IETF Logo Mail Archive

Re: [Tcpcrypt] v3 of the charter

marcelo bagnulo braun <marcelo@it.uc3m.es> Wed, 30 April 2014 08:30 UTC

Return-Path: <marcelo@it.uc3m.es>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 438B51A6F1A for <tcpcrypt@ietfa.amsl.com>; Wed, 30 Apr 2014 01:30:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.852
X-Spam-Level:
X-Spam-Status: No, score=-104.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JzR8tX0-DIEK for <tcpcrypt@ietfa.amsl.com>; Wed, 30 Apr 2014 01:30:43 -0700 (PDT)
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.176.131]) by ietfa.amsl.com (Postfix) with ESMTP id DA6B61A0774 for <tcpcrypt@ietf.org>; Wed, 30 Apr 2014 01:30:42 -0700 (PDT)
Received: from smtp01.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id B8EDDCD6A18; Wed, 30 Apr 2014 10:30:40 +0200 (CEST)
X-uc3m-safe: yes
X-uc3m-safe: yes
Received: from dummyhost11.it.uc3m.es (unknown [163.117.139.231]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: marcelo@smtp01.uc3m.es) by smtp01.uc3m.es (Postfix) with ESMTPSA id AC407C32C7E; Wed, 30 Apr 2014 10:30:40 +0200 (CEST)
Message-ID: <5360B4B1.90106@it.uc3m.es>
Date: Wed, 30 Apr 2014 10:30:41 +0200
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: "Eggert, Lars" <lars@netapp.com>
References: <536099A0.30900@it.uc3m.es> <23862F2E-9D56-4651-9202-FC676D15720B@netapp.com>
In-Reply-To: <23862F2E-9D56-4651-9202-FC676D15720B@netapp.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-TM-AS-Product-Ver: IMSS-7.1.0.1224-7.5.0.1017-20664.005
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/9YoNWZt6y5Xr2w38s1LtZBSOXok
Cc: "tcpcrypt@ietf.org" <tcpcrypt@ietf.org>
Subject: Re: [Tcpcrypt] v3 of the charter
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Apr 2014 08:30:53 -0000

El 30/04/14 10:20, Eggert, Lars escribió:
> Hi,
>
> a few comments. This is looking good overall.
>
> On 2014-4-30, at 8:35, marcelo bagnulo braun <marcelo@it.uc3m.es> wrote:
>> TCP Increased Security (TCP Inc.)
> am not in love with the name, but don't want to start a bikeshed.
>
>> This is better than plain-text
>> because it thwarts passive eavesdropping, but is weaker than using
>> authenticated keys, because it is vulnerable to man-in-the-middle attacks.
> Is it desirable to have a model where you're vulnerable to MiM the first time you connect to a server, but not afterwards? (Like what SSH provides in terms of warning when the server key has changed?)

right, i will rephrase it as "vulnerable to mitm attacks during the 
initial unathenticated key exchange"

>> - Deployable and usable without significant changes to existing Internet
>>   infrastructure, in particular it must be compatible with NATs (at the
>>   very minimum with the NATs that comply with BEHAVE requirements as documented
>>   in RFC4787, RFC5382 and RFC5508);
> What does "insignificant" mean here? I don't think we can require any changes to the current infrastructure.
well, there are lost of different boxes out there that do very wierd things.
I dont want people saying "there is a box that does foo and it is 
imcopatible with the proposed solution" and that being a blocking 
argument as per the charter, hence the significant, makes sense?


>> - The protocol must have acceptable performance.  For example, the protocol may
>>   try to re-use existing cryptographic material for future communication between the
>>   same endpoints to avoid expensive public key operations on connection set up.
> There are two aspects to performance that this paragraph mixes together. One is latency, the other processing overhead. Reusing crypto material from previous instances may help with reducing latency overheads. But processing overhead matters, too. Servers wont be able to offload TCP Inc. (at least initially), and clients w/o crypto hardware acceleration of some sort will need to burn cycles (= battery). I don't want to compromise security (or latency) for reducing processing overheads, but we should be mindful of it.

i agree, i am not sure if you want to relfect any of this in the charter 
and how

>> - must allow client to avoid fingerprinting: some clients may want to avoid appearing as the same
>>   client when connecting to a remote peer on subsequent occasions.  This should either
>>   be the default (clients cannot be "fingerprinted" by the server based on shared state)
>>   or some mechanism should be available for clients to drop or ignore shared state to avoid
>>   being fingerprintable any more than would be present for a cleartext session.
> Not sure if this achievable if you can already fingerprint clients based on existing IP and TCP header fields.

right, but see the last part of the last sentence (added by joe) This 
protocol must not do things worse, makes sense?

Regards, marcelo


> As I said, none of these are major.
>
> Lars

v2.23.0 | Report a Bug | By Email