Skip to main content

Early Review of draft-ietf-babel-hmac-00
review-ietf-babel-hmac-00-secdir-early-sparks-2018-11-01-00

Request Review of draft-ietf-babel-hmac
Requested revision No specific revision (document currently at 12)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2018-11-25
Requested 2018-10-23
Requested by Donald E. Eastlake 3rd
Authors Clara Do , Weronika Kolodziejak , Juliusz Chroboczek
I-D last updated 2018-11-01
Completed reviews Rtgdir Early review of -00 by Mike McBride (diff)
Secdir Early review of -00 by Robert Sparks (diff)
Rtgdir Last Call review of -07 by Mike McBride (diff)
Genart Last Call review of -07 by David Schinazi (diff)
Secdir Last Call review of -07 by Robert Sparks (diff)
Opsdir Last Call review of -08 by Dan Romascanu (diff)
Comments
It would be nifty if this draft could be reviewed by the BABEL WG meeting Wednesday afternoon in Bangkok. But I realize that only allows an unreasonably short time to review so I have set a more relaxed deadline.
Assignment Reviewer Robert Sparks
State Completed
Request Early review on draft-ietf-babel-hmac by Security Area Directorate Assigned
Reviewed revision 00 (document currently at 12)
Result Has issues
Completed 2018-11-01
review-ietf-babel-hmac-00-secdir-early-sparks-2018-11-01-00
This is an early secdir review of draft-ietf-babel-hmac-00

Summary: There are issues in the draft to address

Issues:

The pseudo-header is IPv4-centric.

The protocol allows for multiple HMAC algorithms, but has no mechanism for
signaling which one was used. The MUST NOT at the top of page 8 will need to
be adjusted after that's worked out.  Discussion of what to do at a verifying
peer that doesn't implement a chosen algorithm is also needed.

Nits:

The claim in 1.1 about not requiring persistent storage is contradicted by the
definition of the protocol. At the very least, there is the need to persist the
most recent (index,PC) seen.

The third bullet at the top of page 4 (among different nodes) has its actors
confused. As stated, communication between A and C is irrelevant to the
communication between B and C.

It would be worth building an example of bootstrapping the protocol between 
two peers that have no previous knowledge of each other.

It's concerning to see a document (even a 00) whose point is to secure a
protocol have no discussion at all in the Security Considerations section. It
will help refine the document to create and maintain a summary of the important
security points in this section going forward.