Re: [tcpinc] Revised version of TCP-ENO
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 14 August 2015 11:51 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 243B91ACDFA for <tcpinc@ietfa.amsl.com>; Fri, 14 Aug 2015 04:51:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KpfIQ349l9jg for <tcpinc@ietfa.amsl.com>; Fri, 14 Aug 2015 04:51:27 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE2431ACDEB for <tcpinc@ietf.org>; Fri, 14 Aug 2015 04:51:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2FD52BED4; Fri, 14 Aug 2015 12:51:25 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iPFYo6DQV0o3; Fri, 14 Aug 2015 12:51:25 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id EF33CBE47; Fri, 14 Aug 2015 12:51:24 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1439553085; bh=DZ310lAn6mdKdVfraA96Inm2X84xFtQlDlJlZcQYxCs=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=zv321oXPhTFVvlV5w45SO80mCAsqc6B9PQwUwnyYnZXql7rDjpZjJnEbPmgfICQuS VOprOnA92qFuJEK79v5YyxjAEHXlWjHi+jodlsDkSp1+OGtYf21/aAhO0FyQbRsHy0 S2rw4IL5yUHlaLa4oh+NglZyctXHLHa8h6FNvSB4=
Message-ID: <55CDD63C.7060404@cs.tcd.ie>
Date: Fri, 14 Aug 2015 12:51:24 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Kyle Rose <krose@krose.org>
References: <87pp2vqplu.fsf@ta.scs.stanford.edu> <CAJU8_nXAHhf6dqqs0gUEGz49bG7YUO1qaGwaLm04+vstPTyfWg@mail.gmail.com> <87h9o4rqwz.fsf@ta.scs.stanford.edu> <874mk2kj56.fsf@alice.fifthhorseman.net> <CAJU8_nVcDmCw-0KYviJ5GWZL+-YcCg3wLMJqpkuh=iN8RppA+A@mail.gmail.com> <87y4hej2vf.fsf@alice.fifthhorseman.net> <87egj67sac.fsf@ta.scs.stanford.edu>
In-Reply-To: <87egj67sac.fsf@ta.scs.stanford.edu>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/Hg96OiRWqRDLFnTJ_KBdyPU0f_g>
Cc: tcpinc@ietf.org
Subject: Re: [tcpinc] Revised version of TCP-ENO
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2015 11:51:29 -0000
Hiya, A couple of points on the session ID stuff: On 13/08/15 23:11, David Mazieres wrote: > That said, one could imagine a fringe use case where an application > wants to prove that two anonymous TCP connections belong to the same two > processes, in which case the session ID of the first connection might be > used as a MAC key to authenticate the session ID of the second. So you > don't want the session ID to be predictable, even if making it public > doesn't hurt TCPINC itself. I tend to agree with the above. As an FYI, I'm a co-author of an MPLS WG draft that has a similar concept [1] (which should be no surprise:-) so I'd like to try make sure those two things end up being similar to the extent we can. I'll likely just copy what's done here as much as possible. I think we might want to also consider that one thing that might happen is that loads and loads of these values (or values derived from them) could end up being accumulated and eventually end up really public. Just for safety's sake I'd probably prefer that what might end up public is not the same set of bits used as the session ID during the session though. For example, using the same bits might enable later correlations between log files that we'd prefer not be possible - say between some client-host-firewall log reported via telemetry and an application server log. So there might be benefits in defining a way to do that so that application developers don't get it badly wrong. In [1] we talk about a witness value that is different from a session ID. Not sure if that's useful here (or there;-) or not though. Lastly, we should check that whatever is done here is ok for MTPCP. Cheers, S. [1] https://tools.ietf.org/html/draft-ietf-mpls-opportunistic-encrypt-00#section-7.1
- [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Daniel Kahn Gillmor
- Re: [tcpinc] Revised version of TCP-ENO Daniel Kahn Gillmor
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO Everhart, Craig
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Ted Hardie
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO Daniel B Giffin
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO Stephen Farrell
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO dm-list-tcpcrypt
- Re: [tcpinc] Revised version of TCP-ENO Stephen Farrell
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres