search

scionassociation / scion-cp_I-D

Specification of the SCION control plane.
https://scionassociation.github.io/scion-cp_I-D/
Other
1 stars 0 forks source link

Clarify selection of MAC algorithm #23

Closed nicorusti closed 2 months ago

nicorusti commented 3 months ago

From Joel Halpern I may have misread the text, but the description of the hop authentication algorithm seems to say "use an algorithm that is consistent across the AS. The problem with that answer is that an implementor needs to implement a specific algorithm. I think there at least needs to be a mandatory to implement algorithm, so implementors can interoperate.

MACs for hop fields are created and then verified always within an AS. This means that each AS can use a different MAC algorithm, while interoperating with other ASes. We mention this in the data plane draft: 

   to agree on keys, algorithm, and input for the MAC.  However, note
   that we do not provide nor specify any mechanism to coordinate AS-
   specific choices between the routers and the control services of the
   AS.

Two points should be clarified:

Issue in DP: https://github.com/scionassociation/scion-dp_I-D/issues/7

nicorusti commented 3 months ago

@matzf I was looking into Joel's emails, he provided some more hints:

Yes, I get that each AS can in principle use a different algorithm. Now look at it from the point of view of an implementor. What algorithm shall I implement? I am expecting to sell to multiple operators. I am expecting to need to interoperate with solutions from other vendors. I have no problem with allowing a range of choices. But I need something that ensures interoperability. The usual answer is to say that all implementations must implement and support X, and that operators can use anything they like that their devices support as long as all devices in the AS use the same thing.

Right, this depends on the MAC algorithm. Safely truncating requires certain MAC algorithms, e.g. ones that have properties of a pseudorandom function. We should clarify this.

If it depends upon the MAC that is used, then you need to tell operators enough to make an appropriate choice of MAC. Still seems that XORing together th three "xhorts" from the MAC would always be stronger. But I am not a security expert.
nicorusti commented 2 months ago

I think this is resolved by #34