[multipathtcp] Fwd: Re: Feedback on sha1/key exchange for MPTCP inter-op with FreeBSD
Nigel Williams <njwilliams@swin.edu.au> Thu, 18 October 2012 00:49 UTC
Return-Path: <njwilliams@swin.edu.au>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1EC821F8589 for <multipathtcp@ietfa.amsl.com>; Wed, 17 Oct 2012 17:49:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K59Zx9ma0bhE for <multipathtcp@ietfa.amsl.com>; Wed, 17 Oct 2012 17:49:28 -0700 (PDT)
Received: from gpo2.cc.swin.edu.au (gpo2.cc.swin.edu.au [136.186.1.31]) by ietfa.amsl.com (Postfix) with ESMTP id 6431921F865D for <multipathtcp@ietf.org>; Wed, 17 Oct 2012 17:49:27 -0700 (PDT)
Received: from [136.186.229.154] (nwilliams-laptop.caia.swin.edu.au [136.186.229.154]) by gpo2.cc.swin.edu.au (8.14.3/8.14.3) with ESMTP id q9I0nNBY004121 for <multipathtcp@ietf.org>; Thu, 18 Oct 2012 11:49:25 +1100
Message-ID: <507F520E.6060201@swin.edu.au>
Date: Thu, 18 Oct 2012 11:49:18 +1100
From: Nigel Williams <njwilliams@swin.edu.au>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120912 Thunderbird/15.0.1
MIME-Version: 1.0
To: multipathtcp <multipathtcp@ietf.org>
References: <507E2D35.7040606@swin.edu.au>
In-Reply-To: <507E2D35.7040606@swin.edu.au>
X-Forwarded-Message-Id: <507E2D35.7040606@swin.edu.au>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [multipathtcp] Fwd: Re: Feedback on sha1/key exchange for MPTCP inter-op with FreeBSD
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/multipathtcp>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2012 00:49:33 -0000
Sorry, forgot to cc the list on this one. cheers, nigel >> On Wednesday 17 October 2012 14:59:49 Nigel Williams wrote: >> Hi Christoph, Alan, >> >>> On 16/10/12 20:01, Christoph Paasch wrote: >>> You should not look at the key as a 64-bit integer. It is rather a sequence of >>> 8 bytes. When hashing, the key has to be in the same order as it was seen on >>> the wire. SHA-1 algorithm makes sure that the hash produces as a result the >>> same bit-sequence on little-endian and big-endian machines. >>> >>> If we would convert the key to host-byte-order, the bit-sequence input to the >>> sha-1 algorithm will be different on little-endian and big-endian machines. >>> Thus SHA-1 won't produce the same result anymore. >>> >> Okay, looks like I misunderstood how the sha function worked internally. >> Ran a little test application and now see what you mean. >> >> A couple of proposals for inclusion in the draft (Section 3.1): >> - It should be stated that the generated key is hashed in network byte >> order. >> - Also mention that the least significant bits are the rightmost bits of >> the sha1 digest, as per [1]. >> >> >> Another observation re interop testing: There is an amendment to the end >> of section 3.1 that on first glance seems to be at odds with how we see >> the current Linux implementation behave: >> >> "The initial Data Sequence Number (IDSN) on a MPTCP connection MUST be >> hard to guess. It is RECOMMENDED that the IDSN is generated as a >> hash from the Key ... however a receiver MUST NOT make any assumptions >> about the IDSN generation algorithm." >> >> From out observations the Linux implementation will include a Data ACK >> in each packet immediately after the TCP handshake (potentially before >> the remote host has sent any packets with DSN mappings). If the remote >> host were to use a different method to generate the IDSN, these D-ACKs >> would be out of sequence space. Were these D-ACKs added for debugging >> purposes? >> [1] FIPS 180-3: Secure Hash Standard, >> http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf > > Yes, we always include DATA_ACK's in the packets, because it was easier to implement. > > The part you are citing from the draft about the IDSN will be changed in the draft > version 11. The IDSN generation will be made deterministic. > > Cheers, > Christoph
- [multipathtcp] Feedback on sha1/key exchange for … Nigel Williams
- Re: [multipathtcp] Feedback on sha1/key exchange … Christoph Paasch
- Re: [multipathtcp] Feedback on sha1/key exchange … Nigel Williams
- Re: [multipathtcp] Feedback on sha1/key exchange … Christoph Paasch
- [multipathtcp] Fwd: Re: Feedback on sha1/key exch… Nigel Williams