Re: [tcpinc] Revised version of TCP-ENO
David Mazieres <dm-list-tcpcrypt@scs.stanford.edu> Fri, 14 August 2015 20:34 UTC
Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D88771A88FA for <tcpinc@ietfa.amsl.com>; Fri, 14 Aug 2015 13:34:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.91
X-Spam-Level:
X-Spam-Status: No, score=-0.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ywr3X1_tT4X0 for <tcpinc@ietfa.amsl.com>; Fri, 14 Aug 2015 13:34:01 -0700 (PDT)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20C2D1A88F9 for <tcpinc@ietf.org>; Fri, 14 Aug 2015 13:34:01 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost.scs.stanford.edu [127.0.0.1]) by market.scs.stanford.edu (8.14.7/8.14.7) with ESMTP id t7EKY0Ts011141; Fri, 14 Aug 2015 13:34:00 -0700 (PDT)
Received: (from dm@localhost) by market.scs.stanford.edu (8.14.7/8.14.7/Submit) id t7EKY0dX015406; Fri, 14 Aug 2015 13:34:00 -0700 (PDT)
X-Authentication-Warning: market.scs.stanford.edu: dm set sender to dm-list-tcpcrypt@scs.stanford.edu using -f
From: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
To: Martin Thomson <martin.thomson@gmail.com>
In-Reply-To: <CABkgnnXu0BpdTxi138BU_GRSGGq+nKgLg2M0nFwJY+fFevayvg@mail.gmail.com>
References: <87pp2vqplu.fsf@ta.scs.stanford.edu> <CAJU8_nXAHhf6dqqs0gUEGz49bG7YUO1qaGwaLm04+vstPTyfWg@mail.gmail.com> <87h9o4rqwz.fsf@ta.scs.stanford.edu> <874mk2kj56.fsf@alice.fifthhorseman.net> <CAJU8_nVcDmCw-0KYviJ5GWZL+-YcCg3wLMJqpkuh=iN8RppA+A@mail.gmail.com> <87y4hej2vf.fsf@alice.fifthhorseman.net> <87egj67sac.fsf@ta.scs.stanford.edu> <87bnea7rr6.fsf@ta.scs.stanford.edu> <CABkgnnUF-byT2MH8mrmZJaMY2PTsspWJ8W3wJmddXdgMqGHCkQ@mail.gmail.com> <87614i7o2l.fsf@ta.scs.stanford.edu> <CABkgnnU8eeX3QV+D_g2XJqWGf9YzUZ1v-eqjg9HsioGJP8-GqQ@mail.gmail.com> <87io8hwznh.fsf@ta.scs.stanford.edu> <CABkgnnXDomgQJSiCTdxETomPB7H+n2DggZ4VX0Q8hpqvoyq=8A@mail.gmail.com> <874mk1wxs5.fsf@ta.scs.stanford.edu> <CABkgnnXo67ZM9Qa0-rHdNty1ewaGnn8G30Fn2WQZh6fh9-0KvA@mail.gmail.com> <87d1ypsoxk.fsf@ta.scs.stanford.edu> <CABkgnnXu0BpdTxi138BU_GRSGGq+nKgLg2M0nFwJY+fFevayvg@mail.gmail.com>
Date: Fri, 14 Aug 2015 13:33:59 -0700
Message-ID: <87io8hfw3s.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/H2K6czQvinMSxwFQVHFZGaTIcwk>
Cc: tcpinc <tcpinc@ietf.org>
Subject: Re: [tcpinc] Revised version of TCP-ENO
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2015 20:34:02 -0000
Martin Thomson <martin.thomson@gmail.com> writes: > On 14 August 2015 at 11:30, <dm-list-tcpcrypt@scs.stanford.edu> wrote: >> Do you think TCP-ENO should specify the >> mechanism or the requirement? > > Perhaps neither. At one level, this need only negotiate what crypto > is in effect. Well, the charter requires TCPINC to have some kind of session ID or other authentication mechanism. If by neither you mean you don't want that mechanism to be part of TCP-ENO, then TCP-ENO won't be very useful. Strip out the session ID and you're mostly left with option kind multiplexing, which could equally well be achieved through some simpler RFC6994-like thing. (The negotiation and aa bits can't be secured without some sort of cross-spec requirements on the session ID.) > At this stage, not knowing what is going to happen where, bundling > things together doesn't help. I don't understand this comment. The whole point of TCP-ENO is to make progress on knowing what is going to happen where, so as to facilitate agreement on the crypto spec itself. ENO can facilitate agreement on a spec because it enables a spec-independent API. Hence, if we standardize TCPINC before TLS 1.3 or large options have been standardized, we haven't given up the ability to leverage those other technologies in the future. Is your objection that this is the wrong goal (because there is no useful spec-agnostic API), or that TCP-ENO fails to meet the goal (because you envision specs unable to accommodate TCP-ENO's session ID requirements), or that there's some better way to try to break the working group deadlock (which I'd be glad to try)? If you don't object to the basic premise of TCP-ENO, it would be helpful if you could provide a specific suggestion for how you would like to see the the draft changed. Additionally, if you can cook up a specific (albeit contrived) example that demonstrates the shortcomings of the existing TCP-ENO draft (maybe with added computational indistinguishability of session IDs in response to list feedback), this would be quite helpful in framing the discussion. Thanks, David
- [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Daniel Kahn Gillmor
- Re: [tcpinc] Revised version of TCP-ENO Daniel Kahn Gillmor
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO Everhart, Craig
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Ted Hardie
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO Daniel B Giffin
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO Stephen Farrell
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO dm-list-tcpcrypt
- Re: [tcpinc] Revised version of TCP-ENO Stephen Farrell
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres