IETF Logo Mail Archive

Re: [tcpinc] Revised version of TCP-ENO

David Mazieres <dm-list-tcpcrypt@scs.stanford.edu> Thu, 13 August 2015 23:55 UTC

Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DE581ACEC1 for <tcpinc@ietfa.amsl.com>; Thu, 13 Aug 2015 16:55:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.91
X-Spam-Level:
X-Spam-Status: No, score=-0.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3SBwVBibSxbj for <tcpinc@ietfa.amsl.com>; Thu, 13 Aug 2015 16:55:39 -0700 (PDT)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 669951ACEB1 for <tcpinc@ietf.org>; Thu, 13 Aug 2015 16:55:39 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost.scs.stanford.edu [127.0.0.1]) by market.scs.stanford.edu (8.14.7/8.14.7) with ESMTP id t7DNtaqN014219; Thu, 13 Aug 2015 16:55:36 -0700 (PDT)
Received: (from dm@localhost) by market.scs.stanford.edu (8.14.7/8.14.7/Submit) id t7DNtZtu017982; Thu, 13 Aug 2015 16:55:35 -0700 (PDT)
X-Authentication-Warning: market.scs.stanford.edu: dm set sender to dm-list-tcpcrypt@scs.stanford.edu using -f
From: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
To: Ted Hardie <ted.ietf@gmail.com>
In-Reply-To: <CA+9kkMAApobA0FwQKyUXvTxO-oAOwL6Up9Jh3-E_9SvR9ztn-A@mail.gmail.com>
References: <87pp2vqplu.fsf@ta.scs.stanford.edu> <CAJU8_nXAHhf6dqqs0gUEGz49bG7YUO1qaGwaLm04+vstPTyfWg@mail.gmail.com> <87h9o4rqwz.fsf@ta.scs.stanford.edu> <874mk2kj56.fsf@alice.fifthhorseman.net> <CAJU8_nVcDmCw-0KYviJ5GWZL+-YcCg3wLMJqpkuh=iN8RppA+A@mail.gmail.com> <87y4hej2vf.fsf@alice.fifthhorseman.net> <87egj67sac.fsf@ta.scs.stanford.edu> <CA+9kkMAApobA0FwQKyUXvTxO-oAOwL6Up9Jh3-E_9SvR9ztn-A@mail.gmail.com>
Date: Thu, 13 Aug 2015 16:55:35 -0700
Message-ID: <8737zm7ngo.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/R_fl2kBUdLCjdNzeXRyE01D_Ji4>
Cc: tcpinc <tcpinc@ietf.org>, Kyle Rose <krose@krose.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [tcpinc] Revised version of TCP-ENO
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: David Mazieres expires 2015-11-11 PST <mazieres-mcsmf7g76s5a5nytxr5qbgdnue@temporary-address.scs.stanford.edu>
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2015 23:55:40 -0000

Ted Hardie <ted.ietf@gmail.com> writes:

>> That said, one could imagine a fringe use case where an application
>> wants to prove that two anonymous TCP connections belong to the same two
>> processes, in which case the session ID of the first connection might be
>> used as a MAC key to authenticate the session ID of the second.  So you
>> don't want the session ID to be predictable, even if making it public
>> doesn't hurt TCPINC itself.
>>
>>
> ​I don't think I understand this use case.  To whom does the application
> want to prove this?

Again, it's pretty fringe, but here's a contrived application.  I'm
running some kind of legacy protocol over TCPINC that involves a
long-running TCP connection, but at least one end is anonymous.  Maybe
it's a chat application like IRC.  But now I want to run a newer control
protocol that connects to the same server and proves it is associated
with the previous connection.  It can do so by using the previous
session ID as a MAC key.

Also, if we want the 32+-byte hash size to mean anything, we kind of
need the session ID to make use of all the bits anyway.

Finally, when you're trying to prove things, pseudo-random quantities
are often nice to work with.

So that's three kind of mediocre reasons to have pseudo-random session
IDs, vs. zero reasons to permit lower-entropy/predictable ones.  We
hadn't previously required it, but this brief discussion has made me
inclined to require pseudo-random session IDs.

David

v2.23.0 | Report a Bug | By Email