IETF
Babel
babel@jabber.ietf.org
Tuesday, March 9, 2021< ^ >
Barbara Stark has set the subject to: IETF 108 babel WG
Room Configuration
Room Occupants

GMT+0
[14:17:22] Meetecho joins the room
[14:20:03] Alessandro Toppi_web_810 joins the room
[14:20:03] Barbara Stark_web_752 joins the room
[14:20:08] dee3@hot-chilli.net joins the room
[14:21:33] Juliusz Chroboczek_web_207 joins the room
[14:21:49] Donald Eastlake_web_213 joins the room
[14:22:01] <Juliusz Chroboczek_web_207> Hello!
[14:23:09] Antonin Décimo_web_189 joins the room
[14:23:50] Russ White_web_818 joins the room
[14:24:01] <Antonin Décimo_web_189> Hello!
[14:24:09] <dee3@hot-chilli.net> hi
[14:25:26] <Juliusz Chroboczek_web_207> I hope you all have weak coffee and cookies.  IETF without weak coffee is not really IETF.
[14:25:57] <dee3@hot-chilli.net> ? How about a Coke product instead?
[14:26:38] Martin Vigoureux_web_571 joins the room
[14:29:08] <Juliusz Chroboczek_web_207> You'd get a badge!
[14:29:29] Michael Breuer_web_624 joins the room
[14:29:30] Ahmed Aldabbagh_web_845 joins the room
[14:29:38] Ahmed Aldabbagh_web_845 leaves the room
[14:29:41] Ahmed Aldabbagh_web_849 joins the room
[14:29:43] Loa Andersson_web_678 joins the room
[14:30:00] <Barbara Stark_web_752> I don't drink coffee. I drink tea!
[14:30:05] Loa Andersson_web_678 leaves the room
[14:30:12] Loa Andersson_web_390 joins the room
[14:30:20] Loa Andersson_web_390 leaves the room
[14:30:51] David Schinazi_web_270 joins the room
[14:31:08] Yahya_web_472 joins the room
[14:31:13] Zheng Zhang_web_270 joins the room
[14:31:47] Meetecho leaves the room
[14:32:10] dschinazi@jab.im joins the room
[14:32:33] <Zheng Zhang_web_270> Hi Barbara
[14:32:40] <Zheng Zhang_web_270> Hi Juliusz
[14:32:49] <Juliusz Chroboczek_web_207> Hi Sandy.
[14:32:54] Praveen Mada_web_932 joins the room
[14:33:14] <Zheng Zhang_web_270> I drink coffee and tea:grin:
[14:34:09] <Juliusz Chroboczek_web_207> Cheers!
[14:34:22] <dschinazi@jab.im> :P
[14:34:24] <Zheng Zhang_web_270> Haha
[14:38:05] <Russ White_web_818> do we want to carry layer 2 addresses in BABEL for 802.11?
[14:38:51] <Barbara Stark_web_752> Juliusz: Audio is a little fuzzy
[14:39:00] <Antonin Décimo_web_189> the sound is saturating
[14:39:18] <Russ White_web_818> I wonder if it's Juliusz's audio, or if it's just that Juliusz is saturated?
[14:41:41] Meetecho joins the room
[14:43:48] <dee3@hot-chilli.net> Did you want to speak, Martin?
[14:43:51] <Martin Vigoureux_web_571> Will source specific be WG LCed again?
[14:43:59] Antoine Fressancourt_web_753 joins the room
[14:44:34] <Russ White_web_818> It would need to be if the draft is rewritten
[14:44:45] <Russ White_web_818> and probably passed through the directorate for review
[14:45:18] <dee3@hot-chilli.net> Seems reasonable for a re-write.
[14:47:50] <Martin Vigoureux_web_571> Indeed. So another IETF LC too and a complete new iesg review. I guess I need to return the doc to the WG then.
[14:53:42] <dee3@hot-chilli.net> There is a specified "Dummy IPv4 Address" - RFC 7600 Section 4.8.
[14:55:06] <Barbara Stark_web_752> Auto IP addresses for IPv4 were defined in RFC3927
[14:57:44] <Ahmed Aldabbagh_web_849> pardon me for asking a basic question -- is there a relation between Babel routing and the other work on RAW
[14:58:56] <Russ White_web_818> The problem with sending a packet with no source address is devices can do uRPF checks ... we need to make certain this won't be a problem in these kinds of networks
[14:59:04] <Juliusz Chroboczek_web_207> What's RAW?
[14:59:23] <Zheng Zhang_web_270> RAW is a working group
[14:59:44] <Zheng Zhang_web_270> https://datatracker.ietf.org/group/raw/about/
[15:00:37] <Russ White_web_818> you could have loose urpf ... which wouldn't break babel, but could still break packets sourced from addresses not in the table
[15:00:54] <Juliusz Chroboczek_web_207> Ah, right.  Yes.
[15:01:25] <Juliusz Chroboczek_web_207> Pity.
[15:01:59] Chathura Sarathchandra_web_236 joins the room
[15:07:28] Barbara Stark_web_752 leaves the room
[15:07:55] Barbara Stark_web_508 joins the room
[15:08:04] <dee3@hot-chilli.net> You are off line Barbara!
[15:08:18] <dee3@hot-chilli.net> You're back.
[15:10:12] <Juliusz Chroboczek_web_207> https://tools.ietf.org/html/rfc8967
[15:10:41] Martin Vigoureux_web_571 leaves the room
[15:10:47] Martin Vigoureux_web_268 joins the room
[15:11:45] Martin Vigoureux_web_268 leaves the room
[15:11:47] <Juliusz Chroboczek_web_207> Section 7 paragraph 5
[15:11:51] Martin Vigoureux_web_169 joins the room
[15:12:02] Martin Vigoureux_web_169 leaves the room
[15:12:15] Martin Vigoureux_web_934 joins the room
[15:16:54] <Antonin Décimo_web_189> My understanding for hmac-sha256, if the key is smaller than the block-size, it is padded, if it is longer, it is hashed once.For blake2s the maximum length is 32 bytes and the key is padded up to the blocksize anyway.I think the babeld implementation doesn't care... What *really matters* is the output size of the digest. The hashing algorithm already specifies how the key should be processed. Babel doesn't care!
[15:17:07] Antoine Fressancourt_web_753 leaves the room
[15:17:32] <dschinazi@jab.im> Here's Ben comment:
[15:17:32] <dschinazi@jab.im> Thanks for the updates in the -12
The following point was previously a discuss-level point, and I would still very much
like to see textual changes to the document to either remove the restriction or justify it,
but since it in practice seems like it will not impose an artificial limitation on achievable
security I will drop to "no objection" for expediency:
The current text limits the length of HMAC keys to be between 0 and the block length of
the underlying hash function (e.g., 64 bytes for SHA-256).  This limitation was previously
present in the draft that became RFC 8967 but was removed in draft-ietf-babel-hmac-10.
I do not know of a security or usability reason that justifies this restriction, and feel that
having the information model diverge from the protocol spec requires some justification.
[15:20:52] <dschinazi@jab.im> How about we just say that the key length MUST be supported by the corresponding HMAC algorithm?
[15:21:56] Barbara Stark_web_508 leaves the room
[15:22:02] Barbara Stark_web_311 joins the room
[15:26:14] Tobia Castaldi_web_259 joins the room
[15:27:37] <Barbara Stark_web_311> I think if we say key length MUST be supported by MAC algorithm, we also need to provide info as to what this means in the context of BLAKE2s and HMAC-SHA256. For Blake2s it means max length of 32. For HMAC-SHA-256 there's no limit because long values are hashed to create proper length, per RFC2104
[15:28:15] <dschinazi@jab.im> Are you sure? RFC 4868 seems to say that the key length MUST be equal to the digest length
[15:28:26] Martin Vigoureux_web_934 leaves the room
[15:28:55] Martin Vigoureux_web_680 joins the room
[15:30:04] <dschinazi@jab.im> RFC 2104 covers HMAC-SHA-1 not HMAC-SHA-256
[15:32:21] <Barbara Stark_web_311> For RFC4868, see section 2.3 "Truncation". It refers back to RFC2104. It's important to distinguish between "authentication key" and "cryptographic key"
[15:34:04] <dschinazi@jab.im> 2.3 Truncation only talks about truncation of output, I don't think it impacts the key used
[15:34:41] Juan Cerezo_web_536 joins the room
[15:35:26] Martin Vigoureux_web_680 leaves the room
[15:35:29] Martin Vigoureux_web_985 joins the room
[15:36:28] Martin Vigoureux_web_985 leaves the room
[15:36:31] Martin Vigoureux_web_951 joins the room
[15:37:30] Martin Vigoureux_web_951 leaves the room
[15:37:33] Martin Vigoureux_web_599 joins the room
[15:37:47] <Juliusz Chroboczek_web_207> Thanks to everyone!
[15:37:48] <Zheng Zhang_web_270> bye
[15:37:50] Juan Cerezo_web_536 leaves the room
[15:37:50] Russ White_web_818 leaves the room
[15:37:51] Barbara Stark_web_311 leaves the room
[15:37:53] <dschinazi@jab.im> Bye everyone!
[15:37:56] Meetecho leaves the room
[15:37:58] Donald Eastlake_web_213 leaves the room
[15:37:59] Juliusz Chroboczek_web_207 goes to brew some weak coffee
[15:38:05] Antonin Décimo_web_189 leaves the room
[15:38:07] <Yahya_web_472> bye everybody
[15:38:08] Martin Vigoureux_web_599 leaves the room
[15:38:15] Zheng Zhang_web_270 leaves the room
[15:38:16] <dee3@hot-chilli.net> bye
[15:38:18] <dschinazi@jab.im> Please send cookies
[15:38:23] Ahmed Aldabbagh_web_849 leaves the room
[15:38:24] <Juliusz Chroboczek_web_207> Barbara, do you have time for a chat?
[15:38:30] Alessandro Toppi_web_810 leaves the room
[15:38:35] Yahya_web_472 leaves the room
[15:38:41] David Schinazi_web_270 leaves the room
[15:38:41] Praveen Mada_web_932 leaves the room
[15:38:41] Chathura Sarathchandra_web_236 leaves the room
[15:38:41] Michael Breuer_web_624 leaves the room
[15:38:41] Juliusz Chroboczek_web_207 leaves the room
[15:38:41] Tobia Castaldi_web_259 leaves the room
[15:38:55] dee3@hot-chilli.net leaves the room
[15:41:44] dschinazi@jab.im leaves the room
[20:20:49] zulipbot leaves the room: Disconnected: closed
[20:24:33] zulipbot joins the room
[20:25:06] zulipbot leaves the room: Disconnected: closed
[20:39:00] zulipbot joins the room
[20:39:23] zulipbot leaves the room: Disconnected: closed
[20:39:31] zulipbot joins the room
[20:39:52] zulipbot leaves the room: Disconnected: closed