IETF Logo Mail Archive

Re: [Tcpcrypt] v3 of the charter

Joe Touch <touch@isi.edu> Wed, 30 April 2014 21:55 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AA441A09A3 for <tcpcrypt@ietfa.amsl.com>; Wed, 30 Apr 2014 14:55:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.251
X-Spam-Level:
X-Spam-Status: No, score=-4.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_14=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BKT3pTMw7cBf for <tcpcrypt@ietfa.amsl.com>; Wed, 30 Apr 2014 14:55:02 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by ietfa.amsl.com (Postfix) with ESMTP id 6E5C61A0852 for <tcpcrypt@ietf.org>; Wed, 30 Apr 2014 14:55:02 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id s3ULsPJR003161 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 30 Apr 2014 14:54:25 -0700 (PDT)
Message-ID: <53617111.2060702@isi.edu>
Date: Wed, 30 Apr 2014 14:54:25 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, "Eggert, Lars" <lars@netapp.com>, Marcelo Bagnulo <marcelo@it.uc3m.es>
References: <536099A0.30900@it.uc3m.es> <23862F2E-9D56-4651-9202-FC676D15720B@netapp.com> <07C2D017-9342-4742-990C-7D3BC795049F@netapp.com> <536157E1.2060202@fifthhorseman.net> <53615A40.9050903@isi.edu> <536165C6.20909@fifthhorseman.net> <536167CC.8010703@isi.edu> <536168FA.2010800@fifthhorseman.net> <53616AD4.6010309@isi.edu> <53616D52.3090504@fifthhorseman.net>
In-Reply-To: <53616D52.3090504@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/SqetW2-F8ibO2cY2xARtkJJcYzM
Cc: "tcpcrypt@ietf.org" <tcpcrypt@ietf.org>
Subject: Re: [Tcpcrypt] v3 of the charter
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Apr 2014 21:55:07 -0000

On 4/30/2014 2:38 PM, Daniel Kahn Gillmor wrote:
> On 04/30/2014 05:27 PM, Joe Touch wrote:
>> On 4/30/2014 2:19 PM, Daniel Kahn Gillmor wrote:
>>> I know they're both clients in this sense; we're discussing
>>> fingerprinting.  the charter text makes it clear that we want to be able
>>> to avoid fingerprinting for the client, but not the server, since the
>>> server presumably has some form of persistent identity, or else the
>>> client wouldn't be able to connect to it in the first place.
>>>
>>> That's the context in which i think we need to see TCP simultaneous open
>>> as a server -- i don't think we need to worry about protecting
>>> fingerprinting by the peer for either simultaneous open peer, since each
>>> peer already has some information about the other.
>>
>> It'd be optimal if this wasn't useful for fingerprinting either client
>> or server. Even if you know the server's IP and port, that's all you
>> ought to know, and all that needs to persist during the lifetime of a
>> particular connection.
>>
>> So why not just require anti-fingerprinting in general, and not focus on
>> who initiated the connection?
>
> If i connect to the same server and port multiple times (or multiple
> IP/port pairs, based on e.g. an SRV round-robin), i'm presumably doing
> so because i know something about the service i'm trying to contact
> already.

Maybe. However, what you think of as a single host might be implemented 
as a set, e.g., for performance reasons.

 > This persistence of identity is already in place, simply
> because i'm making the same attempted connection; i'm not sure that
> non-fingerprintability of services in this way is particularly meaningful.

I think of a fingerprint as providing more information than an address 
and port - something that persists even when multiple hosts share the 
same address and port.

> It sounds like you might also be concerned about the case where a client
> opens two connections to <IP Address A,Port P>, and <IP Address B,Port
> Q>, which both happen to be operated by the same server; and we want the
> server to be able to avoid leaking the information that it is the same
> machine operating both services; is that right?

I don't know what everyone else is thinking of here.

IMO, fingerprinting is:

a) identifying a host
	e.g., in ways that let me differentiate different hosts used
	for load-balancing, even when they share the same addr and port

b) providing more info about a host
	e.g., when you can tell me that it's running Linux vs Windows,
	or which version, etc.

IMO, we should avoid both deliberate and accidental fingerprinting.

> I'd be happy to see that case covered by TCP Inc.  If you think we can
> simplify the charter by making it talk about non-fingerprintability of
> peers in general and get it to cover this case, and avoid client/server
> wording that people find objectionable, that'd be fine with me.

See above. I don't think fingerprinting has anything to do with 
addresses or ports.

Joe

v2.23.0 | Report a Bug | By Email