[tcpinc] new drafts of TCP-ENO and tcpcrypt

Daniel B Giffin <dbg@scs.stanford.edu> Wed, 04 October 2017 23:31 UTC

Return-Path: <dbg@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 51F6E13420C; Wed, 4 Oct 2017 16:31:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id xoWlHt2GHBwG; Wed, 4 Oct 2017 16:31:41 -0700 (PDT)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A92A1332E1; Wed, 4 Oct 2017 16:31:41 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost []) by market.scs.stanford.edu (8.15.2/8.15.2) with ESMTP id v94NVfAY046863; Wed, 4 Oct 2017 16:31:41 -0700 (PDT)
Received: (from dbg@localhost) by market.scs.stanford.edu (8.15.2/8.15.2/Submit) id v94NVe0N056164; Wed, 4 Oct 2017 16:31:40 -0700 (PDT)
Date: Wed, 4 Oct 2017 16:31:40 -0700
From: Daniel B Giffin <dbg@scs.stanford.edu>
To: David Mazieres expires 2017-12-29 PST <mazieres-b6y844gfkp899wcr7iwrxxztue@temporary-address.scs.stanford.edu>
Cc: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>, draft-ietf-tcpinc-tcpcrypt.all@ietf.org, tcpinc <tcpinc@ietf.org>
Message-ID: <20171004233140.GB84701@scs.stanford.edu>
References: <D38E22E9-FBB6-40D1-BF85-D5A77F5C2365@kuehlewind.net> <20170830223758.GA73969@scs.stanford.edu> <3a8ac0e0-cd41-57c8-85a4-79c5f179385f@kuehlewind.net> <20170929203434.GA73214@scs.stanford.edu> <D78092B0-4C01-47D6-9B5D-9DB1DA5EFA83@kuehlewind.net> <877ewgrtp8.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <877ewgrtp8.fsf@ta.scs.stanford.edu>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/9yrIUaeavnltBUU3PtM08Gsd5Mg>
Subject: [tcpinc] new drafts of TCP-ENO and tcpcrypt
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Oct 2017 23:31:43 -0000

We've posted new versions of the TCP-ENO and tcpcrypt


The changes address the concerns in recent list discussion,
intending to ready the documents for IETF last call.

The TCP-ENO document now makes no reference to tcpcrypt or
TCP-Use-TLS; that is, it does not specify any values for
those protocols in the "TCP encryption protocol identifiers"
IANA registry.

The changes to the tcpcrypt document are, briefly:

  - remove citation from abstract
  - fix IPR text
  - define PRK, OKM before use
  - "session caching" => "session resumption"
  - the segment with last byte of Init1/Init2 "MUST" set PSH
  - define "abort the connection" with reference to RFC793
  - improve language about non-reuse of session secrets
  - "application frame" => "encryption frame"
  - "ignore frame" => "drop TCP segments"
  - clarify FIN/FINp interaction
  - IANA considerations: specify registry names appropriately
    and add "Reference" columns