IETF Logo Mail Archive

Re: [Tcpcrypt] Initial questions

Joe Touch <touch@isi.edu> Mon, 23 June 2014 01:05 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CECB01B27E1 for <tcpcrypt@ietfa.amsl.com>; Sun, 22 Jun 2014 18:05:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y66S6p9ZYtcB for <tcpcrypt@ietfa.amsl.com>; Sun, 22 Jun 2014 18:05:54 -0700 (PDT)
Received: from darkstar.isi.edu (darkstar.isi.edu [128.9.128.127]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E7C81A0396 for <tcpcrypt@ietf.org>; Sun, 22 Jun 2014 18:05:54 -0700 (PDT)
Received: from [192.168.1.91] (pool-71-105-87-112.lsanca.dsl-w.verizon.net [71.105.87.112]) (authenticated bits=0) by darkstar.isi.edu (8.13.8/8.13.8) with ESMTP id s5N14xKU023516 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Sun, 22 Jun 2014 18:05:04 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
Content-Type: text/plain; charset="us-ascii"
From: Joe Touch <touch@isi.edu>
In-Reply-To: <20140622131005.GC39625@banjo.employees.org>
Date: Sun, 22 Jun 2014 18:05:00 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <567A40D7-67F7-441D-AC37-844DE7B12F37@isi.edu>
References: <CACXcFmmQCgTu6-QLJZdH8Q+ZST97ugoTaUWCUV0S6AWsjvCGfg@mail.gmail.com> <53A2066A.4090802@isi.edu> <53A2BF69.3040001@iang.org> <53A3242E.7020106@isi.edu> <53A32AAA.1060400@iang.org> <53A32D5A.10007@isi.edu> <53A3D122.8030501@iang.org> <53A4B462.7010106@isi.edu> <20140622130657.GB39625@banjo.employees.org> <20140622131005.GC39625@banjo.employees.org>
To: Derek Fawcus <dfawcus+lists-tcpcrypt@employees.org>
X-Mailer: Apple Mail (2.1878.2)
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/TfX_fvcahibuXxUOgwGi0p1f8uA
Cc: tcpcrypt@ietf.org
Subject: Re: [Tcpcrypt] Initial questions
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jun 2014 01:05:56 -0000

On Jun 22, 2014, at 6:10 AM, Derek Fawcus <dfawcus+lists-tcpcrypt@employees.org> wrote:

> On Sun, Jun 22, 2014 at 06:06:57AM -0700, Derek Fawcus wrote:
>> 
>> I don't think the endpoints should negotiate the algorithm,
>> if the initiators choice is not supported,  the session is unencryted.

Even if that's true, there can still be merit to picking from among a set of required algorithms during negotiation.

>> i.e. avoid round trips to agree/negotiate an algorithm,

Whether negotiation takes additional exchanges depends on the mechanism.

>> and don't supply a list of choices in the initiation.

> 
> Or could one argue that the above is not too dissimilar to simply
> having a version field in the tcpcrypt protocol,  and we can
> associate a version with any set of crypto algorithms?

Once it's negotiated, it serves no purpose to continue to indicate it in the header. If parameters need to be renegotiated, that happens during the renegotiation.

Joe

v2.23.0 | Report a Bug | By Email