Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01

David Mazieres <> Wed, 26 August 2015 21:04 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id EDD111B318E for <>; Wed, 26 Aug 2015 14:04:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.61
X-Spam-Status: No, score=-0.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1uxsen-BAqij for <>; Wed, 26 Aug 2015 14:04:41 -0700 (PDT)
Received: from ( [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 534AF1B3181 for <>; Wed, 26 Aug 2015 14:04:41 -0700 (PDT)
Received: from ( []) by (8.14.7/8.14.7) with ESMTP id t7QL4W0f029303; Wed, 26 Aug 2015 14:04:32 -0700 (PDT)
Received: (from dm@localhost) by (8.14.7/8.14.7/Submit) id t7QL4VqE018193; Wed, 26 Aug 2015 14:04:31 -0700 (PDT)
X-Authentication-Warning: dm set sender to using -f
From: David Mazieres <>
To: Stephen Farrell <>, Mirja Kühl ewind <>,
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
Date: Wed, 26 Aug 2015 14:04:31 -0700
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <>
Subject: Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: David Mazieres expires 2015-11-24 PST <>
List-Id: "Discussion list for adding encryption to TCP." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 26 Aug 2015 21:04:42 -0000

Stephen Farrell <> writes:

> Until the WG have selected between tcpcrypt and tcp-use-tls
> I don't think it makes any sense for tcp-eno to delve into
> ciphersuite or cryptographic algorithm details.

Okay, but I just want to clarify one thing:  We should separate TCP-ENO,
the draft, from my (possibly ill-advised) ramblings on this mailing
list, even though I'm an author of TCP-ENO.

TCP-ENO provides negotiation in the abstract.  That could be used to
negotiate between TCPINC v1 and v2, or TLS v1.3 and v2.0, or someday
TCPINC with and without large option/dedicate middlebox support, or
anything else.  ENO could also be used to negotiate between TCPINC with
one cipher suite and TCPINC with another cipher suite, *if TCPINC itself
does not negotiate cipher suites* (which means it's not TLS).  We can
debate whether or not the latter use of TCP-ENO is a good idea, but that
probably won't be a particularly useful debate at this point.

If the WG adopts TCP-ENO and TLS, I don't think anybody believes ENO
should specify cipher suites.  Rather, it should negotiate how to embed
TLS into TCP (especially if TCPM does something we can take advantage
of) or maybe what version of TLS to use (in the event that something
about TCP-use-TLS could benefit from a significant rearchitecting to
take advantage of TLS 2.0).