Re: [tcpinc] Review of draft-ietf-tcpinc-api-03
David Mazieres <dm-list-tcpcrypt@scs.stanford.edu> Sat, 30 September 2017 04:48 UTC
Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF0AD134487 for <tcpinc@ietfa.amsl.com>; Fri, 29 Sep 2017 21:48:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b5KjqMtfqESP for <tcpinc@ietfa.amsl.com>; Fri, 29 Sep 2017 21:48:12 -0700 (PDT)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93F4E134218 for <tcpinc@ietf.org>; Fri, 29 Sep 2017 21:48:12 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost [127.0.0.1]) by market.scs.stanford.edu (8.15.2/8.15.2) with ESMTP id v8U4mBDv009022; Fri, 29 Sep 2017 21:48:11 -0700 (PDT)
Received: (from dm@localhost) by market.scs.stanford.edu (8.15.2/8.15.2/Submit) id v8U4mBSP096567; Fri, 29 Sep 2017 21:48:11 -0700 (PDT)
From: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
To: Kyle Rose <krose@krose.org>, tcpinc <tcpinc@ietf.org>
In-Reply-To: <CAJU8_nW_SLVBHvnELTq_vWVN+TtFh6hmST-O2+MQSyA19=5pyw@mail.gmail.com>
References: <CAJU8_nW_SLVBHvnELTq_vWVN+TtFh6hmST-O2+MQSyA19=5pyw@mail.gmail.com>
Reply-To: David Mazieres expires 2017-12-28 PST <mazieres-a46psxvchrb7fiziita2canqti@temporary-address.scs.stanford.edu>
Date: Fri, 29 Sep 2017 21:48:11 -0700
Message-ID: <87d16894hg.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/UDBBniGWxlVU1pfQcKcbuXKor6k>
Subject: Re: [tcpinc] Review of draft-ietf-tcpinc-api-03
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Sep 2017 04:48:14 -0000
Kyle Rose <krose@krose.org> writes: > (Keepalive before list timeout.) > > This is a review of draft-ietf-tcpinc-api-03. Chair hat off. Okay, thanks for the review. I stupidly somehow thought your email ended halfway through and uploaded a draft addressing half your comments. That's now been fixed, but you will want to diff version 5 against version 3. The latest is here: https://datatracker.ietf.org/doc/draft-ietf-tcpinc-api/ Most of your points were straight-forward and should now be addressed. I'll just comment on ones that might be marginally more complicated. > * I don't understand the rationale behind the last bullet in the > tcpcrypt section. Is the presumption that an application will > authenticate the first connection and then resume without > authentication? If so, then it's more than prudent: it MUST purge that > session from the cache. I just got rid of that point. The idea was that if you somehow connected to a man in the middle and think you can avoid it by trying again, then you want to flush the cache. But in practice if you have an interception proxy or something that is implementing tcpcrypt, then probably trying again isn't going to work. The point is kind of arcane anyway, so no need to try to make it. > * What is "baddynamic"? A Google search was unrevealing. Does this > need a reference? So some BSD have such a sysctl. For example: http://man.openbsd.org/sysctl I was just trying to be as compatible as possible with that mechanism since it exists already. > 5.1: > > * TCP_ENO_LOCAL_NAME conflicts with SELF_NAME. I didn't understand this comment at the time. Now I think you just mean I used TCP_ENO_LOCAL_NAME which is not a thing. I've already submitted too many drafts tonight, but I fixed this in the git repo, so once we settle on everything else I need to fix, the final draft can have this fix. > * Can you describe for me an attack that would be possible using an > authenticator taken out of context? I'm assuming that both ends of the > connection with the unique session ID already have the cookie, and > that the authenticator would be useless on any other tcpinc connection > because of the uniqueness property. Is the issue that the session ID > used in the PRF could collide with an entirely distinct (i.e., > non-tcpinc) use? Something similar applies to 5.2, as well. Yes, say you have a peer-to-peer system where nodes authenticate themselves by signing the session ID but not the role. Then you can connect to a server and convince it that it is talking to itself by just echoing back the signed message. > * It might be worth pointing out that, in unilateral authentication, > the side that does not validate an authenticator relies on the peer > ending the connection if validation fails to prevent man-in-the-middle > attacks. I don't really understand this comment. In unilateral authentication one side does not care about whom it is talking to, so why would it need to rely on the unknown other side for anything? Thanks, David
- Re: [tcpinc] Review of draft-ietf-tcpinc-api-03 David Mazieres
- [tcpinc] Review of draft-ietf-tcpinc-api-03 Kyle Rose
- Re: [tcpinc] Review of draft-ietf-tcpinc-api-03 Kyle Rose
- Re: [tcpinc] Review of draft-ietf-tcpinc-api-03 Kyle Rose