IETF Logo Mail Archive

Re: [Tcpcrypt] v3 of the charter

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 30 April 2014 21:38 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AE701A0948 for <tcpcrypt@ietfa.amsl.com>; Wed, 30 Apr 2014 14:38:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_14=0.6] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C5-cy2jRN2Jd for <tcpcrypt@ietfa.amsl.com>; Wed, 30 Apr 2014 14:38:39 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 284C21A08B5 for <tcpcrypt@ietf.org>; Wed, 30 Apr 2014 14:38:39 -0700 (PDT)
Received: from [10.70.10.85] (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 0D1D0F984; Wed, 30 Apr 2014 17:38:36 -0400 (EDT)
Message-ID: <53616D52.3090504@fifthhorseman.net>
Date: Wed, 30 Apr 2014 17:38:26 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.3.0
MIME-Version: 1.0
To: Joe Touch <touch@isi.edu>, "Eggert, Lars" <lars@netapp.com>, Marcelo Bagnulo <marcelo@it.uc3m.es>
References: <536099A0.30900@it.uc3m.es> <23862F2E-9D56-4651-9202-FC676D15720B@netapp.com> <07C2D017-9342-4742-990C-7D3BC795049F@netapp.com> <536157E1.2060202@fifthhorseman.net> <53615A40.9050903@isi.edu> <536165C6.20909@fifthhorseman.net> <536167CC.8010703@isi.edu> <536168FA.2010800@fifthhorseman.net> <53616AD4.6010309@isi.edu>
In-Reply-To: <53616AD4.6010309@isi.edu>
X-Enigmail-Version: 1.6+git0.20140323
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="1QkFGLVSebOnR0PMMf3o564r3Go71efQC"
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/l4VycID6k8K2aY-ZJloJOnh7jR0
Cc: "tcpcrypt@ietf.org" <tcpcrypt@ietf.org>
Subject: Re: [Tcpcrypt] v3 of the charter
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Apr 2014 21:38:40 -0000

On 04/30/2014 05:27 PM, Joe Touch wrote:
> On 4/30/2014 2:19 PM, Daniel Kahn Gillmor wrote:
>> I know they're both clients in this sense; we're discussing
>> fingerprinting.  the charter text makes it clear that we want to be able
>> to avoid fingerprinting for the client, but not the server, since the
>> server presumably has some form of persistent identity, or else the
>> client wouldn't be able to connect to it in the first place.
>>
>> That's the context in which i think we need to see TCP simultaneous open
>> as a server -- i don't think we need to worry about protecting
>> fingerprinting by the peer for either simultaneous open peer, since each
>> peer already has some information about the other.
> 
> It'd be optimal if this wasn't useful for fingerprinting either client
> or server. Even if you know the server's IP and port, that's all you
> ought to know, and all that needs to persist during the lifetime of a
> particular connection.
> 
> So why not just require anti-fingerprinting in general, and not focus on
> who initiated the connection?


If i connect to the same server and port multiple times (or multiple
IP/port pairs, based on e.g. an SRV round-robin), i'm presumably doing
so because i know something about the service i'm trying to contact
already.  This persistence of identity is already in place, simply
because i'm making the same attempted connection; i'm not sure that
non-fingerprintability of services in this way is particularly meaningful.

It sounds like you might also be concerned about the case where a client
opens two connections to <IP Address A,Port P>, and <IP Address B,Port
Q>, which both happen to be operated by the same server; and we want the
server to be able to avoid leaking the information that it is the same
machine operating both services; is that right?

I'd be happy to see that case covered by TCP Inc.  If you think we can
simplify the charter by making it talk about non-fingerprintability of
peers in general and get it to cover this case, and avoid client/server
wording that people find objectionable, that'd be fine with me.


>> (that said, i'm not sure how simultaneous open will work in whatever
>> spec we work out; maybe it turns out we have to be willing to sacrifice
>> simultaneous open in order to use tcp inc?)
> 
> It should revert to conventional TCP and thus support simultaneous open
> in that case.

I think we might be saying the same thing here -- if it turns out that
TCP Inc can't be done with simultaneous open, then you have to sacrifice
one feature or the other.

	--dkg

v2.23.0 | Report a Bug | By Email