IETF Logo Mail Archive

Re: [secdir] SECDIR review of draft-ietf-t cpinc-tcpcrypt-07

"Black, David" <David.Black@dell.com> Tue, 24 October 2017 13:45 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BE4F13F49A for <secdir@ietfa.amsl.com>; Tue, 24 Oct 2017 06:45:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=H69Jn88V; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=rsa.com header.b=BwbESJbJ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QOTHznND845f for <secdir@ietfa.amsl.com>; Tue, 24 Oct 2017 06:45:02 -0700 (PDT)
Received: from esa5.dell-outbound.iphmx.com (esa5.dell-outbound.iphmx.com [68.232.153.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3ACC2138BD6 for <secdir@ietf.org>; Tue, 24 Oct 2017 06:45:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1508852536; x=1540388536; h=from:cc:to:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=MD/obAKJTw+5gHQyLST9FIe/aUvVqP3avDfmY2StJpY=; b=H69Jn88VKnVjTktVpesqEpjgFZW9GEnvf6Ix1+ujcfIQtldzxnlXsM23 OU+3oSrbzvY49wCFPzmAEzGR0H8lYM/IcQlz7eC4qjCL15KOZ9yTogI7n 7+48EGSsDRuMrAnVO4KxC1J/vWxej6hMfBZlnjB0xKCabcj2uczuoCbFp g=;
Received: from esa1.dell-outbound2.iphmx.com ([68.232.153.201]) by esa5.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Oct 2017 08:42:16 -0500
From: "Black, David" <David.Black@dell.com>
Cc: "secdir@ietf.org" <secdir@ietf.org>, "krose@krose.org" <krose@krose.org>, "ietf@kuehlewind.net" <ietf@kuehlewind.net>, "M.Handley@cs.ucl.ac.uk" <M.Handley@cs.ucl.ac.uk>, "dm@uun.org" <dm@uun.org>, "eric.smith@kestrel.edu" <eric.smith@kestrel.edu>, "sqs@sourcegraph.com" <sqs@sourcegraph.com>, "Black, David" <David.Black@dell.com>
Received: from mailuogwhop.emc.com ([168.159.213.141]) by esa1.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Oct 2017 19:38:06 +0600
Received: from maildlpprd03.lss.emc.com (maildlpprd03.lss.emc.com [10.253.24.35]) by mailuogwprd05.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v9ODiqIx003336 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 24 Oct 2017 09:44:59 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd05.lss.emc.com v9ODiqIx003336
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=rsa.com; s=jan2013; t=1508852699; bh=f77qufK6H42uARZP4Cy/eqp2INs=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=BwbESJbJVTmoNH7paKsMP1OpoUTt78EXx8OKT49Bdr5UizvgP4wCFVLe2GWn7CaSn p/9kiLw69qW1PU94kzEo2q9fq9WlJ19XOvjGvs3LZJqPEOJPjbzp6i0GT5IRHuKN8d 6I/+9UqFagMHVnu8d2E7QohpFZBP4IJxhov2l7wg=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd05.lss.emc.com v9ODiqIx003336
Received: from mailusrhubprd03.lss.emc.com (mailusrhubprd03.lss.emc.com [10.253.24.21]) by maildlpprd03.lss.emc.com (RSA Interceptor); Tue, 24 Oct 2017 09:42:53 -0400
Received: from MXHUB313.corp.emc.com (MXHUB313.corp.emc.com [10.146.3.91]) by mailusrhubprd03.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v9ODiTFs013742 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Tue, 24 Oct 2017 09:44:31 -0400
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB313.corp.emc.com ([10.146.3.91]) with mapi id 14.03.0352.000; Tue, 24 Oct 2017 09:44:29 -0400
To: Daniel B Giffin <dbg@scs.stanford.edu>, Stephen Kent <stkent@verizon.net>
Thread-Topic: SECDIR review of draft-ietf-t cpinc-tcpcrypt-07
Thread-Index: AQHTQ3r+s8CqFyKgTEyy6VMimgVfjaLt1kcAgAQNkgCAAQXkgIAAJVwA
Date: Tue, 24 Oct 2017 13:44:28 +0000
Message-ID: <CE03DB3D7B45C245BCA0D243277949362FD0A1FF@MX307CL04.corp.emc.com>
References: <a81a01d1-f5b8-ea3b-ebc2-2536aa08fb5f@verizon.net> <20171021013702.GB85636@scs.stanford.edu> <88e80c7a-0534-5ff0-deeb-c0bc5f3c9a09@verizon.net> <20171024070759.GA61933@scs.stanford.edu>
In-Reply-To: <20171024070759.GA61933@scs.stanford.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.238.44.138]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd03.lss.emc.com
X-RSA-Classifications: public
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/WgcwFowU9poK6bUon1WWgE0X93c>
Subject: Re: [secdir] SECDIR review of draft-ietf-t cpinc-tcpcrypt-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2017 13:45:04 -0000

Stephen,

> > > > Section 6 defines the initial set of AEAD algorithms supported by tcpcrypt,
> > > > in Table 2. Each algorithm is assigned a value in the 1-255 range, a much
> > > > smaller range of values that used in protocols like TLS. The

This does not appear to be a significant problem in practice - a quick scan of the TLS ciphersuite registry (https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4) turns up less than half-a-dozen encryption algorithms that appear to be nation-specific.

The two primary reasons for the massive size of that TLS registry are:
	a) a bunch of obsolete cr*p that SHOULD NOT be used (e.g., RC4, DES and  EXPORT ciphersuites); and
	b) the combinatorics of registering all the possible TLS ciphersuites, courtesy of the number of components in a TLS ciphersuite.
Neither of those apply to tcpcrypt.

The IKEv2 Transform Type 1 - Encryption Algorithm Transform IDs registry (https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-3) appears to be a better example for this analogy - it has less than 30 values assigned.  I'd suggest adding one sentence to point out the following:

> > > Well, although the code-space used by tcpcrypt is small,
> > > TCP-ENO is a big escape-hatch in terms of extensibility.

Thanks, --David

> -----Original Message-----
> From: Daniel B Giffin [mailto:dbg@scs.stanford.edu]
> Sent: Tuesday, October 24, 2017 3:08 AM
> To: Stephen Kent <stkent@verizon.net>
> Cc: secdir@ietf.org; Black, David <david.black@emc.com>; krose@krose.org;
> ietf@kuehlewind.net; M.Handley@cs.ucl.ac.uk; dm@uun.org;
> eric.smith@kestrel.edu; sqs@sourcegraph.com
> Subject: Re: SECDIR review of draft-ietf-t cpinc-tcpcrypt-07
> 
> Hi Stephen et al.,
> 
> Below is some discussion about the number of bits devoted to
> negotiating the symmetric cipher (currently eight for
> tcpcrypt) ...
> 
> Stephen Kent wrote:
> > > > Section 6 defines the initial set of AEAD algorithms supported by
> tcpcrypt,
> > > > in Table 2. Each algorithm is assigned a value in the 1-255 range, a much
> > > > smaller range of values that used in protocols like TLS. The text in
> Section
> > > > 7 might need to remind readers that this will argue against the
> registration
> > > > of “vanity” AEAD algorithms for tcpcrypt.
> > > Hm yes, I see that TLS 1.3 uses a two-byte identifier for a
> > > similar purpose, although it looks like this specifies both
> > > an AEAD algorithm and an HKDF.
> > >
> > > Well, although the code-space used by tcpcrypt is small,
> > > TCP-ENO is a big escape-hatch in terms of extensibility.
> > > For example, tcpcrypt could be extended with additional TEPs
> > > whose only difference is to map the symmetric-cipher
> > > identifier-bytes to different meanings.  Not the prettiest
> > > solution, but perhaps acceptable if one is optimistic that
> > > exhaustion is unlikely anyway?
> > We've seen nation-specific algorithms proposed as optional for use with a
> > number of
> > security protocols, which is why I mention this issue. An allusion to the
> > potential
> > to expand this space, if needed, would be useful here.
> 
> If you could let us know what protocols you mean, that would
> be a helpful point of comparison.  It looks like the main
> TLS 1.3 document specifies only five symmetric algorithms,
> but of course other documents could supplement this
> arbitrarily; I guess I should look at OpenSSL or something
> to see how many are actually supported.
> 
> Concerning "nation-specific algorithms", do you mean that
> the number of needed symmetric-encryption algorithms could
> be on the same order as the number of countries in the
> world?
> 
> If there's a need to mention how the code-space for
> symmetric ciphers could be expanded, maybe we should
> seriously consider allocating 16 bits to this; I just don't
> have a good handle on the order of magnitude that is
> plausibly needed.
> 
> daniel

v2.23.0 | Report a Bug | By Email