Re: [perpass] TCP Stealth (Was: I-D Action: draft-kirsch-ietf-tcp-stealth-00.txt
Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 18 August 2014 13:20 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A51E71A0343 for <perpass@ietfa.amsl.com>; Mon, 18 Aug 2014 06:20:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level:
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wmfejZmxEbGw for <perpass@ietfa.amsl.com>; Mon, 18 Aug 2014 06:20:17 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 709571A0313 for <perpass@ietf.org>; Mon, 18 Aug 2014 06:20:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5151ABE01; Mon, 18 Aug 2014 14:20:16 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C6ubI0Oz62ek; Mon, 18 Aug 2014 14:20:16 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 2E6F0BDFD; Mon, 18 Aug 2014 14:20:16 +0100 (IST)
Message-ID: <53F1FD90.6000706@cs.tcd.ie>
Date: Mon, 18 Aug 2014 14:20:16 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>, draft-kirsch-ietf-tcp-stealth@tools.ietf.org
References: <20140815064106.17646.23281.idtracker@ietfa.amsl.com> <20140818131512.GA26987@nic.fr>
In-Reply-To: <20140818131512.GA26987@nic.fr>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/HusHO5aJ3n-hfCX6ntHUkJQTxnA
Cc: perpass@ietf.org
Subject: Re: [perpass] TCP Stealth (Was: I-D Action: draft-kirsch-ietf-tcp-stealth-00.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Aug 2014 13:20:19 -0000
Hiya, This list would be ok I guess though a thread has been started on tcpinc and tcpm. I suspect that tcpm is probably the best overall, as its there where the folks who'd be best able to comment would be found I think. S. On 18/08/14 14:15, Stephane Bortzmeyer wrote: > [The I-D does not indicate, apparently, a mailing list for discussion > of the idea. Trying on perpass. Suggestions of a better venue are > welcome.] > > On Thu, Aug 14, 2014 at 11:41:06PM -0700, > internet-drafts@ietf.org <internet-drafts@ietf.org> wrote > a message of 49 lines which said: > >> Title : TCP Stealth >> Authors : Julian Kirsch >> Christian Grothoff >> Jacob Appelbaum >> Holger Kenn >> Filename : draft-kirsch-ietf-tcp-stealth-00.txt > > IMHO, very good idea for an important problem. I would like this > work to move forward (an independant RFC with status Experimental, may > be?) > > A few suggestions/remarks: > > * May be a remark about the fact that it is intended for small groups > (the use of a shared secret limits the scalability). > > * "If the token is incorrect, the operating system pretends that the > port is closed." If the port is closed, the server will reply with a > RST. Not very stealth. You meant "If the token is incorrect, the > operating system won't reply at all"? > > * May be a security analysis comparing it to port knocking? If I'm > correct, TCP stealth provides min(32, N) bits of secret (32 being the > size of the ISN and N the number of bits in the shared secret) while > port knocking provides 16*N bits (N being the number of ports to > knock). > > * May be a mention of SPA <http://www.cipherdyne.org/fwknop/>, which > is closer from TCP Stealth than port-knocking? (The biggest difference > is that SPA is not stealth, Eve knows you're using SPA.) > > * Why MD5? I assume that TCP Stealth has no cryptographic agility > since there is no room to indicate the crypto algorithm (while staying > stealth) but why MD5, despite RFC 6151? > > * "6. Integraton with Applications" should be Integration > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > >
- [perpass] TCP Stealth (Was: I-D Action: draft-kir… Stephane Bortzmeyer
- Re: [perpass] TCP Stealth (Was: I-D Action: draft… Stephen Farrell
- Re: [perpass] TCP Stealth (Was: I-D Action: draft… Christian Grothoff
- Re: [perpass] TCP Stealth (Was: I-D Action: draft… Hagen Paul Pfeifer
- Re: [perpass] TCP Stealth (Was: I-D Action: draft… Stephane Bortzmeyer