Re: [Tcpcrypt] New version of the charter text
Wesley Eddy <wes@mti-systems.com> Thu, 24 April 2014 12:41 UTC
Return-Path: <wes@mti-systems.com>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8E001A01CD for <tcpcrypt@ietfa.amsl.com>; Thu, 24 Apr 2014 05:41:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yYAXs050n9jm for <tcpcrypt@ietfa.amsl.com>; Thu, 24 Apr 2014 05:41:47 -0700 (PDT)
Received: from atl4mhob07.myregisteredsite.com (atl4mhob07.myregisteredsite.com [209.17.115.45]) by ietfa.amsl.com (Postfix) with ESMTP id CCB921A01B3 for <tcpcrypt@ietf.org>; Thu, 24 Apr 2014 05:41:47 -0700 (PDT)
Received: from mailpod.hostingplatform.com ([10.30.71.210]) by atl4mhob07.myregisteredsite.com (8.14.4/8.14.4) with ESMTP id s3OCfetv025907 for <tcpcrypt@ietf.org>; Thu, 24 Apr 2014 08:41:40 -0400
Received: (qmail 1054 invoked by uid 0); 24 Apr 2014 12:41:40 -0000
X-TCPREMOTEIP: 107.45.66.66
X-Authenticated-UID: wes@mti-systems.com
Received: from unknown (HELO ?192.168.43.65?) (wes@mti-systems.com@107.45.66.66) by 0 with ESMTPA; 24 Apr 2014 12:41:36 -0000
Message-ID: <5359067C.7000306@mti-systems.com>
Date: Thu, 24 Apr 2014 08:41:32 -0400
From: Wesley Eddy <wes@mti-systems.com>
Organization: MTI Systems
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Joe Touch <touch@isi.edu>, tcpcrypt@ietf.org
References: <53576572.5030805@it.uc3m.es> <53589161.4090700@mti-systems.com> <5358A493.8030707@isi.edu>
In-Reply-To: <5358A493.8030707@isi.edu>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/lXNoLoNSsU_0IhZ7Z_hTKI1LOi4
Subject: Re: [Tcpcrypt] New version of the charter text
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Apr 2014 12:41:51 -0000
On 4/24/2014 1:43 AM, Joe Touch wrote: > > > On 4/23/2014 9:21 PM, Wesley Eddy wrote: >> On 4/23/2014 3:02 AM, marcelo bagnulo braun wrote: >>> >>> The TCP Inc. WG will develop the TCP extensions to provide >>> unauthenticated >>> encryption and integrity protection of TCP streams. > ... >> I'm probably just very bad at locating this in all the discussion, but >> I have a sort of fundamental question ... why are we trying to do this >> inside TCP rather than just running TCP over IPsec w/ BTNS (over UDP, >> if NAT is the concern), or over DTLS? > > I'll take a shot, because the reasons are very similar to the reason > TCP-AO is needed vs. IPsec or TLS > > - can easily use per-connection keys, unlike IPsec > IPsec keys would be costly to setup per-connection (e.g., > IKE per connection), and would require pinning both > source and dest ports; TCP has more state > that can make deriving per-connection keys from > IPsec-like aggregate keys feasible and more efficient > (e.g., as was done in TCP-AO) This was the one I thought of too, but wasn't sure if there might be some IKE extensions possible to get a similar effect that might be lower-impact (like done in user-space, and maybe valuable for other flows than just TCP). > - can allow key rollover without TCP impact, unlike IPsec > IPsec key rollover would result in losses that would > impact TCP's congestion control. TCP-AO show show > key rollover can be supported without impacting > TCP, and even using TCP itself to coordinate the > key rollover This part is interesting and I hadn't thought of it; thanks. > I haven't considered the impact of running TCP over DTLS and whether it > could support the above. The overhead would certainly be higher, but > that alone might not be worth creating a new solution. Yeah, and I hesitated to suggest that too, because it winds up looking like an RTCWEB towering Jenga stack of protocols. > However, at a minimum, a TCP-based solution might at least traverse > stateful firewalls in ways that a UDP-based layering might not. > >> I know it's more fun to do it inside TCP, of course, but I wonder a >> little bit whether building a security sub-layer inside TCP (which >> is already hella complex and full of edge cases) is really a good >> idea when there are already a couple of reasonably decent security >> protocols designed to be layered over. > > See TCP-AO. It wasn't sufficient to layer that over IPsec. We didn't > consider a DTLS-based approach at the time because TCP-AO predates DTLS. > But see above for reasons a TCP solution might still be useful. Yes, I know AO just a little since I was co-chair of the working group for it :). At the time AO was done, some of the criticisms of IPsec were captured in: http://tools.ietf.org/html/draft-bellovin-tcpsec-01 I could summarize those as: - no good API for protecting an individual TCP connection - NAT traversal issues - masking fields used for QoS or TE I don't think "TCP in IPsec in UDP" was considered at the time. > I'm also not aware as to whether DTLS has an unauthenticated > (BTNS-style) mode. Nor am I, but adding it (if needed) would *seem to me* simpler than the equivalent TCP modifications, plus be deployable and upgradeable in userland. I'm sure there are dozens of people who know better though. -- Wes Eddy MTI Systems
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text Scharf, Michael (Michael)
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text John-Mark Gurney
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text Tero Kivinen
- Re: [Tcpcrypt] New version of the charter text Wesley Eddy
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text Wesley Eddy
- Re: [Tcpcrypt] New version of the charter text John-Mark Gurney
- Re: [Tcpcrypt] New version of the charter text Wesley Eddy
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text ianG
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text ianG
- Re: [Tcpcrypt] New version of the charter text Tony Arcieri
- Re: [Tcpcrypt] New version of the charter text Stephen Farrell
- Re: [Tcpcrypt] New version of the charter text ianG
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text ianG
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text Tero Kivinen
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text Tero Kivinen