new
> key, which might involve climbing trees, then remove the old key, which,
> again, might involve visiting your local hospital's emergency room after
> you fell off from a ladder).

This capability is supported by the keychain model.

> 
> The second property is what enables interconnection of routing domains
> managed by different administrative entities -- you probably don't want to
> share your domain's private keys, so the peering link would most probably
> use a different set of credentials.  This is particularly critical for
> HMAC, which only supports symmetric keying.

Hmm. Can the two domains use certs/asymmetric keys to send the symmetric key obtained by one end, in a secure fashion to the partner domain? 

> 
> I think that these are important properties, and they should be reflected
> in the YANG model.
> 
> -- Juliusz

Mahesh Jethanandani
mjethanandani at gmail.com

More information about the Babel-users mailing list