Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms
Sean Shuo Shen <sshen@huawei.com> Tue, 08 January 2008 00:44 UTC
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m080iu4c007877 for <saag@PCH.mit.edu>; Mon, 7 Jan 2008 19:44:56 -0500
Received: from mit.edu (M24-004-BARRACUDA-2.MIT.EDU [18.7.7.112]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id m080ikMB011013 for <saag@mit.edu>; Mon, 7 Jan 2008 19:44:47 -0500 (EST)
Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [61.144.161.7]) by mit.edu (Spam Firewall) with ESMTP id 1F411F00FC3 for <saag@mit.edu>; Mon, 7 Jan 2008 19:44:24 -0500 (EST)
Received: from huawei.com (szxga04-in [172.24.2.12]) by szxga04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0JUA00G39VDU15@szxga04-in.huawei.com> for saag@mit.edu; Tue, 08 Jan 2008 08:44:18 +0800 (CST)
Received: from huawei.com ([172.24.1.24]) by szxga04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0JUA004LSVDUSY@szxga04-in.huawei.com> for saag@mit.edu; Tue, 08 Jan 2008 08:44:18 +0800 (CST)
Received: from s102542 ([10.111.12.53]) by szxml04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0JUA008K9VDQDA@szxml04-in.huawei.com> for saag@mit.edu; Tue, 08 Jan 2008 08:44:18 +0800 (CST)
Date: Tue, 08 Jan 2008 08:44:14 +0800
From: Sean Shuo Shen <sshen@huawei.com>
In-reply-to: <47823D3D.1010001@isi.edu>
To: 'Joe Touch' <touch@ISI.EDU>
Message-id: <001f01c8518f$97c6cae0$350c6f0a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Mailer: Microsoft Office Outlook 11
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit
Thread-index: AchRPYU4UeOgjgnWSEaVda7pz8s/5QAUBaAg
X-Spam-Score: 0.02
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
Cc: saag@mit.edu, cfrg@ietf.org
Subject: Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms
X-BeenThere: saag@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: IETF Security Area Advisory Group <saag.mit.edu>
List-Unsubscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/saag>
List-Post: <mailto:saag@mit.edu>
List-Help: <mailto:saag-request@mit.edu?subject=help>
List-Subscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=subscribe>
X-List-Received-Date: Tue, 08 Jan 2008 00:44:56 -0000
>> First, I remember somewhere it is said that the MAC key should be renewed >> when sequence number rollover, in your first email you also mentioned that >> "This is why we probably need to explicitly require that the connection key >> change whenever the sequence number rolls over (through the ISN)." I believe >> you are giving a reasonable and achievable requirement (hash key renewing >> during rollover). If hash key renewing during rollover is doable, nonce key >> renewing during rollover is also doable and it's not an extra requirement. >> The way to renew keys is out of the scope of our discussion. I don't think >> we have to give a key management scheme before talking about MAC algorithms. >It all depends on whether key reuse during rollover is prohibited >outright or just recommended against. If the former, I agree it's >sufficient to roll over the nonce key at the same time. It's the latter >case that's the issue, and whether to make this something FIPS >certification relies upon. Key reuse during rollover is prohibited. >> Second, maybe there is a misunderstanding here. What I mean is: the nonce >> generation algorithm can guarantee that nonce is different when the MAC >> protected data are different (because some mac algorithms require different >> nonce when hashing different messages). If the MAC protected data (I assume >> this is what you mean by "socket data") are same between transmission and >> retransmission, it is totally fine for nonce to be same. >That depends on whether the nonce is used to provide replay protection. >If it is, then it can't be the same if the entire segment is the same. The nonce here is not used against replay attack. Sean
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Joe Touch
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms mcgrew
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Joe Touch
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Stephen Kent
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Joe Touch
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Steven M. Bellovin
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Steven M. Bellovin
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Joe Touch
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Joe Touch
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Stephen Kent
- Re: [saag] TCP-AO MAC algorithms Brian Weis
- Re: [saag] TCP-AO MAC algorithms Eric Rescorla
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Joe Touch
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Joe Touch
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- [saag] Managing aglorithms RE: TCP-AO MAC algorit… Hallam-Baker, Phillip
- Re: [saag] Managing aglorithms RE: TCP-AO MAC alg… Vishwas Manral