Re: [secdir] SECDIR review of draft-ietf-t cpinc-tcpcrypt-07
Daniel B Giffin <dbg@scs.stanford.edu> Tue, 24 October 2017 07:08 UTC
Return-Path: <dbg@scs.stanford.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 183C113C96F for <secdir@ietfa.amsl.com>; Tue, 24 Oct 2017 00:08:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p7VSr_x81_UC for <secdir@ietfa.amsl.com>; Tue, 24 Oct 2017 00:08:05 -0700 (PDT)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C047E13C907 for <secdir@ietf.org>; Tue, 24 Oct 2017 00:08:05 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost [127.0.0.1]) by market.scs.stanford.edu (8.15.2/8.15.2) with ESMTP id v9O7827J035890; Tue, 24 Oct 2017 00:08:02 -0700 (PDT)
Received: (from dbg@localhost) by market.scs.stanford.edu (8.15.2/8.15.2/Submit) id v9O77xJS063368; Tue, 24 Oct 2017 00:07:59 -0700 (PDT)
Date: Tue, 24 Oct 2017 00:07:59 -0700
From: Daniel B Giffin <dbg@scs.stanford.edu>
To: Stephen Kent <stkent@verizon.net>
Cc: secdir@ietf.org, david.black@dell.com, krose@krose.org, ietf@kuehlewind.net, M.Handley@cs.ucl.ac.uk, dm@uun.org, eric.smith@kestrel.edu, sqs@sourcegraph.com
Message-ID: <20171024070759.GA61933@scs.stanford.edu>
References: <a81a01d1-f5b8-ea3b-ebc2-2536aa08fb5f@verizon.net> <20171021013702.GB85636@scs.stanford.edu> <88e80c7a-0534-5ff0-deeb-c0bc5f3c9a09@verizon.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <88e80c7a-0534-5ff0-deeb-c0bc5f3c9a09@verizon.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/nL4OKhLnHtVrhVkCkBseb6PLKmA>
Subject: Re: [secdir] SECDIR review of draft-ietf-t cpinc-tcpcrypt-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2017 07:08:07 -0000
Hi Stephen et al., Below is some discussion about the number of bits devoted to negotiating the symmetric cipher (currently eight for tcpcrypt) ... Stephen Kent wrote: > > > Section 6 defines the initial set of AEAD algorithms supported by tcpcrypt, > > > in Table 2. Each algorithm is assigned a value in the 1-255 range, a much > > > smaller range of values that used in protocols like TLS. The text in Section > > > 7 might need to remind readers that this will argue against the registration > > > of “vanity” AEAD algorithms for tcpcrypt. > > Hm yes, I see that TLS 1.3 uses a two-byte identifier for a > > similar purpose, although it looks like this specifies both > > an AEAD algorithm and an HKDF. > > > > Well, although the code-space used by tcpcrypt is small, > > TCP-ENO is a big escape-hatch in terms of extensibility. > > For example, tcpcrypt could be extended with additional TEPs > > whose only difference is to map the symmetric-cipher > > identifier-bytes to different meanings. Not the prettiest > > solution, but perhaps acceptable if one is optimistic that > > exhaustion is unlikely anyway? > We've seen nation-specific algorithms proposed as optional for use with a > number of > security protocols, which is why I mention this issue. An allusion to the > potential > to expand this space, if needed, would be useful here. If you could let us know what protocols you mean, that would be a helpful point of comparison. It looks like the main TLS 1.3 document specifies only five symmetric algorithms, but of course other documents could supplement this arbitrarily; I guess I should look at OpenSSL or something to see how many are actually supported. Concerning "nation-specific algorithms", do you mean that the number of needed symmetric-encryption algorithms could be on the same order as the number of countries in the world? If there's a need to mention how the code-space for symmetric ciphers could be expanded, maybe we should seriously consider allocating 16 bits to this; I just don't have a good handle on the order of magnitude that is plausibly needed. daniel
- [secdir] SECDIR review of draft-ietf-t cpinc-tcpc… Stephen Kent
- Re: [secdir] SECDIR review of draft-ietf-t cpinc-… Daniel B Giffin
- Re: [secdir] SECDIR review of draft-ietf-t cpinc-… Stephen Kent
- Re: [secdir] SECDIR review of draft-ietf-t cpinc-… Daniel B Giffin
- Re: [secdir] SECDIR review of draft-ietf-t cpinc-… Black, David
- Re: [secdir] SECDIR review of draft-ietf-t cpinc-… Stephen Kent