IETF Logo Mail Archive

Re: [tcpinc] Quick review of draft-rescorla-tcpinc-tls-option-04

Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch> Wed, 21 October 2015 16:59 UTC

Return-Path: <mirja.kuehlewind@tik.ee.ethz.ch>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 371DB1A8820 for <tcpinc@ietfa.amsl.com>; Wed, 21 Oct 2015 09:59:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.91
X-Spam-Level:
X-Spam-Status: No, score=-3.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G6TjlN3b5GIo for <tcpinc@ietfa.amsl.com>; Wed, 21 Oct 2015 09:59:50 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 766A11A872B for <tcpinc@ietf.org>; Wed, 21 Oct 2015 09:59:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id 91580D9307; Wed, 21 Oct 2015 18:59:48 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id a6n52E165SxB; Wed, 21 Oct 2015 18:59:48 +0200 (MEST)
Received: from [82.130.103.143] (nb-10510.ethz.ch [82.130.103.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mirjak) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id 53154D9304; Wed, 21 Oct 2015 18:59:48 +0200 (MEST)
To: Eric Rescorla <ekr@rtfm.com>
References: <07616023-76C2-4418-BCCC-47B40391DC5D@tik.ee.ethz.ch> <CABcZeBOT0k0eAQ--+=BG9dEg-irwaQiP+d8JiaAPwmK6Mogt7w@mail.gmail.com> <5627B7CF.6080505@tik.ee.ethz.ch> <CABcZeBPMRN4BA46dGQMyNcdZbMhQ7OoughcoT7zMDac79KdfDw@mail.gmail.com>
From: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Message-ID: <5627C47C.4090005@tik.ee.ethz.ch>
Date: Wed, 21 Oct 2015 18:59:40 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBPMRN4BA46dGQMyNcdZbMhQ7OoughcoT7zMDac79KdfDw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/M7B0_6flCe0iozkTGwI-bcqARw8>
Cc: tcpinc <tcpinc@ietf.org>
Subject: Re: [tcpinc] Quick review of draft-rescorla-tcpinc-tls-option-04
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2015 16:59:53 -0000

Hi again,

see below.

On 21.10.2015 18:19, Eric Rescorla wrote:
>           > 8) Further the draft says in section 6, that there are two options
>           > for implementation. And I disagree there. tcpinc should always be
>           > implemented in the kernel and only if there is potentially an app
>           > that also implements TLS there might be a config option to allow the
>           > app to do the TLS handling if successfully negotiated in TCP. It is
>           > not an option to have a tcpinc implementation that relies on the
>           > possibility that the app might have TLS implemented because then we
>           > are end up at a the state where we already are.
>
>         We're defining a wire protocol here, so specifying particular
>         implementation tactics seems out of scope. With that said, I
>         don't think your assessment that we're back at the same state
>         we always were. As I think I pointed out when I first introduced
>         this draft, it addresses two problems with the same wire protocol:
>
>         1. The basic TCPINC use case.
>         2. Out-of-band negotiation of application-level TLS.
>
>         An application-level implementation is totally consistent with #2.
>
>
>     First of all, you have a section on implementation in the draft, I'm just
>     commenting on what's written there.
>
>     I think David, made this point as well: tcpinc is charter for case 1,
>     that means there MUST be a kernel implementation.
>
>
> I don't think this follows at all. The charter doesn't say anything about kernel
> implementations. It says "The protocol must be usable by unmodified
> applications" and
> "The protocol must not require any authentication or configuration", but neither
> of these require a *kernel* implementation. For example, one might implement
> things with a divert socket (as the tcpcrypt implementation at
> https://github.com/scslab/tcpcrypt does, though I know they have a kernel
> implementation.). So this means you need a whole-system implementation
> but doesn't mean you need a kernel one.

Okay, you are right, I was using 'kernel implementation' as a synonym for 
'stand-alone implementation' or 'whole system implementation' as you just 
named it and that's wrong; sorry. And I was also naturally assuming that we 
sooner or later want to provide a kernel implementation here. But that's a 
different story.

However, the point is that the second option where tcpinc would rely on an 
implementation in the app as written in you draft is not an option for tcpinc:

"   o  Implement just the TCP-TLS negotiation option in the operating
       system kernel with an interface to tell the application that TCP-
       TLS has been negotiated and therefore that the application must
       negotiate TLS."

>
> Another concrete scenario (which is attractive for a TLS implementation) is to
> use a minimal kernel component (or a divert socket) to do the ENO options
> with a modified libc to actually do the TLS negotiation and data handling.
> This would also provide system-wide support but would not be in the kernel.
> I don't see anything in the charter which prohibits this.

In don't really see how to deploy this, because than you have a kernel 
implementation that requires a certain lib to be installed. In this case you 
probably should implement the lib in the kernel right away.

>
>
>     Case 2 might be supported but doesn't have to to fulfill our charter. Of
>     course I agree that case 2 makes a lot of sense if we use tls.
>
>     However, the point is, as long as the doc says that you can fulfill the
>     specification of tcpinc even though you have an implementation that only
>     uses tcpinc if TLS is supported by the app, this doc is not a tcpinc doc
>     because it does not address our charter.
>
>
> I think this is kind of a semantic distinction, but would you consider it
> satisfactory
> if this were rewritten to indicate that it is possible to build an
> implementation which will
> interoperate with a system-wide implementation (scenario 1) using solely an
> application-level
> technique?

If you mean a user-space implementation as provided by tcpcrypt, where you 
redirect TCP traffic back into user-space (and all tcpinc is implemented in 
user space without kernel modifications), then yes that's okay.

At this point it is important to have a full and stand-alone implementation 
that can be used with any app to show the feasibility and check that the 
given specification is clear and complete.

However, this can, from my point of view, only be a intermediate solution to 
enable faster deployment, where the final goal would still be a kernel 
implementation. But that's my personal point of view here.

Mirja

v2.23.0 | Report a Bug | By Email