Re: [perpass] tcpcrypt applicability
Phillip Hallam-Baker <hallam@gmail.com> Mon, 27 January 2014 16:28 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7859D1A034A for <perpass@ietfa.amsl.com>; Mon, 27 Jan 2014 08:28:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SrJIm-draO7T for <perpass@ietfa.amsl.com>; Mon, 27 Jan 2014 08:28:41 -0800 (PST)
Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id ECDF11A033D for <perpass@ietf.org>; Mon, 27 Jan 2014 08:28:40 -0800 (PST)
Received: by mail-la0-f47.google.com with SMTP id hr17so4693370lab.34 for <perpass@ietf.org>; Mon, 27 Jan 2014 08:28:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=tQHXEi5Q1AwihyELIBD8liAIxU1c7mDvJVUA7Ri2OW4=; b=F7GzUSa1IAG17YcGyPtR4vPGXAMReNSINHfkEXJk6kb64XVB7bX7PhmsghKEWiQvYa krR1o05V5w8Fp6m0avP39XXTdHCf614asDoJRbRivyU2tPzZ/tpUUUQaWpc/2Aakkbcz zRRO80g84fF0+0sNFUn4Lj/Vc64A2jW7jxFo1PkG06Qs01EHSxpLamhLqmpdhyCobGhc qsNOFZayvkJUZuM4HW2rH49yi+KESFiOjuNRLdvnpHJ1wAjo5zRvep4L+7YUguD2tL0U Ei7MDm+WblpkPRv3fe6x48la8V6fMU3c4Z7UiSzJ6Hn2fYbnPwlUa3/rL+/2+F3dqWA/ XRWQ==
MIME-Version: 1.0
X-Received: by 10.152.205.197 with SMTP id li5mr35046lac.50.1390840117052; Mon, 27 Jan 2014 08:28:37 -0800 (PST)
Received: by 10.112.37.168 with HTTP; Mon, 27 Jan 2014 08:28:36 -0800 (PST)
In-Reply-To: <012101cf1a11$f23cc9b0$d6b65d10$@huitema.net>
References: <012101cf1a11$f23cc9b0$d6b65d10$@huitema.net>
Date: Mon, 27 Jan 2014 11:28:36 -0500
Message-ID: <CAMm+LwgezvGkEN_GkJqyYLBAMX1hWoBh=1HBZUH+bwdWym+7bA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Christian Huitema <huitema@huitema.net>
Content-Type: multipart/alternative; boundary="001a1136d45e1dca4d04f0f6338d"
Cc: perpass <perpass@ietf.org>, Dave Crocker <dcrocker@bbiw.net>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] tcpcrypt applicability
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2014 16:28:44 -0000
On Sat, Jan 25, 2014 at 4:10 PM, Christian Huitema <huitema@huitema.net>wrote: > From: Dave Crocker, Monday, January 20, 2014 7:27 AM > > On 1/20/2014 7:19 AM, Stephen Farrell wrote: > >> I'd expect that if tcpcrypt were implemented in > >> some kernels then it'd be useful in places where you can't > >> feasibly use TLS. > > > > > > what are some examples of when this could occur? > > > > as long as there is speculation about this as a legitimate alternative, > > it would help to have the speculation include plausible examples. > > TCPCRYPT is a very good way to do opportunistic encryption. It will > negotiate encryption by default at the beginning of the TCP session, > without > any attempt to provide authentication. At the same time, the stack provides > a unique identifier of the encryption session, which can be used by the > application protocol to perform authentication and detect MITM by any way > they see fit -- PKI, EKE, PGP, some application specific scheme, or even > nothing if the application does not care. The architecture looks what we > should have done 20 years ago. Kudos to the authors of the spec. > > But then, the big question is, is it deployable? First, it pretty much > requires OS implementation. I can foresee interesting discussions before > big > development teams decide to do this. It also supposes a communication API > between app and stack, and also some yet-to-be-standardized application > protocols for managing the encryption identifiers. That too will take time. > And then it requires new TCP options, which many NAT and firewalls are > known > to block by default. > Hence my proposal that this is something we should look at in conjunction with TLSvNext. There are two parts to any crypto transport, there is a key exchange and a transport binding. Hitherto we have treated these as being intrinsically and inseparably connected. So IPSEC uses IPSEC key exchange, TLS uses TLS key exchange and so on. If we separate the concerns here we could have one key exchange which could be used with an IP, TCP, Socket or Message layer transport binding. I certainly don't want a pure TCP layer binding because the application needs to know what the security context is and what the key is authenticated to. So I need some of the crypto to be visible at the socket layer. But I can certainly see room for a scheme where the TCP layer in the platform looks to see if the upper layer is doing crypto and if not does crypto opportunistically. But then that raises the question of integration with DNS and our issues with DNSSEC transport being only 97% visible at best but any deployment having to work in 99.99999% of network configurations. -- Website: http://hallambaker.com/
- Re: [perpass] tcpcrypt applicability Christian Huitema
- Re: [perpass] tcpcrypt applicability Phillip Hallam-Baker