Re: [Rmt] Comments on TESLA source authentication in the ALC and NORM protocols: draft-faurite-rmt-tesla-for-alc-norm-00.txt
faurite <sebastien.faurite@inrialpes.fr> Thu, 28 July 2005 08:11 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Dy3To-0000mt-9d; Thu, 28 Jul 2005 04:11:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Dy3Tk-0000lw-GA for rmt@megatron.ietf.org; Thu, 28 Jul 2005 04:10:58 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA04676 for <rmt@ietf.org>; Thu, 28 Jul 2005 04:10:54 -0400 (EDT)
Received: from mx-serv.inrialpes.fr ([194.199.18.100]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Dy3zA-0003dy-FZ for rmt@ietf.org; Thu, 28 Jul 2005 04:43:25 -0400
Received: from amandier.inrialpes.fr (amandier.inrialpes.fr [194.199.18.76]) by mx-serv.inrialpes.fr (8.13.0/8.13.0) with ESMTP id j6S8ADK8017809; Thu, 28 Jul 2005 10:10:13 +0200 (MEST)
Received: from [194.199.24.96] (charmille.inrialpes.fr [194.199.24.96]) by amandier.inrialpes.fr (8.11.6/8.11.3/ImagV2) with ESMTP id j6S8ABB09109; Thu, 28 Jul 2005 10:10:13 +0200 (MEST)
Message-ID: <42E892E6.50608@inrialpes.fr>
Date: Thu, 28 Jul 2005 10:10:14 +0200
From: faurite <sebastien.faurite@inrialpes.fr>
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050716)
X-Accept-Language: fr, en
MIME-Version: 1.0
To: Michael Luby <luby@digitalfountain.com>
Subject: Re: [Rmt] Comments on TESLA source authentication in the ALC and NORM protocols: draft-faurite-rmt-tesla-for-alc-norm-00.txt
References: <MLEAJLFPEBEIKPLNBLGIGEKPFFAA.luby@digitalfountain.com>
In-Reply-To: <MLEAJLFPEBEIKPLNBLGIGEKPFFAA.luby@digitalfountain.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0 (mx-serv.inrialpes.fr [194.199.18.100]); Thu, 28 Jul 2005 10:10:14 +0200 (MEST)
X-SMAUG-MailScanner: Found to be clean
X-SMAUG-MailScanner-From: sebastien.faurite@inrialpes.fr
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by mx-serv.inrialpes.fr id j6S8ADK8017809
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d16ce744298aacf98517bc7c108bd198
Content-Transfer-Encoding: quoted-printable
Cc: msec@securemulticast.org, vincent.roca@inrialpes.fr, "Rmt@ietf. org" <rmt@ietf.org>
X-BeenThere: rmt@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Reliable Multicast Transport <rmt.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rmt>, <mailto:rmt-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rmt@ietf.org>
List-Help: <mailto:rmt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rmt>, <mailto:rmt-request@ietf.org?subject=subscribe>
Sender: rmt-bounces@ietf.org
Errors-To: rmt-bounces@ietf.org
Mike, thanks a lot for your constructive remarks. Generally speaking, we do agree with all of them. The choices we made have been done with the goal to bootstrap the work (keep in mind it's only a -00 version) and to fill in some missing aspects in current TESLA documents. Let's go into the details, in particular concerning the "split between MSEC and RMT WG". You're right, our I-D could easily be split into several separate documents, some of them being specified in the MSEC WG, and the ALC/NORM instanciation in the RMT WG. This is not the choice we made for the -00 version because we wanted to put forward all the points we believe are needed (and that are missing in current MSEC TESLA documents). For instance: - boostrap stuff could be moved to a separate "TESLA bootstraping for ALC/NORM" document (or merged with the current "TESLA bootstraping for SRTP" document if the authors believe it's feasible/desireable). - key chain switching: RFC4082 (TESLA introduction) does not discuss this possibility of high practical importance. The same is true for the "TESLA for SRTP" I-D. This is an issue in particular (but not only) with on-demand ALC sessions of non-predefined duration. We tried to fix this, but yes, a better solution would be to have this mechanism described in some MSEC TESLA document since it could then be used not only for ALC/NORM but also for SRTP... - time synchronization stuff: RFC4082 and "TESLA for SRTP" essentially focuss on direct synchronization, which is not necessarily appropriate in case of ALC (scalability/feedback problems). So we tried to further clarify how indirect synchronization could be done (securely)... But yes, here also, a better solution would be to have it described in an MSEC TESLA document. Having it all in the same -00 document was a deliberate choice, but this is questionable, sure. A direct consequence is that this single I-D could not be submitted to both WGs and we've been adviced to send it to RMT and CC it to MSEC. That's why. BTW, an updated "TESLA spec" along the lines of the (dead) I-D: http://www.ece.cmu.edu/~adrian/tesla/draft-ietf-msec-tesla-spec-00.txt that would incorporate the missing points above is clearly missing. Some parts of our I-D is inspired from it, as we explained. Cheers, Sebastien/Aurelien/Vincent >Comments on TESLA source authentication in the ALC and NORM protocols: >draft-faurite-rmt-tesla-for-alc-norm-00.txt > >First off, I think that this is a very good thing to try and standardize, as >TESLA is ideally suited to provide authentication and packet integrity >protection to ALC and NORM. Unfortunately, I have a lot of questions and >issues with the draft, and some are basic questions about where this work >should be done. > >What I was expecting is a document that describes how to apply TESLA and >related security features that have been developed in MSEC that have been >developed in the spirit of a building block to ALC and NORM, where all the >security issues have been addressed in the TESLA work and it is simply cut >and paste to put that into the ALC and NORM context. What I see instead is >a document that describes a lot of protocol work that has security aspects >to it that seems more suitable for MSEC. I’m not sure why this is, perhaps >because the TESLA specification does not lend itself to being used as a >building block directly, and perhaps because some of the other security >protocols have not been addressed by MSEC. It would be good though if the >basic security work were done in MSEC, and only applications of that work >that have no potential to introduce weaknesses in security were described in >the RMT work that describes how these protocols are applied to ALC and NORM. >I have been informed that this is the approach taken with SRTP, i.e., the >work to apply TESLA to SRTP is being done within MSEC, and not AVT. > >As an example, Section 2 describes protocols for time synchronization >between the sender and receivers. Since the security of TESLA entirely >relies on time synchronization, the security of this protocol is of crucial >importance. Furthermore, it seems that time synchronization would be a >basic primitive of any protocol that uses TESLA. Thus, it seems like the >time synchronization protocols should be work done within the MSEC group >that can then be leveraged for application work done in RMT, and it seems >inappropriate for this work to be done in RMT since the security protocol >experts aren’t there. > >Section 3 on setting TESLA parameters seems to be the type of thing that one >would expect in this draft. However, even in this section, there is very >little reference and tie-in with the TESLA RFC, and thus it would be good to >tighten this section up and refer to the appropriate sections and >definitions used in TESLA in this section and use the protocols that have >been standardized in TESLA. A related comment is that it should be said >somewhere in this draft incorporates the TESLA RFC and inherits all of the >terminology of the TESLA RFC. > >The bulk of Section 3 defines the format of bootstrap information signature >fields and authentication tags, and many related parameters. It seems like >this format and information should all be defined in the TESLA RFC, or if >not in a related RFC within MSEC. If this is all new to this draft and not >described in the TESLA RFC then this seems like a lot of new >formatting/information to be adding beyond TESLA, and I would feel a lot >more comfortable if this work were done in MSEC. > >There are a number of other technical comments that could be made, but I >think the high level issue of how to split the work between MSEC and RMT >should be solved before addressing lower level technical issues. > >Regards, >Michael Luby > > >_______________________________________________ >Rmt mailing list >Rmt@ietf.org >https://www1.ietf.org/mailman/listinfo/rmt > > > _______________________________________________ Rmt mailing list Rmt@ietf.org https://www1.ietf.org/mailman/listinfo/rmt
- [Rmt] Comments on TESLA source authentication in … Michael Luby
- Re: [Rmt] Comments on TESLA source authentication… faurite
- Re: [MSEC] Re: [Rmt] Comments on TESLA source aut… George Gross
- Re: [MSEC] Re: [Rmt] Comments on TESLA source aut… canetti
- RE: [MSEC] Re: [Rmt] Comments on TESLA source aut… Michael Luby
- RE: [MSEC] Re: [Rmt] Comments on TESLA source aut… canetti
- Re: [MSEC] Re: [Rmt] Comments on TESLA source aut… canetti
- RE: [MSEC] Re: [Rmt] Comments on TESLA source aut… George Gross
- RE: [MSEC] Re: [Rmt] Comments on TESLA source aut… canetti
- RE: [MSEC] Re: [Rmt] Comments on TESLA source aut… Michael Luby
- RE: [MSEC] Re: [Rmt] Comments on TESLA source aut… canetti