IETF Logo Mail Archive

Re: [tcpinc] Revised version of TCP-ENO

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 13 August 2015 20:50 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9C381B3AFF for <tcpinc@ietfa.amsl.com>; Thu, 13 Aug 2015 13:50:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X4M9Vd4IUNVf for <tcpinc@ietfa.amsl.com>; Thu, 13 Aug 2015 13:50:31 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 779601B3AFA for <tcpinc@ietf.org>; Thu, 13 Aug 2015 13:50:31 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id D6A7DF984; Thu, 13 Aug 2015 16:50:29 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id B08E7201D4; Thu, 13 Aug 2015 22:50:29 +0200 (CEST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>, Kyle Rose <krose@krose.org>
In-Reply-To: <87h9o4rqwz.fsf@ta.scs.stanford.edu>
References: <87pp2vqplu.fsf@ta.scs.stanford.edu> <CAJU8_nXAHhf6dqqs0gUEGz49bG7YUO1qaGwaLm04+vstPTyfWg@mail.gmail.com> <87h9o4rqwz.fsf@ta.scs.stanford.edu>
User-Agent: Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu)
Date: Thu, 13 Aug 2015 16:50:29 -0400
Message-ID: <874mk2kj56.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/OgZo5SO23OKsZfhOAhNDxjDJKuk>
Cc: tcpinc@ietf.org
Subject: Re: [tcpinc] Revised version of TCP-ENO
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2015 20:50:34 -0000

On Wed 2015-08-12 20:08:28 -0400, David Mazieres wrote:
> Kyle Rose <krose@krose.org> writes:
>> 4.1: Do you want to add the additional requirement that session IDs be
>> public, i.e., not be secret to endpoints/applications?
>
> This was the intent of the following bullet in section 4.1:
>
>    o  The session ID MUST NOT contain any confidential data (such as
>       data permitting the derivation of session keys).
>
> We didn't use the word "public" because that almost sounds like there's
> a requirement to disclose the session ID.  But if the existing wording
> is not clear, we are certainly open for suggestions.

We almost certainly want endpoints/applications to treat the session ID
as sensitive information -- leaked knowledge of the session ID would
allow someone to impersonate the other party if any authentication was
bootstrapped off of the session ID.

The point of the text David highlights above is to ensure that an
endpoint/application can't learn anything about the cryptographic
secrets through the session ID interface -- that is, it defends the
cryptographic layer from breakage by the client.  But we shouldn't
encourage clients to break the layer that is accessible to them (the
session ID) by publishing their data either.

        --dkg

v2.23.0 | Report a Bug | By Email