MAC Authentication for the Babel Routing Protocol
draft-ietf-babel-hmac-12
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2020-12-22
|
12 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2020-11-23
|
12 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2020-09-29
|
12 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2020-09-11
|
12 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2020-09-09
|
12 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2020-09-09
|
12 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2020-09-08
|
12 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2020-09-08
|
12 | (System) | RFC Editor state changed to EDIT |
2020-09-08
|
12 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2020-09-08
|
12 | (System) | Announcement was received by RFC Editor |
2020-09-08
|
12 | (System) | IANA Action state changed to In Progress |
2020-09-08
|
12 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2020-09-08
|
12 | Amy Vezza | IESG has approved the document |
2020-09-08
|
12 | Amy Vezza | Closed "Approve" ballot |
2020-09-08
|
12 | Amy Vezza | Ballot approval text was generated |
2020-09-08
|
12 | Martin Vigoureux | IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup |
2020-09-04
|
12 | Juliusz Chroboczek | New version available: draft-ietf-babel-hmac-12.txt |
2020-09-04
|
12 | (System) | New version approved |
2020-09-04
|
12 | (System) | Request for posting confirmation emailed to previous authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2020-09-04
|
12 | Juliusz Chroboczek | Uploaded new revision |
2020-08-25
|
11 | Martin Vigoureux | Ballot approval text was generated |
2020-08-24
|
11 | Juliusz Chroboczek | New version available: draft-ietf-babel-hmac-11.txt |
2020-08-24
|
11 | (System) | New version approved |
2020-08-24
|
11 | (System) | Request for posting confirmation emailed to previous authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2020-08-24
|
11 | Juliusz Chroboczek | Uploaded new revision |
2020-08-17
|
10 | Erik Kline | [Ballot comment] [[ comments ]] [ section 4.3 ] * s/worthwile/worthwhile/ [ section 5 ] * Is another option for implementations to be in a … [Ballot comment] [[ comments ]] [ section 4.3 ] * s/worthwile/worthwhile/ [ section 5 ] * Is another option for implementations to be in a mode where: - they send authenticated packets - they attempt to authenticate packets received - if a packet does not authenticate is it still accepted - if a packet does authenticate then the neighbor entry is updated to note that all future communications with that neighbor must be use authentication (and any unauthenticated packets from this neighbor are dropped and maybe logged)? [ section 7 ] * s/an administators/an administrator's/, I think |
2020-08-17
|
10 | Erik Kline | [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline |
2020-04-15
|
10 | Martin Duke | [Ballot comment] Nits: - sec 4.3.1.1 please clarify if the challenge request 300ms limit is per neighbor or per sending node (4.3.1.2 says per neighbor … [Ballot comment] Nits: - sec 4.3.1.1 please clarify if the challenge request 300ms limit is per neighbor or per sending node (4.3.1.2 says per neighbor for challenge reply; I suspect it’s the same?) - sec 7. “...this sort of resource attacks less effective...” s/attacks/attack” |
2020-04-15
|
10 | Martin Duke | [Ballot Position Update] New position, No Objection, has been recorded for Martin Duke |
2019-12-20
|
10 | Mirja Kühlewind | [Ballot comment] Thanks for addressing my discuss and sorry for my late reaction (this somehow slipped through given the on-going discussion on draft-ietf-babel-rfc6126bis)! OLD … [Ballot comment] Thanks for addressing my discuss and sorry for my late reaction (this somehow slipped through given the on-going discussion on draft-ietf-babel-rfc6126bis)! OLD COMMENT (for the record): The shepherd write-up says: "This document updates the rfc6126bis draft as noted on the title page and in the Abstract." However, that seems not to be the case...? This brings me to a separate question I would like to ask: Why is this an extension in a separate document and not an (optional) part of rfc6126bis? |
2019-12-20
|
10 | Mirja Kühlewind | [Ballot Position Update] Position for Mirja Kühlewind has been changed to No Objection from Discuss |
2019-10-17
|
10 | Roman Danyliw | [Ballot comment] Thanks for addressing my DISCUSS points. |
2019-10-17
|
10 | Roman Danyliw | [Ballot Position Update] Position for Roman Danyliw has been changed to No Objection from Discuss |
2019-08-22
|
10 | Benjamin Kaduk | [Ballot comment] Thank you for addressing my Discuss (and Comment) points! One further note on the added text: I think that there is only mixed … [Ballot comment] Thank you for addressing my Discuss (and Comment) points! One further note on the added text: I think that there is only mixed consensus that PBKDF2 remains an algorithm that effectively hampers dictionary attacks, since it's parallelizable and not memory-hard, but I don't object to listing it here. |
2019-08-22
|
10 | Benjamin Kaduk | [Ballot Position Update] Position for Benjamin Kaduk has been changed to No Objection from Discuss |
2019-08-16
|
10 | Juliusz Chroboczek | New version available: draft-ietf-babel-hmac-10.txt |
2019-08-16
|
10 | (System) | New version approved |
2019-08-16
|
10 | (System) | Request for posting confirmation emailed to previous authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2019-08-16
|
10 | Juliusz Chroboczek | Uploaded new revision |
2019-08-10
|
09 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2019-08-10
|
09 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2019-08-10
|
09 | Juliusz Chroboczek | New version available: draft-ietf-babel-hmac-09.txt |
2019-08-10
|
09 | (System) | New version approved |
2019-08-10
|
09 | (System) | Request for posting confirmation emailed to previous authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2019-08-10
|
09 | Juliusz Chroboczek | Uploaded new revision |
2019-08-08
|
08 | Cindy Morgan | IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation |
2019-08-08
|
08 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2019-08-08
|
08 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2019-08-07
|
08 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2019-08-07
|
08 | Benjamin Kaduk | [Ballot discuss] Are the HMAC keys required to be the hash function's block size or its output size? Section 3.1 says just "the length of … [Ballot discuss] Are the HMAC keys required to be the hash function's block size or its output size? Section 3.1 says just "the length of each key is exactly the hash size of the associated HMAC algorithm", and "hash size" conventionally refers to the output length. The referenced Section 2 of RFC 2104 concerns itself with the hash's compression function's block size B, which is generally different. Also in Section 3.1, if we are going to claim that a "random string of sufficient length" suffices to initialize a fresh index, we need to provide guidance on what constitutes "sufficient length" to achieve the needed property. Blake2s is a keyed MAC, but is not an HMAC construction. If we are to allow its usage for providing integrity protection of babel packets directly, we therefore cannot refer to the preotection scheme as "HMAC" generically. Fixing this will, unfortunately, be somewhat invasive to the document, since we mention HMAC all over the place. I believe that "Keyed Message Authentication Code (Keyed MAC)" is an appropriate replacement description. The suggestion that the large challenge nonce size admits storage of state in a secure "cookie" in the nonce is true, however, implementing this properly presents some subtleties, and it seems like something of an attractive nuisance to suggest that it is possible without giving adequate guidance at how to do it safely. Unfortunately, the best reference I can think of, offhand, is the obsoleted RFC 5077. Let's also have a discussion about whether 64 bits of randomness is always sufficient; I left a longer note down in the Comment since I don't expect this to end up being a blocking point. |
2019-08-07
|
08 | Benjamin Kaduk | [Ballot comment] Thanks for the clear introduction and applicability statement; they really help to lay out a clear picture of the scenarios in which we … [Ballot comment] Thanks for the clear introduction and applicability statement; they really help to lay out a clear picture of the scenarios in which we operate! This is a symmetric-keyed scenario, so most attacks that involve a compromised node will be "uninteresting", in that once the key is exposed all guarantees are lost. However, it may still be worth noting that a compromised node can cause disruption on multi-access links without detection since there is no "end of generation" signal when a node changes its index. That is, if node B reboots or otherwise resets its index/pc, then compromised node C can spoof packets from B with the previous index and honest node A will accept them, and B will be unable to detect that it has been spoofed. On the flip side, we may want to discuss that B can watch for messages that spoof its source address to detect compromised nodes. Is there any need for initial PC value randomization? Do we want to recommend starting at 0 or 1 (or prohibit recipients from assuming that the initial value for an index will be that)? Section 1 "This document obsoletes RFC 7298" should be in the Introduction as well as the abstract. Is the capability for an attacker to modify/spoof Babel packets in order to cause data to get dropped or cause a routing loop worth mentioning here? Section 1.2 o that the Hashed Message Authentication Code (HMAC) being used is invulnerable to pre-image attacks, i.e., that an attacker is unable to generate a packet with a correct HMAC; I think it's more conventional to include the caveat "without [access to/knowledge of] the secret key" for this sort of statement about HMAC. The first assumption is a property of the HMAC being used. The second assumption can be met either by using a robust random number generator [RFC4086] and sufficiently large indices and nonces, by using a reliable hardware clock, or by rekeying whenever a collision becomes likely. Does this rekeying option require an external operation/management actor to trigger it? It might be worth mentioning with some operational considerations. o among different nodes, it is only vulnerable to immediate replay: if a node A has accepted a packet from C as valid, then a node B will only accept a copy of that packet as authentic if B has accepted an older packet from C and B has received no later packet from C. nit: I don't think "A has accepted a packet from C" is quite the right precondition; it seems to be more like "A has received a valid packet from C", since whether or not A (as an attacker) considers it valid is irrelevant to whether (honest) B will. Section 4.1 If we had identifiers for symmetric keys or HMAC algorithms, we could include those identifiers in the pseudo-header and thereby gain some protection from downgrade/HMAC-stripping attacks in the presence of a weak keyed MAC algorithm. (I think we have to include both what we are sending and what we think the peer can do in order to get substantial protection, though, which diminishes the appeal for multicast scenarios.) nit: I don't think the past tense is correct for "packet was carried over IPvN", since we're talking about a pseudo-header used in computations before the packet is sent. Section 4.2 It might be worth reiterating that every time a packet goes on the wire, it gets a fresh PC, regardless of whether it's a "retransmit" after a timeout or a new message. interface MTU (Section 4 of [RFC6126bis]). For an interface on which HMAC protection is configured, the TLV aggregation logic MUST take into account the overhead due to PC TLVs (one in each packet) and HMAC TLVs (one per configured key). (per configured key, and also per packet, right?) Does it matter whether the sender increments the PC before or after inserting it in the PC TLV? (I think the only potential impact would be as it relates to the value sent in response to a challenge nonce, but the "increment by a positive not-necessarily-one amount" property may provide all the flexibility we need.) Section 4.3 Validating the HMACs is the sort of operation that we tend to recommend be done in constnt-time to avoid side channel attacks. I don't have a concrete attack handy here at the moment, though. When a PC TLV is encountered, the enclosed PC and Index are saved for later processing; if multiple PCs are found (which should not happen, see Section 4.2 above), only the first one is processed, the remaining ones MUST be silently ignored. If a Challenge Any reason to not just drop the whole packet if there are multiple PCs present? I see this is not rfc7298bis but don't know what level of breaking change is reasonable. o The preparse phase above has yielded two pieces of data: the PC and Index from the first PC TLV, and a bit indicating whether the packet contains a successful Challenge Reply. If the packet does not contain a PC TLV, the packet MUST be dropped and processing stops at this point. If the packet contains a successful Challenge Reply, then the PC and Index contained in the PC TLV MUST be stored in the Neighbour Table entry corresponding to the sender (which already exists in this case), and the packet is accepted. I'd suggest explicitly stating that if there is a challenge reply that doesn't validate, the packet should be discarded. Or are there multicast scenarios where that is not the case? The key point being to emphasize that just the presence of a challenge reply doesn't mean anything, it has to be valid in order to have significance. o At this stage, the packet contains no successful challenge reply and the Index contained in the PC TLV is equal to the Index in the Neighbour Table entry corresponding to the sender. The receiver compares the received PC with the PC contained in the Neighbour Table; if the received PC is smaller or equal than the PC contained in the Neighbour Table, the packet MUST be dropped and processing stops (no challenge is sent in this case, since the mismatch might be caused by harmless packet reordering on the link). Otherwise, the PC contained in the Neighbour Table entry is set to the received PC, and the packet is accepted. Does this mean that if packet reordering is encountered, we will just not process packets that get reordered later? (AFAIK babel will still work fine in such conditions, so I'm just checking my understanding.) it MAY ignore a challenge request in the case where it it contained nit: s/it it/it is/ The same is true of challenge replies. However, since validating a challenge reply is extremely cheap (it's just a bitwise comparison of two strings of octets), a similar optimisation for challenge replies is not worthwile. Er, challenge reply validation still requires the HMAC validation step, right? Section 4.3.1.1 When it encounters a mismatched Index during the preparse phase, a node picks a nonce that it has never used with any of the keys currently configured on the relevant interface, for example by drawing a sufficiently large random string of bytes or by consulting (same comment as above about "sufficiently large") Section 4.3.1.2 buffered TLVs in the same packet as the Challenge Reply. However, it MUST arrange for the Challenge Reply to be sent in a timely manner (within a few seconds), and SHOULD NOT send any other packets over the same interface before sending the Challenge Reply, as those would be dropped by the challenger. I think this "SHOULD NOT" (or rather, "would be dropped by the challenger") is predicated on the challenge request having not been a replay, but I do not see anything requiring the recipient to do nonce uniqueness validation. Section 4.3.1.3 neighbour that sent the Challenge Reply. If no challenge is in progress, i.e., if there is no Nonce stored in the Neighbour Table entry or the Challenge timer has expired, the Challenge Reply MUST be silently ignored and the challenge has failed. I think "the challenge has failed" is predicated on the challenge reply being in response to a challenge sent by this node. The previous section's "send the Challenge Reply to the unicast address" seems to imply that there are no multicast scenarios which would make that not the case, but I just wanted to check my understanding. Section 5 Do we need to say whether sub-TLVs are allowed in any of these TLVs? (Presumably they are not, since the length is needed in order to identify the length of the variable-length fields, but being explicit can be useful.) Section 5.1 This [HMAC] TLV is allowed in the packet trailer (see Section 4.2 of [RFC6126bis]), and MUST be ignored if it is found in the packet body. side note: Using "MUST ignore" vs. "discard the packet" has some protocol evolution consequences -- it in practice then becomes an alternative padding technique for use in packet bodies, and if ever used as such then could lead to a way to fingerprint an implementation or be used as a hidden channel for sending other data. But, I see that ignoring at the TLV level is something of a core babel design choice, and I don't see any serious consequences that would merit revisiting that decision. Section 6 This mechanism relies on two assumptions, as described in Section 1.2. First, it assumes that the hash being used is s/hash/MAC/ enough entropy (64-bit values are believed to be large enough for all practical applications), or by using a reliably monotonic hardware It would require a bit more thought to convince me that 64-bit indices are sufficient for *all* cases. Specifically, if we want full 64-bit strength, then the 64-bit space cannot be controlled or affected by the attacker to cause collisions. But I think there will be a reasonable risk that an attacker can cause a given node to need to regenerate its index on demand (e.g,. but triggering a bug that crashes it, or power cycling it), at which point the random selection falls back to the 32-bit birthday bound on uniqueness over time. Granted, the consequences of that particular attack would be limited, as the attacker could only replay the limited number of packets sent using the colliding index the first time it was used, but this is only intended as an example of ways in which 64-bit random values can be degraded to 32 bits of security. present at the receiver. If the attacker is able to cause the (Index, PC) pair to persist for arbitrary amounts of time (e.g., by repeatedly causing failed challenges), then it is able to delay the packet by arbitrary amounts of time, even after the sender has left the network. I'd suggest adding another sentence describing the potential consequences of selectively delayed input (i.e., messing up the routing). protocol (the data structures described in Section 3.2 of [RFC6126bis] are conceptual, any data structure that yields the same result may be used). Implementers might also consider using the fact nit: that's a comma splice in the parenthetical; a semicolon would be better. |
2019-08-07
|
08 | Benjamin Kaduk | [Ballot Position Update] New position, Discuss, has been recorded for Benjamin Kaduk |
2019-08-07
|
08 | Warren Kumari | [Ballot Position Update] New position, No Objection, has been recorded for Warren Kumari |
2019-08-07
|
08 | Roman Danyliw | [Ballot discuss] A few minor clarifications needed for implementation/precision in the security claims: (1) Section 1.2. Per “any packet accepted as authentic is the exactly … [Ballot discuss] A few minor clarifications needed for implementation/precision in the security claims: (1) Section 1.2. Per “any packet accepted as authentic is the exactly copy of a packet originally sent”, this text can be read two ways – packet as Babel packet or as an IP packet. I think mean the former. Recommend making this clearer as s/any packet/any Babel packet/ (2) Section 2, Per the paragraph, “By itself, this mechanism is safe against replay …”, please reiterate that for the attack by C to work: A and B must have both lost state; that C is replaying packets with PC previously sent by B (e.g., n+2). (3) Section 4.1. Per “The node takes the concatenation of the pseudo-header and the packet including the packet header but excluding the packet trailer (from octet 0 inclusive up to (Body Length + 4) exclusive)”, as input for the HMAC. “packet” is used to sometimes mean IP packet and sometimes a Babel packet carried in an IP packet. As such, the above sentence could be interpretation as: Option #1: HMAC(pseudo-header + the IP header + Babel packet header + Babel packet body) Option #2: HMAC(pseudo-header + Babel packet header + Babel packet body) I believe it is option #2. Please be very clear in this text. Other items: (4) Section 2. This section suggests that “one or more HMACs can be appended to the packet”. Under what conditions would it be more than one? What happens if only some of the HMACs are valid? Is use of the same key assumed? (5) Section 4.1. The hash algorithm appears to be negotiated/set out of band (rather than negotiated). The text should explicitly state that somewhere. (6) Section 6. Per “In particular, reception of a packet with no correct HMAC creates no local state whatsoever (Section 4.3)”, unless this HMAC verification is happening on the NIC, this doesn’t seem sufficiently precise. The “no local state” claim is likely true only as it relates to the tables data structures describes in Section 3. However, the IP and DTLS stack certainly have to account for the packet. |
2019-08-07
|
08 | Roman Danyliw | Ballot discuss text updated for Roman Danyliw |
2019-08-07
|
08 | Roman Danyliw | [Ballot discuss] A few minor clarifications needed for implementation/precision in the security claims: (1) Section 1.2. Per “any packet accepted as authentic is the exactly … [Ballot discuss] A few minor clarifications needed for implementation/precision in the security claims: (1) Section 1.2. Per “any packet accepted as authentic is the exactly copy of a packet originally sent”, this text can be read two ways – packet as Babel packet or as an IP packet. I think mean the former. Recommend making this clearer as s/any packet/any Babel packet/ (2) Section 2, Per the paragraph, “By itself, this mechanism is safe against replay …”, please reiterate that for the attack by C to work: A and B must have both lost state; that C is replaying packets with PC previously sent by B (e.g., n+2). (3) Section 4.1. Per “The node takes the concatenation of the pseudo-header and the packet including the packet header but excluding the packet trailer (from octet 0 inclusive up to (Body Length + 4) exclusive)”, as input for the HMAC. “packet” is used to sometimes mean IP packet and sometimes a Babel packet carried in an IP packet. As such, the above sentence could be interpretation as: Option #1: HMAC(pseudo-header + the IP header + Babel packet header + Babel packet body – Babel trailer) Option #2: HMAC(pseudo-header + Babel packet header + Babel packet body) I believe it is option #2. Please be very clear in this text. Other items: (4) Section 2. This section suggests that “one or more HMACs can be appended to the packet”. Under what conditions would it be more than one? What happens if only some of the HMACs are valid? Is use of the same key assumed? (5) Section 4.1. The hash algorithm appears to be negotiated/set out of band (rather than negotiated). The text should explicitly state that somewhere. (6) Section 6. Per “In particular, reception of a packet with no correct HMAC creates no local state whatsoever (Section 4.3)”, unless this HMAC verification is happening on the NIC, this doesn’t seem sufficiently precise. The “no local state” claim is likely true only as it relates to the tables data structures describes in Section 3. However, the IP and DTLS stack certainly have to account for the packet. |
2019-08-07
|
08 | Roman Danyliw | [Ballot comment] (7) Section 1 enumerates a series of attacks. These are different than the ones listed in Section 6 of draft-ietf-babel-rfc6126bis and Section 1 … [Ballot comment] (7) Section 1 enumerates a series of attacks. These are different than the ones listed in Section 6 of draft-ietf-babel-rfc6126bis and Section 1 of draft-ietf-babel-dtls. As HMAC and DTLS are mitigations for attacks in draft-ietf-babel-rfc6126bis, they really should be harmonized. (8) Section 1. Per the “spoof of a malformed packet”, how would an HMAC address this? Even assuming that a node discards the message without processing if the HMAC is bad, this would still be a problem from a malicious peer. (9) Editorial nits: -- Section 1. “seqno” is commonly used in Babel text but it needs to be cited of explained here on for used -- s/seqno/sequence number/ -- Section 1.2. Editorial. s/serious effort/effort/ -- Section 3.1. Typo. s/authentified/authenticated/ -- Section 5.3. Typo. s/minumum/minimum/ |
2019-08-07
|
08 | Roman Danyliw | [Ballot Position Update] New position, Discuss, has been recorded for Roman Danyliw |
2019-08-07
|
08 | Mirja Kühlewind | [Ballot discuss] I would like to quickly discuss the following approach taken in section 4.3.1.1: "Since a challenge may be prompted by a packet … [Ballot discuss] I would like to quickly discuss the following approach taken in section 4.3.1.1: "Since a challenge may be prompted by a packet replayed by an attacker, a node MUST impose a rate limitation to the challenges it sends; the limit SHOULD default to one challenge request every 300ms, and MAY be configurable." While it is important to limit challenge messages here, there might be a better approach than static rate-limiting given this is a request-response mechanism. Usually the approach is to only allow for one outstanding request (without reply) and apply some kind of loss detect/termination rule. In your case the easiest approach would be when the 30 sec timer is expired, or if the RTT is known (or can be estimated) then a value of e.g. 3xRTT could be appropriate as well. Please consider this alternative approach. Maybe also see RFC8085 for further guidance. Further Appendix A (Incremental deployment and key rotation) contains normative language and therefore should probably be moved into the body of the document. |
2019-08-07
|
08 | Mirja Kühlewind | Ballot discuss text updated for Mirja Kühlewind |
2019-08-07
|
08 | Mirja Kühlewind | [Ballot discuss] I would like to quickly discuss the following approach taken in section 4.3.1.1: "Since a challenge may be prompted by a packet … [Ballot discuss] I would like to quickly discuss the following approach taken in section 4.3.1.1: "Since a challenge may be prompted by a packet replayed by an attacker, a node MUST impose a rate limitation to the challenges it sends; the limit SHOULD default to one challenge request every 300ms, and MAY be configurable." While it is important to limit challenge message here, there might be a better approach than static rate-limiting given this is a request-response mechanism. Usually the approach is to only allow for one outstanding request (without) reply and apply some kind of loss detect/termination rule. In your case the easiest approach would be when the 30 sec timer is expired, or if the RTT is know or can be estimated than a value of e.g. 3xRTT could be appropriate as well. Please consider this alternative approach. May also see RFC8085 for further guidance. Further Appendix A (Incremental deployment and key rotation) contains normative language and therefore should probably be moved into the body of the document. |
2019-08-07
|
08 | Mirja Kühlewind | [Ballot comment] The shepherd write-up says: "This document updates the rfc6126bis draft as noted on the title page and in the Abstract." However, that seems … [Ballot comment] The shepherd write-up says: "This document updates the rfc6126bis draft as noted on the title page and in the Abstract." However, that seems not to be the case...? This brings me to a separate question I would like to ask: Why is this an extension in a separate document and not an (optional) part of rfc6126bis? |
2019-08-07
|
08 | Mirja Kühlewind | [Ballot Position Update] New position, Discuss, has been recorded for Mirja Kühlewind |
2019-08-07
|
08 | Alexey Melnikov | [Ballot comment] Please mention RFC2104 in section 2 when HMAC is mentioned for the first time. |
2019-08-07
|
08 | Alexey Melnikov | Ballot comment text updated for Alexey Melnikov |
2019-08-06
|
08 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2019-08-05
|
08 | Dan Romascanu | Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Dan Romascanu. Sent review to list. |
2019-08-05
|
08 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2019-08-05
|
08 | Éric Vyncke | [Ballot Position Update] Position for Éric Vyncke has been changed to No Objection from No Record |
2019-08-05
|
08 | Éric Vyncke | [Ballot comment] Thank you for the work put into this document. Using HMAC is usually simple but this document builds a lot of negotiation around … [Ballot comment] Thank you for the work put into this document. Using HMAC is usually simple but this document builds a lot of negotiation around HMAC. Regards, -éric == COMMENTS == I am a little puzzled by why HMAC keys/mechanisms are not identified to facilitate the key rollover. The used mechanism appears a little heavy on the required computing effort to compute several HMAC. -- Section 1 -- The text about attacks on the Babel routing protocol should be better placed in the security considerations of RFC7216bis. == NITS == The DTLS document use the writing <"babel" port> while here it is . |
2019-08-05
|
08 | Éric Vyncke | Ballot comment text updated for Éric Vyncke |
2019-08-03
|
08 | Alexey Melnikov | [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov |
2019-07-16
|
08 | (System) | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2019-07-12
|
08 | Martin Vigoureux | IESG state changed to IESG Evaluation from Waiting for Writeup |
2019-07-12
|
08 | Cindy Morgan | Placed on agenda for telechat - 2019-08-08 |
2019-07-12
|
08 | Martin Vigoureux | Ballot has been issued |
2019-07-12
|
08 | Martin Vigoureux | [Ballot Position Update] New position, Yes, has been recorded for Martin Vigoureux |
2019-07-12
|
08 | Martin Vigoureux | Created "Approve" ballot |
2019-07-12
|
08 | Martin Vigoureux | Ballot writeup was changed |
2019-07-07
|
08 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2019-07-07
|
08 | Juliusz Chroboczek | New version available: draft-ietf-babel-hmac-08.txt |
2019-07-07
|
08 | (System) | New version approved |
2019-07-07
|
08 | (System) | Request for posting confirmation emailed to previous authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2019-07-07
|
08 | Juliusz Chroboczek | Uploaded new revision |
2019-07-04
|
07 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2019-07-03
|
07 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
2019-07-03
|
07 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-babel-hmac-07. If any part of this review is inaccurate, please let … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-babel-hmac-07. If any part of this review is inaccurate, please let us know. The IANA Functions Operator understands that, upon approval of this document, there is a single action which we must complete. In the Babel TLV Types registry on the Babel Routing Protocol registry page the four early registrations below will be made permanent and have their references changed to [ RFC-to-be ]: Type Name -----+------------------------ 16 HMAC 17 PC 18 Challenge Request 19 Challenge Reply The IANA Functions Operator understands that this is the only action required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed. Thank you, Sabrina Tanamal Senior IANA Services Specialist |
2019-07-02
|
07 | Mike McBride | Request for Last Call review by RTGDIR Completed: Ready. Reviewer: Mike McBride. Sent review to list. |
2019-06-28
|
07 | Robert Sparks | Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Robert Sparks. Sent review to list. |
2019-06-25
|
07 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Dan Romascanu |
2019-06-25
|
07 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Dan Romascanu |
2019-06-22
|
07 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Robert Sparks |
2019-06-22
|
07 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Robert Sparks |
2019-06-20
|
07 | Min Ye | Request for Last Call review by RTGDIR is assigned to Mike McBride |
2019-06-20
|
07 | Min Ye | Request for Last Call review by RTGDIR is assigned to Mike McBride |
2019-06-20
|
07 | David Schinazi | Request for Last Call review by GENART Completed: Ready. Reviewer: David Schinazi. Sent review to list. |
2019-06-20
|
07 | Jean Mahoney | Request for Last Call review by GENART is assigned to David Schinazi |
2019-06-20
|
07 | Jean Mahoney | Request for Last Call review by GENART is assigned to David Schinazi |
2019-06-20
|
07 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2019-06-20
|
07 | Cindy Morgan | The following Last Call announcement was sent out (ends 2019-07-04): From: The IESG To: IETF-Announce CC: babel-chairs@ietf.org, babel@ietf.org, draft-ietf-babel-hmac@ietf.org, Donald Eastlake , … The following Last Call announcement was sent out (ends 2019-07-04): From: The IESG To: IETF-Announce CC: babel-chairs@ietf.org, babel@ietf.org, draft-ietf-babel-hmac@ietf.org, Donald Eastlake , d3e3e3@gmail.com, martin.vigoureux@nokia.com Reply-To: ietf@ietf.org Sender: Subject: Last Call: (HMAC authentication for the Babel routing protocol) to Proposed Standard The IESG has received a request from the Babel routing protocol WG (babel) to consider the following document: - 'HMAC authentication for the Babel routing protocol' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2019-07-04. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes a cryptographic authentication mechanism for the Babel routing protocol that has provisions for replay avoidance. This document obsoletes RFC 7298. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-babel-hmac/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-babel-hmac/ballot/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc7693: The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC) (Informational - Independent Submission Editor stream) |
2019-06-20
|
07 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2019-06-20
|
07 | Martin Vigoureux | Requested Last Call review by RTGDIR |
2019-06-20
|
07 | Martin Vigoureux | Last call was requested |
2019-06-20
|
07 | Martin Vigoureux | Ballot approval text was generated |
2019-06-20
|
07 | Martin Vigoureux | Ballot writeup was generated |
2019-06-20
|
07 | Martin Vigoureux | IESG state changed to Last Call Requested from AD Evaluation::AD Followup |
2019-06-20
|
07 | Martin Vigoureux | Last call announcement was generated |
2019-06-20
|
07 | Juliusz Chroboczek | New version available: draft-ietf-babel-hmac-07.txt |
2019-06-20
|
07 | (System) | New version approved |
2019-06-20
|
07 | (System) | Request for posting confirmation emailed to previous authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2019-06-20
|
07 | Juliusz Chroboczek | Uploaded new revision |
2019-06-20
|
06 | Juliusz Chroboczek | New version available: draft-ietf-babel-hmac-06.txt |
2019-06-20
|
06 | (System) | New version approved |
2019-06-20
|
06 | (System) | Request for posting confirmation emailed to previous authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2019-06-20
|
06 | Juliusz Chroboczek | Uploaded new revision |
2019-06-20
|
06 | (System) | Request for posting confirmation emailed to previous authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2019-06-20
|
06 | Juliusz Chroboczek | Uploaded new revision |
2019-06-07
|
05 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2019-06-07
|
05 | Juliusz Chroboczek | New version available: draft-ietf-babel-hmac-05.txt |
2019-06-07
|
05 | (System) | New version approved |
2019-06-07
|
05 | (System) | Request for posting confirmation emailed to previous authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2019-06-07
|
05 | Juliusz Chroboczek | Uploaded new revision |
2019-05-24
|
04 | Martin Vigoureux | IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation |
2019-04-12
|
04 | Martin Vigoureux | IESG state changed to AD Evaluation from Publication Requested |
2019-03-24
|
04 | Donald Eastlake | Added to session: IETF-104: babel Thu-0900 |
2019-03-12
|
04 | Donald Eastlake | draft-ietf-babel-hmac-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Proposed Standard. (2) The IESG … draft-ietf-babel-hmac-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Proposed Standard. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document describes a cryptographic authentication mechanism for the Babel routing protocol that has provisions for replay avoidance. It utilizes HMAC based message authentication codes (MACs). Working Group Summary: The Babel WG was principally Chartered to produce a Standards Track version of the Babel protocol which was originally documented in Experimental RFCs including the basic protocol in RFC 6126 and HMAC based authentication in RFC 7298. In working on this transition, rfc6126bis and rfc7298bis drafts were created; however, while the first was adopted by the WG, the WG declined to adopt the rfc7298bis draft and an alternative babel-hmac draft was created and adopted as draft-ietf-babel-hmac. There has been extensive discussion of hmac security and this draft on the list and a clear consensus to approve it. Document Quality: There are multiple implementations of this draft. The document has received multiple reviews and is of high quality. Personnel: Document Shepherd: Donald Eastlake, 3rd Responsible Area Director: Martin Vigoureux (3) Briefly describe the review of this document that was performed by the Document Shepherd. There were two thorough Shepherd reviews of this draft. The first is at https://mailarchive.ietf.org/arch/msg/babel/qnkQJ4NZwy8etciKg3Dy3j7jzbU Later issues and the passage of time lead to a second Shepherd review which is at https://mailarchive.ietf.org/arch/msg/babel/pFx85t7Qqh3QvNxVPYtWYCLpFpE (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. This document has been reviewed by the Security Directorate here https://mailarchive.ietf.org/arch/msg/babel/96q20dMbQW2JjCzrQkzSWVJfUbY and the by Routing Directorate https://mailarchive.ietf.org/arch/msg/babel/xwNOtwxNd58P5O17y5TksS1j2cA (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No special concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. Yes https://mailarchive.ietf.org/arch/msg/babel/7RYF9M-ileRP2yAstcQhAaOChM4 https://mailarchive.ietf.org/arch/msg/babel/eHtPPGRhGLCZp-ALe6_tjkAITk8 https://mailarchive.ietf.org/arch/msg/babel/hMC8Jg-hwrhAjd7UQQ65zdYDLDU (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No IPR disclosures. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There was a solid consensus of the active WG participants. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the Responsible Area Director. Yes, separate message has been sent. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. See Shepherd reviews at point 3 above. After those, the Shepherd also noticed that the Intended Status on the title page should be changed to "Proposed Standard" from "Standards Track". (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. No such specialized formal review required. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? No. However, there is a normative reference to draft-ietf-babel-rfc6162bis. That draft is in WG Last Call and publication of it is expect to be requested within a few weeks. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. There are not 1, not 2, but 3 normative references in the document to Informational RFCs. Specifically, to RFC 2104 "HMAC: Keyed-Hashing for Message Authentication", RFC 6234 "US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)". and RFC 7693 "The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)". These are all cryptographic algorithm RFCs that are informational because they were not developed within the IETF and are commonly used in IETF protocols. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? This document updates the rfc6126bis draft as noted on the title page and in the Abstract. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. This document specifies 4 new Babel TLVs and properly documents that 4 types for these TLVs have been assigned by IANA. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. No new IANA registries created. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. No such formal language used in this document. |
2019-03-12
|
04 | Donald Eastlake | Responsible AD changed to Martin Vigoureux |
2019-03-12
|
04 | Donald Eastlake | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2019-03-12
|
04 | Donald Eastlake | IESG state changed to Publication Requested from I-D Exists |
2019-03-12
|
04 | Donald Eastlake | IESG process started in state Publication Requested |
2019-03-12
|
04 | Donald Eastlake | draft-ietf-babel-hmac-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Proposed Standard. (2) The IESG … draft-ietf-babel-hmac-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Proposed Standard. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document describes a cryptographic authentication mechanism for the Babel routing protocol that has provisions for replay avoidance. It utilizes HMAC based message authentication codes (MACs). Working Group Summary: The Babel WG was principally Chartered to produce a Standards Track version of the Babel protocol which was originally documented in Experimental RFCs including the basic protocol in RFC 6126 and HMAC based authentication in RFC 7298. In working on this transition, rfc6126bis and rfc7298bis drafts were created; however, while the first was adopted by the WG, the WG declined to adopt the rfc7298bis draft and an alternative babel-hmac draft was created and adopted as draft-ietf-babel-hmac. There has been extensive discussion of hmac security and this draft on the list and a clear consensus to approve it. Document Quality: There are multiple implementations of this draft. The document has received multiple reviews and is of high quality. Personnel: Document Shepherd: Donald Eastlake, 3rd Responsible Area Director: Martin Vigoureux (3) Briefly describe the review of this document that was performed by the Document Shepherd. There were two thorough Shepherd reviews of this draft. The first is at https://mailarchive.ietf.org/arch/msg/babel/qnkQJ4NZwy8etciKg3Dy3j7jzbU Later issues and the passage of time lead to a second Shepherd review which is at https://mailarchive.ietf.org/arch/msg/babel/pFx85t7Qqh3QvNxVPYtWYCLpFpE (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. This document has been reviewed by the Security Directorate here https://mailarchive.ietf.org/arch/msg/babel/96q20dMbQW2JjCzrQkzSWVJfUbY and the by Routing Directorate https://mailarchive.ietf.org/arch/msg/babel/xwNOtwxNd58P5O17y5TksS1j2cA (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No special concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. Yes https://mailarchive.ietf.org/arch/msg/babel/7RYF9M-ileRP2yAstcQhAaOChM4 https://mailarchive.ietf.org/arch/msg/babel/eHtPPGRhGLCZp-ALe6_tjkAITk8 https://mailarchive.ietf.org/arch/msg/babel/hMC8Jg-hwrhAjd7UQQ65zdYDLDU (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No IPR disclosures. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There was a solid consensus of the active WG participants. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the Responsible Area Director. Yes, separate message has been sent. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. See Shepherd reviews at point 3 above. After those, the Shepherd also noticed that the Intended Status on the title page should be changed to "Proposed Standard" from "Standards Track". (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. No such specialized formal review required. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? No. However, there is a normative reference to draft-ietf-babel-rfc6162bis. That draft is in WG Last Call and publication of it is expect to be requested within a few weeks. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. There are not 1, not 2, but 3 normative references in the document to Informational RFCs. Specifically, to RFC 2104 "HMAC: Keyed-Hashing for Message Authentication", RFC 6234 "US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)". and RFC 7693 "The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)". These are all cryptographic algorithm RFCs that are informational because they were not developed within the IETF and are commonly used in IETF protocols. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? This document updates the rfc6126bis draft as noted on the title page and in the Abstract. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. This document specifies 4 new Babel TLVs and properly documents that 4 types for these TLVs have been assigned by IANA. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. No new IANA registries created. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. No such formal language used in this document. |
2019-03-12
|
04 | Donald Eastlake | draft-ietf-babel-hmac-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Proposed Standard as noted on … draft-ietf-babel-hmac-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Proposed Standard as noted on the title page. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document describes a cryptographic authentication mechanism for the Babel routing protocol that has provisions for replay avoidance. It utilizes HMAC based message authentication codes (MACs). Working Group Summary: The Babel WG was principally Chartered to produce a Standards Track version of the Babel protocol which was originally documented in Experimental RFCs including the basic protocol in RFC 6126 and HMAC based authentication in RFC 7298. In working on this transition, rfc6126bis and rfc7298bis drafts were created; however, while the first was adopted by the WG, the WG declined to adopt the rfc7298bis draft and an alternative babel-hmac draft was created and adopted as draft-ietf-babel-hmac. There has been extensive discussion of hmac security and this draft on the list and a clear consensus to approve it. Document Quality: There are multiple implementations of this draft. The document has received multiple reviews and is of high quality. Personnel: Document Shepherd: Donald Eastlake, 3rd Responsible Area Director: Martin Vigoureux (3) Briefly describe the review of this document that was performed by the Document Shepherd. There were two thorough Shepherd reviews of this draft. The first is at https://mailarchive.ietf.org/arch/msg/babel/qnkQJ4NZwy8etciKg3Dy3j7jzbU Later issues and the passage of time lead to a second Shepherd review which is at https://mailarchive.ietf.org/arch/msg/babel/pFx85t7Qqh3QvNxVPYtWYCLpFpE (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. This document has been reviewed by the Security Directorate here https://mailarchive.ietf.org/arch/msg/babel/96q20dMbQW2JjCzrQkzSWVJfUbY and the by Routing Directorate https://mailarchive.ietf.org/arch/msg/babel/xwNOtwxNd58P5O17y5TksS1j2cA (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No special concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. Yes https://mailarchive.ietf.org/arch/msg/babel/7RYF9M-ileRP2yAstcQhAaOChM4 https://mailarchive.ietf.org/arch/msg/babel/eHtPPGRhGLCZp-ALe6_tjkAITk8 https://mailarchive.ietf.org/arch/msg/babel/hMC8Jg-hwrhAjd7UQQ65zdYDLDU (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No IPR disclosures. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There was a solid consensus of the active WG participants. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the Responsible Area Director. Yes, separate message has been sent. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. See Shepherd reviews at point 3 above. After those, the Shepherd also noticed that the Intended Status on the title page should be changed to "Proposed Standard" from "Standards Track". (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. No such specialized formal review required. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? No. However, there is a normative reference to draft-ietf-babel-rfc6162bis. That draft is in WG Last Call and publication of it is expect to be requested within a few weeks. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. There are not 1, not 2, but 3 normative references in the document to Informational RFCs. Specifically, to RFC 2104 "HMAC: Keyed-Hashing for Message Authentication", RFC 6234 "US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)". and RFC 7693 "The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)". These are all cryptographic algorithm RFCs that are informational because they were not developed within the IETF and are commonly used in IETF protocols. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? This document updates the rfc6126bis draft as noted on the title page and in the Abstract. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. This document specifies 4 new Babel TLVs and properly documents that 4 types for these TLVs have been assigned by IANA. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. No new IANA registries created. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. No such formal language used in this document. |
2019-03-10
|
04 | Donald Eastlake | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2019-03-09
|
04 | Juliusz Chroboczek | New version available: draft-ietf-babel-hmac-04.txt |
2019-03-09
|
04 | (System) | New version approved |
2019-03-09
|
04 | (System) | Request for posting confirmation emailed to previous authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2019-03-09
|
04 | Juliusz Chroboczek | Uploaded new revision |
2018-12-26
|
03 | Juliusz Chroboczek | New version available: draft-ietf-babel-hmac-03.txt |
2018-12-26
|
03 | (System) | New version approved |
2018-12-26
|
03 | (System) | Request for posting confirmation emailed to previous authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2018-12-26
|
03 | Juliusz Chroboczek | Uploaded new revision |
2018-12-23
|
02 | Juliusz Chroboczek | New version available: draft-ietf-babel-hmac-02.txt |
2018-12-23
|
02 | (System) | New version approved |
2018-12-23
|
02 | (System) | Request for posting confirmation emailed to previous authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2018-12-23
|
02 | Juliusz Chroboczek | Uploaded new revision |
2018-12-20
|
01 | Donald Eastlake | See https://www.ietf.org/mail-archive/web/babel/current/msg01660.html Longer than usual WGLC due to the holidays. |
2018-12-20
|
01 | Donald Eastlake | IETF WG state changed to In WG Last Call from WG Document |
2018-12-20
|
01 | Donald Eastlake | Notification list changed to Donald Eastlake <d3e3e3@gmail.com> |
2018-12-20
|
01 | Donald Eastlake | Document shepherd changed to Donald E. Eastlake 3rd |
2018-12-20
|
01 | Donald Eastlake | Changed consensus to Yes from Unknown |
2018-12-20
|
01 | Donald Eastlake | Intended Status changed to Proposed Standard from None |
2018-11-14
|
01 | Juliusz Chroboczek | New version available: draft-ietf-babel-hmac-01.txt |
2018-11-14
|
01 | (System) | New version approved |
2018-11-14
|
01 | (System) | Request for posting confirmation emailed to previous authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2018-11-14
|
01 | Juliusz Chroboczek | Uploaded new revision |
2018-11-01
|
00 | Robert Sparks | Request for Early review by SECDIR Completed: Has Issues. Reviewer: Robert Sparks. Sent review to list. |
2018-10-25
|
00 | Tero Kivinen | Request for Early review by SECDIR is assigned to Robert Sparks |
2018-10-25
|
00 | Tero Kivinen | Request for Early review by SECDIR is assigned to Robert Sparks |
2018-10-23
|
00 | Donald Eastlake | Requested Early review by SECDIR |
2018-09-19
|
00 | Min Ye | Request for Early review by RTGDIR Completed: Has Nits. Reviewer: Mike McBride. |
2018-08-27
|
00 | Min Ye | Request for Early review by RTGDIR is assigned to Mike McBride |
2018-08-27
|
00 | Min Ye | Request for Early review by RTGDIR is assigned to Mike McBride |
2018-08-27
|
00 | Donald Eastlake | Requested Early review by RTGDIR |
2018-08-16
|
00 | (System) | This document now replaces draft-do-babel-hmac instead of None |
2018-08-16
|
00 | Juliusz Chroboczek | New version available: draft-ietf-babel-hmac-00.txt |
2018-08-16
|
00 | (System) | New version approved |
2018-08-16
|
00 | Juliusz Chroboczek | Request for posting confirmation emailed to submitter and authors: Juliusz Chroboczek , Weronika Kolodziejak , Clara Do |
2018-08-16
|
00 | Juliusz Chroboczek | Uploaded new revision |