IETF Logo Mail Archive

Re: [Tcpcrypt] v3 of the charter

Joe Touch <touch@isi.edu> Wed, 30 April 2014 15:28 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 788FF1A6FC8 for <tcpcrypt@ietfa.amsl.com>; Wed, 30 Apr 2014 08:28:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y6WQP4gz7zVr for <tcpcrypt@ietfa.amsl.com>; Wed, 30 Apr 2014 08:28:46 -0700 (PDT)
Received: from darkstar.isi.edu (darkstar.isi.edu [128.9.128.127]) by ietfa.amsl.com (Postfix) with ESMTP id D853C1A091F for <tcpcrypt@ietf.org>; Wed, 30 Apr 2014 08:28:46 -0700 (PDT)
Received: from [192.168.1.93] (pool-71-105-87-112.lsanca.dsl-w.verizon.net [71.105.87.112]) (authenticated bits=0) by darkstar.isi.edu (8.13.8/8.13.8) with ESMTP id s3UFSGG3018873 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 30 Apr 2014 08:28:19 -0700 (PDT)
Message-ID: <53611690.4040008@isi.edu>
Date: Wed, 30 Apr 2014 08:28:16 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: David Mazieres expires 2014-07-29 CEST <mazieres-n37rkn7y8d5xpuk5sgvuvmuzki@temporary-address.scs.stanford.edu>, marcelo bagnulo braun <marcelo@it.uc3m.es>, tcpcrypt@ietf.org
References: <536099A0.30900@it.uc3m.es> <8738gv5e67.fsf@ta.scs.stanford.edu>
In-Reply-To: <8738gv5e67.fsf@ta.scs.stanford.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/CRBExdrlTxzuK5bKXcCmV6zczJk
Subject: Re: [Tcpcrypt] v3 of the charter
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Apr 2014 15:28:51 -0000

On 4/30/2014 3:01 AM, David Mazieres wrote:
> marcelo bagnulo braun <marcelo@it.uc3m.es> writes:
...
> Saying "The protocol must have acceptable performance" is superfluous.
> By definition performance must be acceptable or we won't accept it,
> unless you want to invite a debate on what is and is not acceptable
> performance, which would then bifurcate into setup cost/latency and
> per-byte/packet overhead.
>
> How about, "In order to minimize connection latency, the protocol may
> amortize the cost of public key operations over multiple connections
> between the same pair of hosts."

The protocol may do a lot of things; I don't think we should require 
this, necessarily - for the reason I already posted (configuration 
coordination complexity).

The text Marcelo proposed, IMO, left it open as to whether amortization 
was needed vs. the cost.

...
>> Makes sense. Suggest to express it this way, e.g., "the protocol extension
>> must not increase the possibility for endpoint fingerprinting compared to what
>> is possible already".
>
> seem problematic to me.  The very fact that you are enabling a new TCP
> extension is going to increase the ability to fingerprint (vs. hosts
> that have not deployed TCP Inc. yet).
>
> I think the right thing to do is for the informational RFC to suggest
> APIs allowing hosts to be "virtualized" in some way, so that a single
> physical host actively opening TCP connections through a NAT can appear
> the same as an arbitrary number of hosts, subject to existing TCP
> fingerprinting techniques and the fact that TCP Inc. is installed.  But
> I'm wary of trying to specify that in the charter.

Me too, esp. because that's a completely new capability that hasn't been 
demonstrated for non-secure TCP.

> Would it be possible to drop the requirement in favor of something more
> open-ended to the effect that consideration should be given to the
> anonymity of hosts that change IP addresses or reside behind NATs?

Again, IMO, that's getting too specific. I think the charter as-is is 
enough to proceed with a few possible approaches.

Joe

v2.23.0 | Report a Bug | By Email