Re: [Taps] Review of draft-ietf-taps-transport-security-10
Kyle Rose <krose@krose.org> Sun, 01 December 2019 14:25 UTC
Return-Path: <krose@krose.org>
X-Original-To: taps@ietfa.amsl.com
Delivered-To: taps@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1002312008C for <taps@ietfa.amsl.com>; Sun, 1 Dec 2019 06:25:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fMZSFSCTTbJY for <taps@ietfa.amsl.com>; Sun, 1 Dec 2019 06:25:17 -0800 (PST)
Received: from mail-yw1-xc2c.google.com (mail-yw1-xc2c.google.com [IPv6:2607:f8b0:4864:20::c2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70007120089 for <taps@ietf.org>; Sun, 1 Dec 2019 06:25:17 -0800 (PST)
Received: by mail-yw1-xc2c.google.com with SMTP id w11so6340400ywj.9 for <taps@ietf.org>; Sun, 01 Dec 2019 06:25:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=twjefsJlg4npD3uk93vGY8CMb3S96HIeVb4JZxdO+V0=; b=hCKciDC6qG8Z6527hQ911WzKcxcQDJRa8+rFN4O8/4eKgjgop15aPilOBKz0P1bjJY 8pIfFmRxqKjUgSnVq8UtqGAm8yUH8Zsul+v3mpBJfJLwt5zmLRLvtfqq0U3gmuGgDEsN Kq6T5/BRh0sguNREgN07kwDLunevpP94kDay0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=twjefsJlg4npD3uk93vGY8CMb3S96HIeVb4JZxdO+V0=; b=Hgvc5LtXovWpK0fvKVrtWaJ2WeIH3UV9DSvBoWAlPqPm1+0IKFivxXAZCu3CkjRhkL SblBe7m9g62NtU0oL77mEq1lgtVZvjoOClumC6TD2Ro2Oqjw0YcOTHMvnzEmKbNyBXsJ zRmAOQSi1TeZyiK8hUPYmZfZ/GU1+P9UjKFeOIRhy83Cws/dRPBVP/leyMQTw1zAIC9H crc/lkSj/Jq2Z0Q9tiZwbUa1c+DF9luAMyg76QgD6IW2pVX5q8n0ahTdHQ46v9AjH7ti BdWtiDOpFvaFD9qU1N757P497yqxg2PwFAcdy/YfX8n9CytZ1nBKlC1Dhy0dENh9MOhK 8QlA==
X-Gm-Message-State: APjAAAUbVpY+y+fgYwiT07ZmbT3prKNNWZp95LmEszA6KSjN6CJa7Q8G c5XMej37yDcmCEzWl0zb3BGnaPOTWmlPZhyOJ6sv19JcPqY=
X-Google-Smtp-Source: APXvYqw2o6Ix8TebZU4FIft+zjQQF34KRGIWve3Dt005sMK9yGAuQsr1MImb36GCEY+XBO9wYyp0mFkA7VZvhmjMcCE=
X-Received: by 2002:a81:5209:: with SMTP id g9mr2649421ywb.156.1575210316056; Sun, 01 Dec 2019 06:25:16 -0800 (PST)
MIME-Version: 1.0
References: <CABcZeBNJCr4cs=Os8sVG6bzk10_8UbdMzYDW7m8Nd8sJKWiYbg@mail.gmail.com>
In-Reply-To: <CABcZeBNJCr4cs=Os8sVG6bzk10_8UbdMzYDW7m8Nd8sJKWiYbg@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
Date: Sun, 01 Dec 2019 22:25:05 +0800
Message-ID: <CAJU8_nWVCABXvEO1ypM_fn7J+z-Muy8DJZe0xcy++yM3FXc9RQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: taps WG <taps@ietf.org>, draft-ietf-taps-transport-security.all@ietf.org
Content-Type: multipart/alternative; boundary="00000000000055dea20598a53b3a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/taps/9WOWn4dQV8a5P-jSMxm8e3JbmEQ>
Subject: Re: [Taps] Review of draft-ietf-taps-transport-security-10
X-BeenThere: taps@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IETF Transport Services \(TAPS\) Working Group" <taps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/taps>, <mailto:taps-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/taps/>
List-Post: <mailto:taps@ietf.org>
List-Help: <mailto:taps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/taps>, <mailto:taps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Dec 2019 14:25:20 -0000
On Sun, Dec 1, 2019 at 8:42 AM Eric Rescorla <ekr@rtfm.com> wrote: > Document: draft-ietf-taps-transport-security-10.txt > > This document is much improved. I appreciate you removing all the fine > detail of each transport protocol. > Noted. Just to be clear, the modifications to the most recent version of the draft were made primarily to eliminate the impression that we were trying to "race" security protocols under the assumption that they are somehow equivalent or even abstractable, which we know isn't the case. The main goal of incorporating security into TAPS is primarily to provide a modern, consistent, portable interface to the extent possible, not to provide a developer with the illusion of security simply by flipping a switch. > Part of this can be fixed by just > saying something like this and including DTLS in a few other places > in the doc, but in general, the world is just complicated and so > taxonomies are difficult. > Agreed (a good example being the OSI layer abstraction, which we run into here and which fails miserably in many common cases), but---under the assumption that the problem TAPS is trying to solve is a useful one---a simplified taxonomy motivating an interface that can accommodate the vast majority of use cases for our target community is a prerequisite. > S 3.3.5. > CurveCP [CurveCP] is a UDP-based transport security protocol from > Daniel J. Bernstein. Unlike other security protocols, it is based > entirely upon highly efficient public key algorithms. This removes > many pitfalls associated with nonce reuse and key synchronization. > > This text is going to be confusing to people. Not to say that CurveCP > is bad, and the primitives it uses *are* fast, but they're not any > faster than those used by TLS, QUIC, or tcpcrypt. I think the > consensus here is that it's not currently practical to have a general > purpose transport protocol that doesn't do key establishment and then > use symmetric keys. (This is the same reason why we weren't able > to use public key encryption for QUIC CID encryption). > Good point. We could discuss the tradeoff between performance and security that DJB was trying to achieve, but that is probably out-of-scope for this document, so we should stick to a value-free description (e.g., "based entirely on public key algorithms") and let it go with that. > o tcpcrypt > > This doesn't seem quite right, as tcpcrypt is run prior to the TCP > reassembly algorithms. > If I'm reading you correctly, this is not right. For compatibility with middleboxes, tcpcrypt runs within the TCP bytestream, just like TLS, and requires reassembly before the tcpcrypt TLV record layer can be parsed. > 5.1. Pre-Connection Interfaces > > Configuration interfaces are used to configure the security protocols > before a handshake begins or the keys are negotiated. > > This presentation seems pretty hard to follow, in that it's a lot of > work to figure out which in the long list of protocols doesn't have > this property. Maybe a summary table would help? > > Also, I'm not sure you want to omit tcpcrypt here, in that it does > have a way to do external authentication by exporting a session ID. > ... > tcpcrypt (and I believe ZRTP) both have session caches. > Good call(s). Kyle
- [Taps] Review of draft-ietf-taps-transport-securi… Eric Rescorla
- Re: [Taps] Review of draft-ietf-taps-transport-se… Kyle Rose
- Re: [Taps] Review of draft-ietf-taps-transport-se… Magnus Westerlund