Re: [tcpinc] Adam Roach's Yes on draft-ietf-tcpinc-tcpcrypt-09: (with COMMENT)

Adam Roach <> Thu, 09 November 2017 15:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E04A5126CD6; Thu, 9 Nov 2017 07:37:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sHAwAEjdk5Cc; Thu, 9 Nov 2017 07:37:18 -0800 (PST)
Received: from ( [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 35DE7127201; Thu, 9 Nov 2017 07:37:16 -0800 (PST)
Received: from Orochi.local ( []) (authenticated bits=0) by (8.15.2/8.15.2) with ESMTPSA id vA9FbBQP061270 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 9 Nov 2017 09:37:12 -0600 (CST) (envelope-from
X-Authentication-Warning: Host [] claimed to be Orochi.local
To: Kyle Rose <>
Cc: "Mirja Kuehlewind (IETF)" <>, The IESG <>, tcpinc <>,,
References: <> <> <> <>
From: Adam Roach <>
Message-ID: <>
Date: Thu, 9 Nov 2017 09:37:06 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [tcpinc] Adam Roach's Yes on draft-ietf-tcpinc-tcpcrypt-09: (with COMMENT)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 09 Nov 2017 15:37:20 -0000

On 11/9/17 08:16, Kyle Rose wrote:
> On Thu, Nov 9, 2017 at 10:11 AM, Adam Roach <> wrote:
>> On 11/8/17 19:45, Mirja Kuehlewind (IETF) wrote:
>>> That’s not true. This is to cover the case where the packet got corrupted on
>>> the path, thus hopefully the retransmission will decrypt correctly.
>> So, to be clear, you're talking about packet corruption that happens to
>> produce a valid checksum, right? If that's the reasoning here, the authors
>> probably want to include that rationale in the document.
> Mirja's is my interpretation, as well.
> Off-path attackers wouldn't be able to sent segments with the right
> sequence number with high probability, so it's unlikely that this is a
> DoS vector; but giving implementations the option of simply dropping
> segments for which the authenticity check fails is not likely to cause
> recurring timeout problems for correct implementations.

Yes, and you're giving implementors options here without really 
explaining why -- which means they're probably just going to pick one 
randomly. Adding text that gives some notion about why one might choose 
one option over the other would allow them to make an informed choice 
rather than a random one.

Again, this remains a suggestion and not a blocking comment. You can 
feel free to proceed with the document as-is.