Re: [Tcpcrypt] Initial questions

Derek Fawcus <dfawcus+lists-tcpcrypt@employees.org> Sun, 22 June 2014 13:10 UTC

Return-Path: <dfawcus@employees.org>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63C901B28EB for <tcpcrypt@ietfa.amsl.com>; Sun, 22 Jun 2014 06:10:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.652
X-Spam-Level:
X-Spam-Status: No, score=-2.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wSt7UCA9KK30 for <tcpcrypt@ietfa.amsl.com>; Sun, 22 Jun 2014 06:10:06 -0700 (PDT)
Received: from banjo.employees.org (banjo.employees.org [198.137.202.19]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74A4E1B27A3 for <tcpcrypt@ietf.org>; Sun, 22 Jun 2014 06:10:06 -0700 (PDT)
Received: from banjo.employees.org (localhost [127.0.0.1]) by banjo.employees.org (Postfix) with ESMTP id D1BFA62AC for <tcpcrypt@ietf.org>; Sun, 22 Jun 2014 06:10:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h=date:from :to:subject:message-id:references:mime-version:content-type :in-reply-to; s=selector1; bh=kGEh+IPS5jYSrRr7beX7Y5Wr3sQ=; b=Cv 17lfRBacVGjQqSYeyvaE1PVuvNEOqPeeI7PTlAj3ZH4BxJYeZGtu0nwlzfxJRl6s NBVtQeWdB8sDlLjj//J79akSiZ5W/fVjruBskcebwH8RFIeJO0wLdG2RLDnKtTUC 7CCltmHAEofMWpJk9nUpm6wb8fuMvU7Sp33nXijiA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=date:from :to:subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=selector1; b=d/Ah0L/GVPsk3gxB4TuL9vXnMD/q c7c4VN65y+BFrnsQjuqWMuUtF7kUABzAX3hXK325fOn6tCAOfmzjkcrypIJO1Mjm yEN/ySb3Af6vacdH8FGlpE8W5eeNBeJYE4JbUAWJTspvUkRJ9Pqk3ExdVi6SPNKR +Dwrrx6nVM2eQY0=
Received: by banjo.employees.org (Postfix, from userid 1736) id CBC22625B; Sun, 22 Jun 2014 06:10:05 -0700 (PDT)
Date: Sun, 22 Jun 2014 06:10:05 -0700
From: Derek Fawcus <dfawcus+lists-tcpcrypt@employees.org>
To: tcpcrypt@ietf.org
Message-ID: <20140622131005.GC39625@banjo.employees.org>
References: <CACXcFmmQCgTu6-QLJZdH8Q+ZST97ugoTaUWCUV0S6AWsjvCGfg@mail.gmail.com> <53A2066A.4090802@isi.edu> <53A2BF69.3040001@iang.org> <53A3242E.7020106@isi.edu> <53A32AAA.1060400@iang.org> <53A32D5A.10007@isi.edu> <53A3D122.8030501@iang.org> <53A4B462.7010106@isi.edu> <20140622130657.GB39625@banjo.employees.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20140622130657.GB39625@banjo.employees.org>
User-Agent: Mutt/1.4.2.3i
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/mPvc6_YJfK3zoG_7_PWtLIgO2Kw
Subject: Re: [Tcpcrypt] Initial questions
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Jun 2014 13:10:08 -0000

On Sun, Jun 22, 2014 at 06:06:57AM -0700, Derek Fawcus wrote:
> 
> I don't think the endpoints should negotiate the algorithm,
> if the initiators choice is not supported,  the session is unencryted.
> i.e. avoid round trips to agree/negotiate an algorithm,
> and don't supply a list of choices in the initiation.

Or could one argue that the above is not too dissimilar to simply
having a version field in the tcpcrypt protocol,  and we can
associate a version with any set of crypto algorithms?

.pdf