IETF Logo Mail Archive

Re: [Tcpcrypt] New version of the charter text

Joe Touch <touch@isi.edu> Thu, 24 April 2014 05:44 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D0CE1A07A8 for <tcpcrypt@ietfa.amsl.com>; Wed, 23 Apr 2014 22:44:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.472
X-Spam-Level:
X-Spam-Status: No, score=-4.472 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vL-xqyxVlJEV for <tcpcrypt@ietfa.amsl.com>; Wed, 23 Apr 2014 22:44:31 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by ietfa.amsl.com (Postfix) with ESMTP id 22DB71A0794 for <tcpcrypt@ietf.org>; Wed, 23 Apr 2014 22:44:31 -0700 (PDT)
Received: from [192.168.1.93] (pool-71-105-87-112.lsanca.dsl-w.verizon.net [71.105.87.112]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id s3O5hg81006822 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 23 Apr 2014 22:43:52 -0700 (PDT)
Message-ID: <5358A493.8030707@isi.edu>
Date: Wed, 23 Apr 2014 22:43:47 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Wesley Eddy <wes@mti-systems.com>, tcpcrypt@ietf.org
References: <53576572.5030805@it.uc3m.es> <53589161.4090700@mti-systems.com>
In-Reply-To: <53589161.4090700@mti-systems.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/uiPHEVfETf-qLkilwH6p498PT3o
Subject: Re: [Tcpcrypt] New version of the charter text
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Apr 2014 05:44:32 -0000

On 4/23/2014 9:21 PM, Wesley Eddy wrote:
> On 4/23/2014 3:02 AM, marcelo bagnulo braun wrote:
>>
>> The TCP Inc. WG will develop the TCP extensions to provide unauthenticated
>> encryption and integrity protection of TCP streams.
...
> I'm probably just very bad at locating this in all the discussion, but
> I have a sort of fundamental question ... why are we trying to do this
> inside TCP rather than just running TCP over IPsec w/ BTNS (over UDP,
> if NAT is the concern), or over DTLS?

I'll take a shot, because the reasons are very similar to the reason 
TCP-AO is needed vs. IPsec or TLS

- can easily use per-connection keys, unlike IPsec
	IPsec keys would be costly to setup per-connection (e.g.,
	IKE per connection), and would require pinning both
	source and dest ports; TCP has more state
	that can make deriving per-connection keys from
	IPsec-like aggregate keys feasible and more efficient
	(e.g., as was done in TCP-AO)

- can allow key rollover without TCP impact, unlike IPsec
	IPsec key rollover would result in losses that would
	impact TCP's congestion control. TCP-AO show show
	key rollover can be supported without impacting
	TCP, and even using TCP itself to coordinate the
	key rollover

I haven't considered the impact of running TCP over DTLS and whether it 
could support the above. The overhead would certainly be higher, but 
that alone might not be worth creating a new solution.

However, at a minimum, a TCP-based solution might at least traverse 
stateful firewalls in ways that a UDP-based layering might not.

> I know it's more fun to do it inside TCP, of course, but I wonder a
> little bit whether building a security sub-layer inside TCP (which
> is already hella complex and full of edge cases) is really a good
> idea when there are already a couple of reasonably decent security
> protocols designed to be layered over.

See TCP-AO. It wasn't sufficient to layer that over IPsec. We didn't 
consider a DTLS-based approach at the time because TCP-AO predates DTLS. 
But see above for reasons a TCP solution might still be useful.

I'm also not aware as to whether DTLS has an unauthenticated 
(BTNS-style) mode.

> Sorry for such a silly question, but it seems like it will come up
> during chartering and should be clearly motivated, as reading the
> requirements later on in the draft charter, it looks like you could
> cook up something with BTNS or DTLS under normal TCP to do all that,
> and it would protect the SYNs (which Joe mentioned is a challenge
> for TCP-based approaches).
>
> I think the charter should speak to this, at least very briefly.

I agree.

Joe

v2.23.0 | Report a Bug | By Email