Re: [homenet] [babel] about Babel security (questions for Juliusz Chroboczek)
Hi Denis, You appear to have perceived events and statements different from how others' have perceived these. I don't find this thread accusing Juliusz of bad behavior to be an appropriate way of addressing your perceptions. As chair of homenet (your email was sent to homenet and babel), I would appreciate an opportunity to talk to you directly (by phone / VoIP) to try to better address your perceptions. I find trying to do this by email very challenging. If others share Denis' perceptions, please let the chairs know. Thx, Barbara > -Original Message- > From: homenet On Behalf Of Denis Ovsienko > Sent: Friday, June 29, 2018 12:29 PM > To: "Babel at IETF" ; "homenet" > Subject: Re: [homenet] [babel] about Babel security (questions for Juliusz > Chroboczek) > > Thank you for a prompt response Juliusz. > > Right now I will comment only on one specific point, more follow-ups later. > > On Fri, 29 Jun 2018 10:53:03 +0100 Juliusz Chroboczek > wrote > [...] > > The specification of "Stenberg-style security" for Babel was > never > > published. It is June 2018 and I have never seen it, although I > asked > > to. > > > > It was presented at IETF 101 in March 2018 (at which you were present). > > I confirm I attended IETF-101 in person and listened to Antonin's talk and > slides about DTLS for Babel. I did not see a written specification. At the > meeting I did bring up the need to see a written spec. > > So in this case "presented" does not go as far as "published". > > > The draft lives here: > > > > https://urldefense.proofpoint.com/v2/url?u=https- > 3A__github.com_jech_babel-2Ddrafts_tree_master_draft-2Ddecimo- > 2Dbabel-2Ddtls=DwICAg=LFYZ-o9_HUMeMTSQicvjIg=LoGzhC- > 8sc8SY8Tq4vrfog=Y3Hx49JV7xQXqwscUPkJtZiOFJkWg8DMoMcJq7RLJ7A& > s=kEGB_5PgC8bf4Eby4oWRpm9ncUbR1a7KmmuTccFv9qo= > > Thank you for making this update, I am glad a written specification of Babel > DTLS now exists (i.e. has been published). I have been asking since early > 2016. > > > I am not an author. Please ask the authors, not me, about why it hasn't > > been published yet. > > As far as the commit history goes, the file was first added to the repository > above on 25 June 2018 (four days ago), then it was updated three times on > 27 June 2018 and two times on 29 June 2018 (today, last time about three > hours ago). The file is a 325 lines long .xml file, which yields a .txt file, > which is > 8 pages long, 4 of which are boilerplates, the TOC, references and the likes. > The other 4 pages are the actual specification. The document lists 3 authors. > > I have studied the document and I find it difficult to discuss right now, to > be > honest. > > -- > Denis Ovsienko > > > ___ > homenet mailing list > homenet@ietf.org > https://urldefense.proofpoint.com/v2/url?u=https- > 3A__www.ietf.org_mailman_listinfo_homenet=DwICAg=LFYZ- > o9_HUMeMTSQicvjIg=LoGzhC- > 8sc8SY8Tq4vrfog=Y3Hx49JV7xQXqwscUPkJtZiOFJkWg8DMoMcJq7RLJ7A& > s=ZSAkpu4dIvdCqrdMUXoOu4QqeagnuF1ji4pt99IPz2U= ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] [babel] about Babel security (questions for Juliusz Chroboczek)
>> The draft lives here: >> >> https://github.com/jech/babel-drafts/tree/master/draft-decimo-babel-dtls > As far as the commit history goes, the file was first added to the > repository above on 25 June 2018 (four days ago), then it was updated > three times on 27 June 2018 and two times on 29 June 2018 (today, last > time about three hours ago). This is partly my fault. Antonin is a full-time student, and I have been recommending that he follow his classes and pass his exams in priority to doing IETF work. I stand by this advice, and remain convinced that this was the right thing to do. > I have studied the document and I find it difficult to discuss right > now, to be honest. Please let us know what it is that you didn't understand. -- Juliusz ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] [babel] about Babel security (questions for Juliusz Chroboczek)
On Fri, 29 Jun 2018 17:46:35 +0100 STARK, BARBARA H wrote > Hi Denis, Hello Barbara. I hope you are well. > You appear to have perceived events and statements different from how > others' have perceived these. I agree there is some difference. I do not agree this automatically infers I am doing a wrong thing by trying to work through this difference. My goal is to clarify this situation for myself and other participants. > I don't find this thread accusing Juliusz of bad behavior to be an > appropriate way of addressing your perceptions. I am sorry to object, but I am doing my best not to accuse Juliusz, as much as is reasonably practicable, in the course of this discussion of facts and problems. If I may suggest, you might see it better after reading my messages with more attention. I agree some of those facts and problems are not really enjoyable to discuss. As just one example, the Babel DTLS specification is a 4 days old publicly available document and a few hours old Internet-Draft. It consists of 8 pages, including 4 pages of technical prose. The Babel HMAC specification that is not 7298bis (feel free to suggest a better term) is a few hours old, smaller, publicly available document and isn't an Internet-Draft yet as this is being written. It says "draft-ietf-babel-rfc7298bis" at the top (sic!). Those are facts. I have spared the participants of how I [subjectively] perceive those facts. You are welcome to verify the facts if you want. I emphasize the facts are not my perceptions. I am willing to listen if you tell me specifically what you find wrong. > As chair of homenet (your email was sent to homenet and babel), I would > appreciate an opportunity to talk to you directly (by phone / VoIP) to try > to better address your perceptions. I find trying to do this by email very > challenging. Your statement is correct, in that I had intentionally cross-posted to both mailing lists. This is because Babel security is meaningful for Homenet (I have been a reader of the Homenet mailing list for some time). I understand you are expecting a direct e-mail conversation with me to be difficult. I accept you may have reasons for this, but it seems to me you had not tried to reach me before, so it would not be right to put the blame on me. I am not putting the blame on you either. >From my own practical experience, e-mail works much better than phone: I can >take the time to think and to read my messages before sending to make sure >they say what was intended. If you insist anyway, we can have a voice/video >call, but if I see this causing even more misunderstanding to pile up, I will >have to switch back to e-mail. Hopefully that is workable enough for you. Have a nice day. > If others share Denis' perceptions, please let the chairs know. -- Denis Ovsienko ___ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
Re: [homenet] [babel] about Babel security (questions for Juliusz Chroboczek)
Dear Denis,
Thank you very much for your kind mail.
Unfortunately, I think there might be some confusion:
- DTLS is Stenberg-style security;
- HMAC is Ovsienko-style security,
- it has four variants (7298, 7298bis, DKC, Stenberg)
- two of which have fatal flaws (7298 and 7298bis).
I am really sorry for causing confusion by using both DTLS and
Stenberg-style for what is the same thing, and for furthering this
confusion for using "Stenberg variant" for one variant of the HMAC
protocol.
> Another fact is, in early 2016 you were promoting the pre-IETF Babel
> work before and at the Babel BoF and claimed that besides the HMAC (then
> RFC 7298) approach to Babel security there was another viable
> alternative, namely, "Stenberg-style security". You were promoting the
> idea that the Babel WG should evaluate both mechanisms and choose the
> best.
> * Q1: Do you acknowledge these two facts and do you agree they are
> directly related? (yes/no, please explain if "no")
Yes, besides HMAC I have been advocating DTLS, also known as
Stenberg-style security. Markus Stenberg is a competent security
expert, and I always try to listen to his advice.
> The specification of "Stenberg-style security" for Babel was never
> published. It is June 2018 and I have never seen it, although I asked
> to.
It was presented at IETF 101 in March 2018 (at which you were present).
The draft lives here:
https://github.com/jech/babel-drafts/tree/master/draft-decimo-babel-dtls
I am not an author. Please ask the authors, not me, about why it hasn't
been published yet.
> * Q2: In 2016 did you know "Stenberg-style security" for Babel did not
> exist as a workable WG item in the first place? (yes/no)
DTLS, also known as Stenberg-style security, has been implemented by
Antonin Décimo and independently reimplemented by David Schinazi during
the spring of 2018. It took somewhat longer than expected, for various
reasons that are none of your business (such as Antonin wanting to pass
his exams).
> * Q3: Why were you promoting a WG option that either you didn't verify
> exists in the first place (if "no" above) or you definitely knew does
> not exist (if "yes" above)? Please explain.
I knew it didn't exist at the time. I was confident we could make it
happen. Antonin and David have made it happen, which shows that I was
right.
> At some point between 2016 and 2017 you stopped mentioning
> "Stenberg-style security" and began to promote DTLS for Babel
> security. The first "running code" prototypes (not implementations)
The two are the same thing. Sorry again for the confusion.
> * Q4: In 2016-2018 did you know a specification for the "DTLS" Babel
> security did not exist as a workable WG item? (yes/no)
Stenberg-style security and DTLS are the same thing, so my answer to Q2
applies.
> * Q5: same as Q3
Stenberg-style security and DTLS are the same thing, so my answer to Q3
applies.
> * Q6: Do you agree your long-time presenting effort had created and
> maintained an impression that the "alternative" security option was
> viable and workable by the Babel WG, regardless of its actual status
> at the time? (yes/no, please explain if "no")
Yes, I did believe that DTLS was viable, and did my best to communicate
this fact to the list. As explained in my answer to Q2 above, I maintain
that I was right.
> * Q7: If "yes" to Q6, was this impression what you intentionally were
> trying to achieve? (yes/no, please explain if "no")
Yes.
> * Q8: If "yes" to Q6, do you agree this impression has been influencing
> decision making in both Babel and Homenet WGs? (yes/no, please explain
> if "no")
I do not know. Please ask the WG participants.
> * Q9: Do you agree the end effect was that the work on HMAC Babel
> security was held back in the Babel WG? (yes/no, please explain if
> "no")
No. I have been actively promoting the HMAC work ("Ovsienko-style"), just
as I have been promoting the DTLS work ("Stenberg-style").
The HMAC work has been held up because 7298bis had fatal flaws.
> * Q10: After the WG decision about HMAC (which was in line with your
> latest position at the time) are you still maintaining that choosing
> between HMAC and DTLS would benefit the Babel WG? (yes/no, please
> explain if "yes")
I would like see both HMAC and DTLS published as Standards Track
documents. It will be a lot of work, but I am confident that we will
manage it.
I would prefer that we didn't choose between the two -- I want to have
both. As stated publicly at the microphone at IETF 101 in London, should
we be forced to choose, I would support HMAC. Of course, I may change my
opinion in the future, it depends on how HMAC and DTLS will develop.
> * Q11: If "no", could you explain why did not you denounce the idea on
> the mailing list with appropriate comments?
I do not understand the question. It is not my role to "denounce"
anything or anyone, I merely express my opinions, just like any
