IETF Logo Mail Archive

Re: [Tcpcrypt] v3 of the charter

David Mazieres <dm-list-tcpcrypt@scs.stanford.edu> Wed, 30 April 2014 10:02 UTC

Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A2271A08B6 for <tcpcrypt@ietfa.amsl.com>; Wed, 30 Apr 2014 03:02:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.851
X-Spam-Level:
X-Spam-Status: No, score=-3.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KnXTw9fhiSon for <tcpcrypt@ietfa.amsl.com>; Wed, 30 Apr 2014 03:01:53 -0700 (PDT)
Received: from market.scs.stanford.edu (market.scs.stanford.edu [171.66.3.10]) by ietfa.amsl.com (Postfix) with ESMTP id 7AD6D1A08B5 for <tcpcrypt@ietf.org>; Wed, 30 Apr 2014 03:01:43 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost.scs.stanford.edu [127.0.0.1]) by market.scs.stanford.edu (8.14.7/8.14.7) with ESMTP id s3UA1gNZ022253; Wed, 30 Apr 2014 03:01:42 -0700 (PDT)
Received: (from dm@localhost) by market.scs.stanford.edu (8.14.7/8.14.7/Submit) id s3UA1f8P023227; Wed, 30 Apr 2014 03:01:41 -0700 (PDT)
X-Authentication-Warning: market.scs.stanford.edu: dm set sender to dm-list-tcpcrypt@scs.stanford.edu using -f
From: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
To: marcelo bagnulo braun <marcelo@it.uc3m.es>, tcpcrypt@ietf.org
In-Reply-To: <536099A0.30900@it.uc3m.es>
References: <536099A0.30900@it.uc3m.es>
Date: Wed, 30 Apr 2014 12:01:36 +0200
Message-ID: <8738gv5e67.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/Ksa3-NCI_DexaSKGivr_fGVovbc
Subject: Re: [Tcpcrypt] v3 of the charter
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: David Mazieres expires 2014-07-29 CEST <mazieres-n37rkn7y8d5xpuk5sgvuvmuzki@temporary-address.scs.stanford.edu>
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Apr 2014 10:02:05 -0000

marcelo bagnulo braun <marcelo@it.uc3m.es> writes:

> I have tried to incorporate the comments received. This resulted in 
> quite a bit of changes, so, i would appreciate feedback (for example, 
> feedback like "the charter looks great and is ready to go" would be 
> nice, but if you have other feedback it will be welcome as well).

At a high level, this is looking pretty good (modulo weird line breaks
that make it hard to read).

There are just a couple of places where I think the charter is
over-specifying things that might not be problems or that we might not
understand, and this could potentially cause problems down the line.

> - The protocol must have acceptable performance.  For example, the
> protocol may try to re-use existing cryptographic material for future
> communication between the same endpoints to avoid expensive public key
> operations on connection set up.

Saying "The protocol must have acceptable performance" is superfluous.
By definition performance must be acceptable or we won't accept it,
unless you want to invite a debate on what is and is not acceptable
performance, which would then bifurcate into setup cost/latency and
per-byte/packet overhead.

How about, "In order to minimize connection latency, the protocol may
amortize the cost of public key operations over multiple connections
between the same pair of hosts."

> - must allow client to avoid fingerprinting: some clients may want to
> avoid appearing as the same client when connecting to a remote peer on
> subsequent occasions.  This should either be the default (clients
> cannot be "fingerprinted" by the server based on shared state) or some
> mechanism should be available for clients to drop or ignore shared
> state to avoid being fingerprintable any more than would be present
> for a cleartext session.

Both your text above, and the following suggestion by Lars:

> Makes sense. Suggest to express it this way, e.g., "the protocol extension
> must not increase the possibility for endpoint fingerprinting compared to what
> is possible already".

seem problematic to me.  The very fact that you are enabling a new TCP
extension is going to increase the ability to fingerprint (vs. hosts
that have not deployed TCP Inc. yet).

I think the right thing to do is for the informational RFC to suggest
APIs allowing hosts to be "virtualized" in some way, so that a single
physical host actively opening TCP connections through a NAT can appear
the same as an arbitrary number of hosts, subject to existing TCP
fingerprinting techniques and the fact that TCP Inc. is installed.  But
I'm wary of trying to specify that in the charter.

Would it be possible to drop the requirement in favor of something more
open-ended to the effect that consideration should be given to the
anonymity of hosts that change IP addresses or reside behind NATs?

David

v2.23.0 | Report a Bug | By Email