[Babel-users] RFC: Babel packet authentication
Outback Dingo
outbackdingo at gmail.com
Tue Jun 12 20:47:33 UTC 2012
On Tue, Jun 12, 2012 at 3:37 PM, Juliusz Chroboczek <jch at pps.jussieu.fr> wrote:
> We've just had a long discussion with Denis on IRC. Here's a summary.
>
> Short summary: this is very impressive work, and I'm very grateful to be
> able to accept that as an experimental extension to the Babel protocol
> (which is itself experimental). TLV types 11 and 12 are hereby assigned
> to this extension.
>
> Long version. I still prefer a trailer-based approach, which allows
> validating a packet with no knowledge of the packet's structure.
> However, Denis' has taken care to mitigate the flaws of a TLV-based
> approach (notably by having an "obviously correct" packet validation
> function run before any parsing is attempted), he is strongly in favour
> of a TLV-based approach, and has a lot of experience with security
> features in routing protocols. I yield to his superior experience.
>
> The design of TLV 11 (cryptographic timestamp) is excellent. I am fully
> confident that it can be reused by a trailer-based extension.
>
> I am slightly less confident about TLV 12 (digest); in particular, I am
> not sure that it is necessary to have an explicit field for the
> key-id -- I'd simply make the whole body opaque. However, I don't see
> anything actually wrong with the current definition.
>
> I very much like the way of avoiding a pseudo-header in digest
> computation (by overwriting the digest with the packet's source
> address).
>
> The writeup needs some editing, but nothing serious. In particular,
> it's not clear how to deal with IPv4 source addresses (not an issue for
> the current implementation, which only runs over v6).
>
> Commit f2fdcb0 ("babeld: focus Rx packet structure/sizing checks") is
> great, I intend to pull it into standalone babeld (with Denis'
> permission). babel_packet_examin I'll rename -- suggestions? (I
> suggest babel_packet_validate.)
>
> Commit 797213b ("babeld: improve Rx check for fixed-size TLVs") is
> wrong. See RFC 6126 Section 4.3, which allows sub-TLVs to be included
> into any TLV. Please revert.
>
> Nothing to say about commit b256107.
>
> Commit c9d6a7f is the big one. I haven't fully reviewed it yet, but
> here's a few things I notice.
>
> We're going to break if the interface has multiple link-local addresses.
> Not a big deal -- I don't think we're dealing with that edge-case in the
> first place. Fixing that would require a bunch of system calls for each
> packet, probably not worth it.
>
> babel_auth_got_source_address should probably fail if there's no
> link-local address rather than returning a non-local one.
>
> Unless I'm missing something, in babel_auth_make_packet there's an
> obsolete comment (FIXME: write source address).
>
> That's all for now. Denis, please feel free to merge your code into the
> trunk and document it, any further nits can be corrected there.
>
> -- Juliusz
Will this be going int the babeld mainline branch or only in the
quagga derived branch....
>
> _______________________________________________
> Babel-users mailing list
> Babel-users at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/babel-users
More information about the Babel-users
mailing list