Re: [tcpinc] Resumption safety (was "Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpcrypt-09: (with DISCUSS and COMMENT)")
"Black, David" <David.Black@dell.com> Tue, 12 December 2017 18:53 UTC
Return-Path: <David.Black@dell.com>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AA321286CA for <tcpinc@ietfa.amsl.com>; Tue, 12 Dec 2017 10:53:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=SYaUF5zh; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=dNFMDp4y
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QFMtWjbtBk0k for <tcpinc@ietfa.amsl.com>; Tue, 12 Dec 2017 10:53:29 -0800 (PST)
Received: from esa3.dell-outbound.iphmx.com (esa3.dell-outbound.iphmx.com [68.232.153.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 211241242F5 for <tcpinc@ietf.org>; Tue, 12 Dec 2017 10:53:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1513104569; x=1544640569; h=from:cc:to:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=FY21DgQvC6mdz4w4FypsiewhhUKulyyuObhhlWvQzlw=; b=SYaUF5zhERajlev5bO4Nhlsnby+Zv4+znrh+0xIWbHJdUfT6ZPaVKDLi EKURkDoT+G8B2pLrB4fkhuzwjPXcdTySskLm1U5mBHuFnW0fXVUpBdkhg 7aTxDqz3D5AFntqT8IPkN2JRj+oiMZ2qlurSvGa5d9AQZIhQkPLnV/AWc 0=;
IronPort-PHdr: 9a23:Nl2vbh8Ta+kIa/9uRHKM819IXTAuvvDOBiVQ1KB32u8cTK2v8tzYMVDF4r011RmVBdyds6oMotGVmpioYXYH75eFvSJKW713fDhBt/8rmRc9CtWOE0zxIa2iRSU7GMNfSA0tpCnjYgBaF8nkelLdvGC54yIMFRXjLwp1Ifn+FpLPg8it2O2+54Dfbx9UiDahfLh/MAi4oQLNu8cMnIBsMLwxyhzHontJf+RZ22ZlLk+Nkhj/+8m94odt/zxftPw9+cFAV776f7kjQrxDEDsmKWE169b1uhTFUACC+2ETUmQSkhpPHgjF8BT3VYr/vyfmquZw3jSRMNboRr4oRzut86ZrSAfpiCgZMT457HrXgdF0gK5CvR6tuwBzz4vSbYqINvRxY7ndcMsaS2RfQ8hRSyJPDICyb4QNDuoOIelWoIbmqlsSthSzARWgCP/zxjJKgHL9wK000/4mEQHDxAEsEc8DsHDOo9rpN6ceSf2+wqfSwjXdbvNZxDnx45XPfx4vu/6MQ7NwftfLxUQyEwPKlEmfqY/+MjyIyOsNt2yb4/B8WuKojm4qsgd8qSWsyMc0koTEh4EYxkra+Sh33oo5P8C0RU51bNK+Dpdcqz+WO5NrTs8+WW1kpig3x74ctZO0cyUG0okryhDcZvCffYiH/BHuWPqULDp9h39od7ayhxi3/EWg1+LzTNe43VNXoiZYidbBs38A2hLQ58WHTPZ2412v1iyV1w/J7+FJOUU0la3GJJE/2rMwjZ8TsVjbHi/xhUX2kLeadkU69eis7OTqeqvppoSGOINqkA3xL7ohmsi7AeghNQgOQnSb9v+71L3++032XatGguc3kqnBsJDaIMsaqrSlDA9S14Yv8xe/DzG439QEhXQKLVFIdAiZg4XnJV3COu30APexjli2jjtn2+7KMqXkAprXL3jDlLnhfax6605Z0Ac9w8pQ54xVCr4cOv7+R0vxu8bEAR86KAG73vjoCNF51o8ERW2PBaqZPLvIsVCU/uIvP/WMZIgNtTbhN/cl///ujXklllIGfKmmw4cXaH6iEvRhOUWZbimkvtBUMnYOs0IES/fnwAmBSzlIal6xRaUn63c8Eo3wSc/9T4Sgmq3J5yKqBZlReCgSEU6FF231X4qBUvYILimVJ5kyvCYDUO3rYYso3hLq/CPz1btrZKKA1iQGtJ6l/tx87O77mRw28Xp/CMHLgDLFdH19gm5dH2x+56t4u0Eojw7biaU=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2GkAAA2JDBah8qZ6ERdHQEBBQELAYJsgSiBBCcHg3uKIY8FgX2XEYFSQwqFOwIahG4/GAEBAQEBAQEBAQECEAEBAQoLCQgoL4I4JAEOSyEGMgEBAQEBAQEBAQEBAQEBAQEBARcCPRMCGAEBAQMBIxEMHxoBDwIBCA4MAgYZBwICAjAVEAIEARqKGAgBqQmCJ4MRh1ABAQEBAQEBAQIBAQEBAQEBAQEXCIEPglSBNlWBV4UThR+DEzGCMqMWBgKXIZFqljcCBAIEBQIagTsfgghvgniCYiWBTniJOIEVAQEB
X-IPAS-Result: A2GkAAA2JDBah8qZ6ERdHQEBBQELAYJsgSiBBCcHg3uKIY8FgX2XEYFSQwqFOwIahG4/GAEBAQEBAQEBAQECEAEBAQoLCQgoL4I4JAEOSyEGMgEBAQEBAQEBAQEBAQEBAQEBARcCPRMCGAEBAQMBIxEMHxoBDwIBCA4MAgYZBwICAjAVEAIEARqKGAgBqQmCJ4MRh1ABAQEBAQEBAQIBAQEBAQEBAQEXCIEPglSBNlWBV4UThR+DEzGCMqMWBgKXIZFqljcCBAIEBQIagTsfgghvgniCYiWBTniJOIEVAQEB
Received: from esa2.dell-outbound2.iphmx.com ([68.232.153.202]) by esa3.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Dec 2017 12:49:28 -0600
From: "Black, David" <David.Black@dell.com>
Cc: Eric Rescorla <ekr@rtfm.com>, tcpinc <tcpinc@ietf.org>, "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>, "Black, David" <David.Black@dell.com>
Received: from mailuogwhop.emc.com ([168.159.213.141]) by esa2.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Dec 2017 00:49:36 +0600
Received: from maildlpprd02.lss.emc.com (maildlpprd02.lss.emc.com [10.253.24.34]) by mailuogwprd04.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id vBCIrONf030997 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 12 Dec 2017 13:53:26 -0500
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com vBCIrONf030997
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1513104807; bh=+KjUjG5fOrucJtScRCJDu54qwKY=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=dNFMDp4yZcNkinDQWafXBj8JqfC9cft32tShBP2nidlqjANJWdpeade0Oqm9/Swmn EmvrMRmTiSn3NLkWsmJnKCIoPhzkeyq31aY971DBQEJBBYU/1BjrLOQAWmFYtKEQdg r51ytleEqQWSDt+mfXg8B41GqxPhr1VNz1sIqQEU=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com vBCIrONf030997
Received: from mailusrhubprd53.lss.emc.com (mailusrhubprd53.lss.emc.com [10.106.48.18]) by maildlpprd02.lss.emc.com (RSA Interceptor); Tue, 12 Dec 2017 13:53:09 -0500
Received: from MXHUB315.corp.emc.com (MXHUB315.corp.emc.com [10.146.3.93]) by mailusrhubprd53.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id vBCIrApw021428 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Tue, 12 Dec 2017 13:53:10 -0500
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB315.corp.emc.com ([10.146.3.93]) with mapi id 14.03.0352.000; Tue, 12 Dec 2017 13:53:10 -0500
To: Kyle Rose <krose@krose.org>, Valery Smyslov <svanru@gmail.com>
Thread-Topic: [tcpinc] Resumption safety (was "Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpcrypt-09: (with DISCUSS and COMMENT)")
Thread-Index: AQHTaWeKaqBgAqiJTU6Vp2CkSB85m6Ms+8NAgADSxICAAJUEAIABIOEAgAJ1xICAAaVOQIALRoIAgAAHnYCAAL6FgIAAs2eA///CTpA=
Date: Tue, 12 Dec 2017 18:53:09 +0000
Message-ID: <CE03DB3D7B45C245BCA0D243277949362FE0FE59@MX307CL04.corp.emc.com>
References: <CAJU8_nUUHbmFcPA2obo6q3dLqL1MGE2iKen-0EQ82re=+gtTfw@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD96B0D@MX307CL04.corp.emc.com> <23072.32691.892725.97892@fireball.acr.fi> <01bc01d36a71$45957db0$d0c07910$@gmail.com> <CABcZeBPN_XQc8np3CWi_-AtDUafW4ZPc8EnRje8yj57Rv-vxyw@mail.gmail.com> <B0FB25D40E23475C9259A4C204B327D2@chichi> <CE03DB3D7B45C245BCA0D243277949362FDD6E73@MX307CL04.corp.emc.com> <CAJU8_nW9fkn9E=NbKFZ3zy5uSY36WFqRcQpBYdyYuLwzAbqFHA@mail.gmail.com> <CAJU8_nX7NOSG8hkUYqG_GeqSyPzmhwsyA30Z0riqRmwK8SozpQ@mail.gmail.com> <073801d37315$90c89bd0$b259d370$@gmail.com> <CAJU8_nV+hc_ZHfwT99c7SrxCBb83UR9S8Odm+DSmtDnm6+4h3Q@mail.gmail.com>
In-Reply-To: <CAJU8_nV+hc_ZHfwT99c7SrxCBb83UR9S8Odm+DSmtDnm6+4h3Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.238.44.138]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd53.lss.emc.com
X-RSA-Classifications: public
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/SacthJ-u_FUdeeNLQlxbr4AeXm8>
Subject: Re: [tcpinc] Resumption safety (was "Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpcrypt-09: (with DISCUSS and COMMENT)")
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2017 18:53:30 -0000
+1, also as an individual (not as WG chair). Thanks, --David > > That's why I agree that we shouldn't take any steps now (in a hurry and for > > tcpcrypt only). > > Just to clarify, (speaking as member, not chair) I am in favor of > adding nonces on each connection, but (as chair) not in favor of > changing MTI TEPs to SIV. > > > The problem should be recognized and addressed > > in a more generic way. > > Agreed. > > Kyle
- [tcpinc] Resumption safety (was "Eric Rescorla's … Kyle Rose
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Black, David
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Tero Kivinen
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Valery Smyslov
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Black, David
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Kyle Rose
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Eric Rescorla
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Eric Rescorla
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Valery Smyslov
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Black, David
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Kyle Rose
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Kyle Rose
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Valery Smyslov
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Tero Kivinen
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Kyle Rose
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Valery Smyslov
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Valery Smyslov
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Black, David
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Tero Kivinen
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Valery Smyslov
- Re: [tcpinc] Resumption safety (was "Eric Rescorl… Tero Kivinen