[tcpinc] New TCP-ENO draft released

dm-list-tcpcrypt@scs.stanford.edu Fri, 11 September 2015 14:45 UTC

Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 4CF5F1B4067 for <tcpinc@ietfa.amsl.com>; Fri, 11 Sep 2015 07:45:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.79
X-Spam-Level: *
X-Spam-Status: No, score=1.79 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 7NRQBqHXL6au for <tcpinc@ietfa.amsl.com>; Fri, 11 Sep 2015 07:45:03 -0700 (PDT)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 015DF1B3F2B for <tcpinc@ietf.org>; Fri, 11 Sep 2015 07:45:02 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost.scs.stanford.edu []) by market.scs.stanford.edu (8.14.7/8.14.7) with ESMTP id t8BEj2HP008371 for <tcpinc@ietf.org>; Fri, 11 Sep 2015 07:45:02 -0700 (PDT)
Received: (from dm@localhost) by market.scs.stanford.edu (8.14.7/8.14.7/Submit) id t8BEj22r008532; Fri, 11 Sep 2015 07:45:02 -0700 (PDT)
X-Authentication-Warning: market.scs.stanford.edu: dm set sender to dm-list-tcpcrypt@scs.stanford.edu using -f
From: dm-list-tcpcrypt@scs.stanford.edu
To: tcpinc <tcpinc@ietf.org>
Date: Fri, 11 Sep 2015 07:45:02 -0700
Message-ID: <87wpvxm2vl.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/BAcH5wEyrnzC5jbrBspq8G93UoM>
Subject: [tcpinc] New TCP-ENO draft released
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: David Mazieres expires 2015-12-10 PST <mazieres-ac96tftp9zfhvbdgcygf2d7yf2@temporary-address.scs.stanford.edu>
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Sep 2015 14:45:04 -0000

Hi, everyone.  We've released a new draft of TCP-ENO, available in the
usual place:


In this draft, we've tried to address all of the feedback we received on
the list.  Some suggestions we incorporated directly.  In particular:

 * The requirement for 128-bit security was softened to prohibit
   "substantially less than 128-bit security."

 * The forward secrecy requirement was rephrased to require "forward
   secrecy some bounded, short time after the close of a TCP

 * One of the application-aware settings is now reserved, to avoid
   confusion over two different values.

 * Language was added stating that applications SHOULD treat the session
   ID as a monolithic opaque value.  Other bytes have to be
   computationally indistinguishable from random.

 * The description of simultaneous open was clarified/corrected to
   retransmit the ENO option in case one of the original SYNs is lost.

On other issues, where we couldn't determine consensus on the list, we
added discussion to an Open Issues section, to ensure that we do not
lose track of these issues.  In particular, there are now subsections

 * Simultaneous open design points.
 * Whether there should be multiple and secret session IDs 
 * Whether each suboption should have a length byte

I hope this addresses or at least acknowledges most of the major issues
people have raised on the list.