[icnrg] comments on ccnx key exchange draft
Mark Stapp <mjs@cisco.com> Thu, 04 February 2016 21:17 UTC
Return-Path: <mjs@cisco.com>
X-Original-To: icnrg@ietfa.amsl.com
Delivered-To: icnrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E57191B29BD for <icnrg@ietfa.amsl.com>; Thu, 4 Feb 2016 13:17:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pNBP-jHPh9OX for <icnrg@ietfa.amsl.com>; Thu, 4 Feb 2016 13:17:39 -0800 (PST)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 621491B29BA for <icnrg@irtf.org>; Thu, 4 Feb 2016 13:17:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2717; q=dns/txt; s=iport; t=1454620659; x=1455830259; h=from:subject:to:message-id:date:mime-version: content-transfer-encoding; bh=gXZF72tAxr3GZ1Dp94z3kKBKmVSo5pxQhx/vFa4pI6Q=; b=DArBcdQECerZ3iDa5OeB8DZ53EpbrZboAqOatxD5V1dcWxW5dEVM28eU Z4r9CzGsnlrcmKE/sb+E/ieUvXUM+0QUubN2W6AVSnysR71B6BtMWNB9/ 5YoEpOfN5Bo0ZmNipeaqxH3fgFj8Fx6gG671UkIdm42vwNethaBJhshm+ c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BfAwAsv7NW/51dJa1egzqKGp1ABQGBD5IsAQ2BZoYIA4FDOBQBAQEBAQEBfwuEVhUVLRM2AgUWCwILAwIBAgE/DA0IAQGIF6IZj1uPFgEBAQcCAR17hE+JCw6DGIE6BY0ldIhYjU+BW4dFI4UujkAeAQFChAIehx+BOQEBAQ
X-IronPort-AV: E=Sophos;i="5.22,397,1449532800"; d="scan'208";a="73730067"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Feb 2016 21:17:38 +0000
Received: from [10.131.118.107] ([10.131.118.107]) (authenticated bits=0) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id u14LHb4R004296 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for <icnrg@irtf.org>; Thu, 4 Feb 2016 21:17:38 GMT
From: Mark Stapp <mjs@cisco.com>
To: "icnrg@irtf.org" <icnrg@irtf.org>
Message-ID: <56B3BFF0.6060302@cisco.com>
Date: Thu, 04 Feb 2016 16:17:36 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Authenticated-User: mjs
Archived-At: <http://mailarchive.ietf.org/arch/msg/icnrg/W-UlAx3rg_l9XDsLwBCmtds18pI>
Subject: [icnrg] comments on ccnx key exchange draft
X-BeenThere: icnrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Information-Centric Networking research group discussion list <icnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/icnrg>, <mailto:icnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/icnrg/>
List-Post: <mailto:icnrg@irtf.org>
List-Help: <mailto:icnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/icnrg>, <mailto:icnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 21:17:41 -0000
I've read the key exchange draft, and I've got some initial comments and questions. Let me say right up front that I'm grateful for the work that's gone into the initial version - this kind of protocol is a crucial building-block for many applications. Thanks, Mark 1. tls vs quic there seems to be quite a lot of emphasis on taking advantage of ideas from quic. I didn't always find that to be compelling, mainly because the crypto parts of quic are sort of subordinated to the transport features such as multiplexing, FEC, improved loss/dup detection, modular cong-control. I think CCN has many of the same needs, and might well benefit from a capable transport protocol stack. however, the key-exchange draft is limited to the handshake protocol and key material derivation. the quic authors' documents say that "the quic crypto protocol is _destined to die_" [emphasis in the original] and be replaced with TLS 1.3. it'd be preferable to develop the CCN handshake and key derivation based on tls 1.3. it might be clearer to start without trying to incorporate some of the quic "optimizations", and then revisit the quic protocol when there's a desire to begin developing a CCN transport modelled on quic. 2. computational work balance during handshake In the absence of source address info, I think we may need to be more concerned about work balance between client and server during the handshake. there are a couple of places where that seems to me to be a potential problem [I'm using tls-tls13-11 as a reference]: - client sends ClientHello, provoking server into doing DH even if the client has no intention of continuing the exchange - client sends ClientHello, provoking a server that authenticates with a cert into producing an expensive signature proof [I think that first one may apply even if you stick with the quic scheme: the client generates random goop for its ClientShare1 message, and then the server has to do a DH computation to try to decrypt it.] 3. replay/sequence counter value and GCM I didn't follow where an appropriate counter would be conveyed for use in GCM. It wasn't clear to me - from the text in 6.2 for example - how that was meant to work? 5. cert name indication (SNI analogue) I think we'll need something that corresponds to SNI - Server Name Indication - the TLS extension that helps support CDNs and virtual servers. I can imagine that there may be applications that don't want to expose in the clear any more than they expose today - they reach some cdn or virtualized host, and then everything that's application-specific takes place inside the protected crypto context.
- [icnrg] comments on ccnx key exchange draft Mark Stapp
- Re: [icnrg] comments on ccnx key exchange draft Marc.Mosko
- Re: [icnrg] comments on ccnx key exchange draft Christopher.Wood