Re: The TCP and UDP checksum algorithm may soon need updating

Christian Huitema <huitema@huitema.net> Tue, 09 June 2020 02:39 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44C0C3A03FF for <ietf@ietfa.amsl.com>; Mon, 8 Jun 2020 19:39:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sb9GuQaEy-5C for <ietf@ietfa.amsl.com>; Mon, 8 Jun 2020 19:39:22 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EFF43A03F3 for <ietf@ietf.org>; Mon, 8 Jun 2020 19:39:22 -0700 (PDT)
Received: from xse221.mail2web.com ([66.113.196.221] helo=xse.mail2web.com) by mx114.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1jiUAX-0015Ul-1x for ietf@ietf.org; Tue, 09 Jun 2020 04:39:19 +0200
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 49gvTF6d7rzBVb for <ietf@ietf.org>; Mon, 8 Jun 2020 19:39:13 -0700 (PDT)
Received: from [10.5.2.18] (helo=xmail08.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1jiUAT-00077C-QN for ietf@ietf.org; Mon, 08 Jun 2020 19:39:13 -0700
Received: (qmail 31081 invoked from network); 9 Jun 2020 02:39:13 -0000
Received: from unknown (HELO [192.168.1.104]) (Authenticated-user:_huitema@huitema.net@[172.58.43.64]) (envelope-sender <huitema@huitema.net>) by xmail08.myhosting.com (qmail-ldap-1.03) with ESMTPA for <rlb@ipv.sx>; 9 Jun 2020 02:39:13 -0000
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
From: Christian Huitema <huitema@huitema.net>
Mime-Version: 1.0 (1.0)
Subject: Re: The TCP and UDP checksum algorithm may soon need updating
Date: Mon, 8 Jun 2020 19:39:12 -0700
Message-Id: <BB6A192C-3B93-4082-9E4C-34DE84FA02FB@huitema.net>
References: <FFC7A18141B2178321D89DB0@PSB>
Cc: Richard Barnes <rlb@ipv.sx>, Carsten Bormann <cabo@tzi.org>, IETF discussion list <ietf@ietf.org>
In-Reply-To: <FFC7A18141B2178321D89DB0@PSB>
To: John C Klensin <john-ietf@jck.com>
X-Mailer: iPhone Mail (17E262)
X-Originating-IP: 66.113.196.221
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.221/32
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.221/32@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0fwuhl+SFh+udCLiTeLN1rOpSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDAzc5Jb/eaE0k3pqeq35lKbgN zB/4Jkrw1eDLcif59ftSxbFk3zIsL+Mp6ioK+lVxU7Tmz6iKnkQL9gqsxD347235Nhqq+/HvroPq 8GSPg+60/QPNqXybIny9WGhadIo/d/hBjqsxautjlVXfyJaQKbyme9ldZJ7uNXfg/GfS8fUvP/L5 rCqHDsKZM+xa1iwJX+gRCHfMVnsAk591zk0uilUI+ZL4xWiN8NS6C+dmX6OEdA4u1aThyWrQ/ou2 +v/lmX4Em37yFgrCB6NHRn1g+f3uncIqYSL3lhh5c81YyJqFoLZMmkWsaurVZfvqROaDnDtHb8z5 dpPkEuJ8Snwqla7jUnW3hy14Yji8fo+4xCnSRo4Rcu5Z37rMuDjCny5fE9ykbJ7I9co1MAEE3ruN Xsm8UJsAPvDcVSKtDCYkioPY5Qx4fJOk03R5fJtf/Dv/dkIzS7m4GUpXCY1Y3j3ilUN7TTX3qb0a 8RNcOLCOSd6whjgtKo9vvLdWvMqyXFm28AbdT9wWhw0VUTje3NADLKHiEupUwSPv19zJnEBMzGYM 7OYFXYdC3tRq275m/U3Vm45OFDx46iAYt7zPADpxbbdCp3Zd9clP8wSiJZWbJCj+xRrjVmRxpGtS cvUmgj1Ldkd29n5C3RMen2CVMcRtvV2jZAOanSBpz6Rja2u/0jIutcfIiJRMEtQmiqqBaUJVh+Xw USsu3r8c/nSA6bEnnvysta6u1iHEyuS7GD1uvcpTwipgKxTUxjbTKhmNitIcJOYIJd4MvQ0Nf4Ec bvHO1diDanHV9KirFAIIecsyj+YNTo81GR+jDXFsz/ZQnbbTizvwlZsrbltGiZoUh+c+5pFVgpT1 b21uZVckGp0ccOa2XhkGbmsUNPNkere1WheNsVXmhO8BzADiszcWR9bz/SDtF09JpSbuuCeiIDK0 C/0=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/CF8h3Rk4UCX4Nzo5wfMcCr5jurk>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2020 02:39:24 -0000

> On Jun 8, 2020, at 7:18 PM, John C Klensin <john-ietf@jck.com> wrote:
> 
>  Yet, unless I have completely
> misunderstood, much of the conversation has been about methods
> that were designed for privacy protection using encryption with
> integrity protection being nothing but a necessary side-effect.

Encryption without authentication is subject to a variety of attacks such as truncating messages, splicing them, or changing the encrypted text. That's why most modern encryption systems provide authentication at the same time as encryption. So it is much more than "a side effect"...

-- Christian Huitema