IETF Logo Mail Archive

Re: [tcpinc] TCP's treatment of data in SYN packets

Kyle Rose <krose@krose.org> Mon, 08 August 2016 00:57 UTC

Return-Path: <krose@krose.org>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7ADDA12D181 for <tcpinc@ietfa.amsl.com>; Sun, 7 Aug 2016 17:57:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LY2hO5mp378Z for <tcpinc@ietfa.amsl.com>; Sun, 7 Aug 2016 17:57:57 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C812A12D77A for <tcpinc@ietf.org>; Sun, 7 Aug 2016 17:57:56 -0700 (PDT)
Received: by mail-qk0-x230.google.com with SMTP id v123so176422499qkh.3 for <tcpinc@ietf.org>; Sun, 07 Aug 2016 17:57:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=9+bxGT5Q9Bv6e7kGZo9jQ51CboyAKZ/1cW02PRMTics=; b=O1wqu3i9JwRGREMXBWD4zs9lHxb2D6Y+6XyiTmcfZPZuGcPaXUtiqbtw3f7R+9Zuys DQ27NGy1LY39pi+KAG5B+VzWGoFQVo256dYk7ktKlTl0zDUH8Yza4tBvmBFAcvqTMOTH i1XwiXTuJsmVlBQ0BMMUQWhm1/u2j9++qmilg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=9+bxGT5Q9Bv6e7kGZo9jQ51CboyAKZ/1cW02PRMTics=; b=RgN2tJo9YMZRX627vxDRAAXQUnidQNEHYsexoOujOwxoeM7jQj6Qh7kOaJuMIV7TJK 7h+fDTyIVHD/PadyG0Ghz8ptnvUBuqz4lVCxe07/kNA3YVzdayKwCq0P7E2r1yZOI3W9 GKWSCZiS0hCxpG/CDc3z9C5/V11tY0wiIdA+/AApC2fUgllxjU3nIuUvat1GT0sOb23P 7RHCvvhYaBgdVrZX2cr6KgpCEuQh59ImFVJvhts8dWSZ3ciFytf/AQffh1hRdriecRIm yqhBioHJovijzHsn6CNh0qjkdg14z6Vzl6JIeRHnKVq7FVigcm/TQANsgT2d6y0tri0A jYoA==
X-Gm-Message-State: AEkoousOvQRR2uVzY4LZV7Qrzc1RnThEkf/w4yuqKa2cyWjzCYqiZsAR6L6dLhc3yhQ0u6Wbm6E/zaPSIQnuSA==
X-Received: by 10.55.69.69 with SMTP id s66mr25042593qka.77.1470617875793; Sun, 07 Aug 2016 17:57:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.94.70 with HTTP; Sun, 7 Aug 2016 17:57:54 -0700 (PDT)
X-Originating-IP: [207.172.212.184]
In-Reply-To: <2f0262fb-567c-3293-99f6-cf8aefe2c1b5@isi.edu>
References: <CAJU8_nU1WzQNFFUn_2o1cACutB01iyQ_hC29PHoutr8TRDKGnA@mail.gmail.com> <579A8223.8050308@isi.edu> <CAJU8_nXSxr7ykC1TwptBmyP8pNccz52ozq=hF7-EYiaMdDeLBQ@mail.gmail.com> <579BA470.3000405@isi.edu> <CAJU8_nXjhHH1eEXPA3hvhJ3YXsP_v2djGX=X2p9+wyn767Hm5A@mail.gmail.com> <adcaa33a-3bf5-e63a-bd19-fd165b16aa7d@wizmail.org> <87oa5fniu0.fsf@ta.scs.stanford.edu> <9ff12fb6-44f9-b1d0-2e9d-a67683679037@wizmail.org> <CAJU8_nVBem40i5Rqke37UBtOquF_mVBJHkjrtAmNN2qPdHqY=A@mail.gmail.com> <87d1lunvhn.fsf@ta.scs.stanford.edu> <579E9248.7050006@isi.edu> <87popt6nci.fsf@ta.scs.stanford.edu> <87k2g16mvb.fsf@ta.scs.stanford.edu> <579F7076.1080101@isi.edu> <CE03DB3D7B45C245BCA0D243277949362F623EDF@MX307CL04.corp.emc.com> <57A28E5C.7070304@isi.edu> <CE03DB3D7B45C245BCA0D243277949362F624017@MX307CL04.corp.emc.com> <87eg64dn8o.fsf@ta.scs.stanford.edu> <2fe90a4b-0a7c-928c-45ae-aae8900fd710@isi.edu> <87fuqicxxz.fsf@ta.scs.stanford.edu> <2f0262fb-567c-3293-99f6-cf8aefe2c1b5@isi.edu>
From: Kyle Rose <krose@krose.org>
Date: Sun, 07 Aug 2016 20:57:54 -0400
Message-ID: <CAJU8_nX=bbqvmNpWE-d5tFzZ4RnBgWLvP2bL=wPvHzmthD7X+g@mail.gmail.com>
To: Joe Touch <touch@isi.edu>
Content-Type: multipart/alternative; boundary="001a1148a3421679e8053984e866"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/TC2hpjmCMxgm1kGzCiVMb-RL4Ko>
Cc: "Black, David" <david.black@emc.com>, David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>, tcpinc <tcpinc@ietf.org>
Subject: Re: [tcpinc] TCP's treatment of data in SYN packets
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 00:57:59 -0000

On Sun, Aug 7, 2016 at 1:43 PM, Joe Touch <touch@isi.edu> wrote:

> > * Implementations SHOULD provide forward secrecy.  The important point
> >   is that the TEPs MUST be amenable to forward secrecy.
> That MUST turns the SHOULD into a MUST too.
> >   We didn't say
> >   MUST for the implementation because that may not always be
> >   possible--e.g., implementation considerations may someday require
> >   keying material to be shared across servers or with a load-balancer or
> >   something.  We don't want to say you can't implement TCP-ENO under
> >   such circumstances, but we want people to think long and hard about
> >   the implications for confidentiality.
> That consideration is too vague to weaken a MUST into a SHOULD, IMO.
>
> Why not "MUST provide forward secrecy" and indicate that any future
> sharing is viable only when it preserves forward secrecy?
>

I'm not sure we should constrain the protocol on the grounds of preference.
The charter says:

q( encryption and integrity protection with forward secrecy with a
per-connection granularity, )

which tcpcrypt is going to provide. I don't think this implies a
requirement that the protocol used to fulfill the WG charter not be able to
negotiate non-FS security. How do others feel about this? I'm happy to flag
this as a point for security area review, to decide whether forward secrecy
is a MUST for this or even for all future protocols.

> * Applications SHOULD authenticate endpoints, SHOULD treat session IDs
> >   monolithically, SHOULD use the application aware bit.  Again, these
> >   are all obviously very good things.  But there are so many different
> >   things an application can do, and so many constraints applications can
> >   be subject to, that it seems inappropriate for a transport-layer
> >   document to use MUST in regards to applications.  Anyway, we can't
> >   enforce what applications will do.
> If you say SHOULD, you need to indicate the conditions under which apps
> would do otherwise.
>
> Simply saying "we don't know what they want" isn't enough - you're
> providing a framework and app choices have implications in the
> capabilities provided.


Agreed. I don't think this language belongs in the draft. Authenticating
endpoints is good security practice because it eliminates certain classes
of attacks, but given that the WG's charter is to provide unauthenticated
encryption to foil ubiquitous passive surveillance, I'm not sure that
guidance belongs here.

Kyle

v2.35.0 | Report a Bug | By Email | System Status