Hi Eric, ke, 2020-02-19 kello 13:20 -0800, Eric Rescorla kirjoitti: > > > > > S 5.8. > > > > >> > > > > >> 5.8. RELAY_HMAC Parameter > > > > >> > > > > >> As specified in Legacy ICE-HIP [RFC5770], the > > RELAY_HMAC > > > > parameter > > > > >> value has the TLV type 65520. It has the same > > semantics > > > > as RVS_HMAC > > > > >> [RFC8004]. > > > > > > > > > > What key is used for the HMAC? > > > > > > > > clarified this as follows: > > > > > > > > [..] It has the same semantics as RVS_HMAC as specified in > > section > > > > 4.2.1 > > > > in [RFC8004]. Similarly as with RVS_HMAC, also RELAY_HMAC is > > is > > > > keyed > > > > with the HIP integrity key (HIP-lg or HIP-gl as specified in > > > > section 6.5 > > > > in [RFC7401]), established during the relay registration > > procedure > > > > as > > > > described in Section 4.1. > > > > > > This seems like it might have potential for cross-protocol > > attacks on > > > the key. Why > > > is this OK> > > > > this is standard way of deriving keys in HIP. The keying procedure > > is > > the same as with specified in RFC8004. If there is some attack > > scenario, please describe it in detail? > > Or is there some editorial issue here? > > I'm not sure. When I read this text it appears to say that you should > be using the same key for two kinds of messages. Is that correct?
the key is always specific to a Host Association, i.e., unique between a Relay Client and a Relay Server. So if there is a Rendezvous server (used with RVS_HMAC), this would be a different host and different Host Association. If the same host provides both rendezvous and relay service, it should be fine to reuse the same key. _______________________________________________ Hipsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/hipsec
