IETF Logo Mail Archive

Re: [Tcpcrypt] Initial questions

Joe Touch <touch@isi.edu> Wed, 18 June 2014 21:37 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 158FD1A0166 for <tcpcrypt@ietfa.amsl.com>; Wed, 18 Jun 2014 14:37:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.851
X-Spam-Level:
X-Spam-Status: No, score=-4.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YcdMkqe8R6ji for <tcpcrypt@ietfa.amsl.com>; Wed, 18 Jun 2014 14:37:20 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8CAC1A010F for <tcpcrypt@ietf.org>; Wed, 18 Jun 2014 14:37:20 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id s5ILag8o013932 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 18 Jun 2014 14:36:42 -0700 (PDT)
Message-ID: <53A2066A.4090802@isi.edu>
Date: Wed, 18 Jun 2014 14:36:42 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Sandy Harris <sandyinchina@gmail.com>, tcpcrypt@ietf.org
References: <CACXcFmmQCgTu6-QLJZdH8Q+ZST97ugoTaUWCUV0S6AWsjvCGfg@mail.gmail.com>
In-Reply-To: <CACXcFmmQCgTu6-QLJZdH8Q+ZST97ugoTaUWCUV0S6AWsjvCGfg@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/MYz1K7YYbySKb5XArr644OMqLLA
Subject: Re: [Tcpcrypt] Initial questions
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jun 2014 21:37:26 -0000

Comments on your other points:

On 6/18/2014 2:15 PM, Sandy Harris wrote:

As to the specific algorithms and how many, we probably all agree that a 
small number of required algorithms is preferable. I think 2 is a good 
upper bound on the MUST algorithms, though.

Algorithm agility just means that the protocol isn't inherently 
dependent on any one algorithm, so that it can be extended in the future 
to support other algorithms - that seems prudent.

...
> Authentication: The draft has:
>
> - must always provide integrity protection of the payload data (it is open for
>    discussion for the WG if the TCP header should or not be protected)

If you don't protect the header, IMO you're not doing TCP security, and 
might as well use TLS.

> - Must gracefully fall-back to TCP if the remote peer does not support the
>    proposed extensions
>
> Aren't there a set of policy questions there?

Gracefully != silently

Gracefully != without regard for policy

I think the intent of the requirement is that graceful fallback needs to 
be supported, but not that it is either silent or the default - 
especially for associations indicated as preferring/requiring TCPCRYPT.

> Another question is whether we could achieve the goals of this group
> with almost no work just by deploying existing stuff.
>
> The now-closed BTNS working group did RFCs 5386 & 5387 on "Better than
> nothing security", which they implemented as an unauthenticated mode
> for IPsec. That sounds much like what we are aiming at. Can we just
> work on getting BTNS deployed, thereby protecting both TCP and other
> protocols?

That's certainly one possibility, but IPsec protection isn't quite the 
same as TCP-level. IPsec won't create new keying material for each TCP 
connection, whereas a TCP-level solution might. IPsec solutions also 
often required tunneling over UDP for NAT traversal, whereas a TCP 
solution might not (e.g., if the TCP header is protected but not encrypted).

> The draft has:
>
> - Must not require any authentication or configuration from
> applications or users. However, hooks for external authentication must
> be made available.
>
> RFC 4322 describes an authentication mechansim for IPsec opportunistic
> encryption using keys stored in DNS. Could we make that the external
> hook and fall back to BTNS if the right record is not found?

It's possible, but TCP currently doesn't consult the DNS directly; 
inserting this dependence in a TCP-layer protocol could introduce 
additional delays.

Joe

v2.23.0 | Report a Bug | By Email