Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01

Watson Ladd <> Mon, 24 August 2015 02:40 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1FC801B3051 for <>; Sun, 23 Aug 2015 19:40:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id BBGGB6GhhhkW for <>; Sun, 23 Aug 2015 19:40:38 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8DC5F1B304A for <>; Sun, 23 Aug 2015 19:40:38 -0700 (PDT)
Received: by wicja10 with SMTP id ja10so59237954wic.1 for <>; Sun, 23 Aug 2015 19:40:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kdTp7ctgkDCYRsW9eCNgW2EkCHhjYmG3Ub00yJXqvk0=; b=U27nJh+vxqdXeBvGfx5jhHH7WJPRfgm6bys20vpehcz4bZ/nYQk+WCp7ys6v10iAwp 4bY+l0INOsT1cdWFHc4EZKEZ7nyPvTW0LKzpxoWH+OuuKsSQAiELceupZtf17NvAaXne 8lFDcPutZUPNXIp4IefowZCJ4I4Hptb68ptQsp9fvQFvpbbE6JUpsJAn+DvLyGf1Yygc rHnerVScdEn+dtWBNvO4b+A/4nLNTjW0NV0tzMQ22vyzx1l/jphl/OOFtC5dz8SPc09z 4v7FhJd7m4Papmc9hjaLDNCZcG+pNdW7GNxrjUO0hX8WuVbnH7kW5xCtHxtPveDOS8Bn fPLw==
MIME-Version: 1.0
X-Received: by with SMTP id r10mr24642928wix.18.1440384037197; Sun, 23 Aug 2015 19:40:37 -0700 (PDT)
Received: by with HTTP; Sun, 23 Aug 2015 19:40:37 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <>
Date: Sun, 23 Aug 2015 19:40:37 -0700
Message-ID: <>
From: Watson Ladd <>
To: David Mazieres expires 2015-11-21 PST <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Cc: tcpinc <>
Subject: Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 24 Aug 2015 02:40:40 -0000

On Sun, Aug 23, 2015 at 7:28 PM, David Mazieres
<> wrote:
> Watson Ladd <> writes:
>> Suppose everyone behaves the way you suggest. How unhappy are they
>> with using X or Y? Clearly not very much: they were willing to use it
>> if the other side didn't want their preference.
> Actually, people have *very* strong opinions about crypto and are
> willing to lobby pretty hard for particular algorithms and protocols.
> We should ensure such lobbying is directed towards OS vendors *after*
> TCP-ENO is standardized, not towards the working group beforehand (where
> it will further slow us down undermine TCP-ENO's goal of breaking the
> working group deadlock).

Who are people? Certainly not the people willing to use the
alternative algorithm if they have to. The problem is with the
existence of sites where only one algorithm must be used, and the OS
is configured accordingly.
>> The result of wanting to support every possible combination of
>> preferences and admin interface is having dead options linger forever
>> as the sysadmins keep copypasta in config files alive forever. I'd
>> rather order my crypto from McSorley's.
> The fact that we have way too many encryption options floating around
> does not mean all ciphersuites can be strictly ordered by security, for
> the simple reason that nobody can predict the future.  Cryptanalysis may
> alter the relative security of different algorithms at any time.  Or
> some NIST scandal might erupt casting doubt on the design methodology of
> P-512 compared to the nominally weaker Curve25519.  At such points, OS
> vendors need the ability to re-prioritize cipher suites without breaking
> backwards compatibility.

Am I proposing a fixed, static ordering? No. I'm proposing that in
response to cryptanalysis we have a functional migration plan, and the
negotiation mechanism to support it. We start with version 1, when
that becomes untenable move to version 2. This has eliminated SSHv1
from the Internet. The alternative plan has never eliminated any
cipher completely.

> David

"Man is born free, but everywhere he is in chains".