Re: [Tcpcrypt] New version of the charter text

[Wesley Eddy <wes@mti-systems.com>]

On 4/23/2014 3:02 AM, marcelo bagnulo braun wrote:
> 
> The TCP Inc. WG will develop the TCP extensions to provide unauthenticated
> encryption and integrity protection of TCP streams. The WG will define the
> TCP extensions to perform an unauthenticated key exchange resulting in
> encryption
> without authentication.  This is better than plain-text because it thwarts
> passive eavesdropping, but is weaker than using authenticated keys,
> because it
> is vulnerable to man-in-the-middle attacks.  This work is part of the IETF
> effort to harness the Internet architecture given the latest events of
> pervasive
> monitoring (see draft-farrell-perpass-attack).
> 


I'm probably just very bad at locating this in all the discussion, but
I have a sort of fundamental question ... why are we trying to do this
inside TCP rather than just running TCP over IPsec w/ BTNS (over UDP,
if NAT is the concern), or over DTLS?

I know it's more fun to do it inside TCP, of course, but I wonder a
little bit whether building a security sub-layer inside TCP (which
is already hella complex and full of edge cases) is really a good
idea when there are already a couple of reasonably decent security
protocols designed to be layered over.

Sorry for such a silly question, but it seems like it will come up
during chartering and should be clearly motivated, as reading the
requirements later on in the draft charter, it looks like you could
cook up something with BTNS or DTLS under normal TCP to do all that,
and it would protect the SYNs (which Joe mentioned is a challenge
for TCP-based approaches).

I think the charter should speak to this, at least very briefly.

-- 
Wes Eddy
MTI Systems