IETF Logo Mail Archive

Re: [tcpinc] Revised version of TCP-ENO

Kyle Rose <krose@krose.org> Thu, 13 August 2015 21:05 UTC

Return-Path: <krose@krose.org>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3536A1B3B0B for <tcpinc@ietfa.amsl.com>; Thu, 13 Aug 2015 14:05:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HCjTUnfxDony for <tcpinc@ietfa.amsl.com>; Thu, 13 Aug 2015 14:05:39 -0700 (PDT)
Received: from mail-ig0-x233.google.com (mail-ig0-x233.google.com [IPv6:2607:f8b0:4001:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A6381B3AFD for <tcpinc@ietf.org>; Thu, 13 Aug 2015 14:05:39 -0700 (PDT)
Received: by igfj19 with SMTP id j19so8421190igf.0 for <tcpinc@ietf.org>; Thu, 13 Aug 2015 14:05:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=snpOCKTPR0fHu05zIS9OGqOQvX0d8hax9UFeXOWWSFE=; b=I0doNw2MCuhifeOUx36Nbmlk+9ebJm5SZ4OojRBzeCP6h0pnbTW6CwhOjpURwC7coM iEjnJxEOUibVaOIkYzjjf/1N/4Z1Evl7CiZmt/I6yOyjwb9hTpRrQHwoK1lyqUW23rgU iB1haf1+cZOBmC5GpjkiCIuhZqB8HXwNbu57I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=snpOCKTPR0fHu05zIS9OGqOQvX0d8hax9UFeXOWWSFE=; b=SWZmM1tIJY4qw2gXWBP7eZs1S8w0pBUs4xYhlo43qykiIx9WLAqw0EXkBdcjyVwB20 3ASby65EiiNjwY4DhW5bwVuxsiKRmQ49nbVluD8oDky6nbMfWJRMs0tzUxoPb7isUTim wYSziiIjpyjPEvVazTBaWFfH1+AyPPpj29R/Jk66DcgaewCiJGpJFkBgLLLQycCAa/K0 OY7VKIOCMLHDJzT6Jscjq0UbEF7Vod++DYI5uN1xkT5epL3iHNcf1TuXOVTx8gkuTU+E QaPAh39K7XlvOB10BYqN29V6BlB0OKdNnclM4nFtNBoXOSXf7/4mT9rg3p4jixfUnMGr 5//Q==
X-Gm-Message-State: ALoCoQnac69iqKnRgltmps/RNfw0D/KOq1I644mWZPZ9lnYoOez3hcOUx9A43d4lyfDfcYae4q00
MIME-Version: 1.0
X-Received: by 10.50.143.43 with SMTP id sb11mr32072567igb.69.1439499938450; Thu, 13 Aug 2015 14:05:38 -0700 (PDT)
Received: by 10.79.31.197 with HTTP; Thu, 13 Aug 2015 14:05:38 -0700 (PDT)
X-Originating-IP: [72.246.0.14]
In-Reply-To: <874mk2kj56.fsf@alice.fifthhorseman.net>
References: <87pp2vqplu.fsf@ta.scs.stanford.edu> <CAJU8_nXAHhf6dqqs0gUEGz49bG7YUO1qaGwaLm04+vstPTyfWg@mail.gmail.com> <87h9o4rqwz.fsf@ta.scs.stanford.edu> <874mk2kj56.fsf@alice.fifthhorseman.net>
Date: Thu, 13 Aug 2015 17:05:38 -0400
Message-ID: <CAJU8_nVcDmCw-0KYviJ5GWZL+-YcCg3wLMJqpkuh=iN8RppA+A@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/4PRoDfkihzVKZEbc6dAVonxeHKg>
Cc: tcpinc@ietf.org, David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
Subject: Re: [tcpinc] Revised version of TCP-ENO
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2015 21:05:40 -0000

> We almost certainly want endpoints/applications to treat the session ID
> as sensitive information -- leaked knowledge of the session ID would
> allow someone to impersonate the other party if any authentication was
> bootstrapped off of the session ID.
>
> The point of the text David highlights above is to ensure that an
> endpoint/application can't learn anything about the cryptographic
> secrets through the session ID interface -- that is, it defends the
> cryptographic layer from breakage by the client.  But we shouldn't
> encourage clients to break the layer that is accessible to them (the
> session ID) by publishing their data either.

This can't be the case if, for instance, the session IDs are signed in
batches as proposed in the tcpcrypt paper.

The session ID is a channel binding identifier, not a cryptographic
secret. Woe betide anyone who bootstraps authentication outside of the
context of the encrypted session using a session ID it had seen
sometime in the past under the assumption it was secret.

This is why I like the original wording of "public", because it
clearly implies you can throw one around at will as its knowledge will
do no good to anyone not in control of one of the endpoints of the
connection.

David, I'll hopefully address the rest of your reply tonight, when I
have some free cycles.

Kyle

v2.23.0 | Report a Bug | By Email