IETF Logo Mail Archive

Re: [tcpinc] Revised version of TCP-ENO

Kyle Rose <krose@krose.org> Fri, 14 August 2015 01:13 UTC

Return-Path: <krose@krose.org>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A307C1AD2C0 for <tcpinc@ietfa.amsl.com>; Thu, 13 Aug 2015 18:13:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sRNqUd91oLUh for <tcpinc@ietfa.amsl.com>; Thu, 13 Aug 2015 18:13:15 -0700 (PDT)
Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C08A21AD291 for <tcpinc@ietf.org>; Thu, 13 Aug 2015 18:13:15 -0700 (PDT)
Received: by iodv127 with SMTP id v127so54677752iod.3 for <tcpinc@ietf.org>; Thu, 13 Aug 2015 18:13:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=I2yXA+Cutm9Y2G/UKGxGmOg+MH/P+3LmjGEmVmrLR7M=; b=hOPEjz33LEp2H14KY+V8mZZt+zC28RaUsGw8e9VaUe+ZWsYQzBjNtajb4FkhM8npTu KNi8HVGjpCT6leVy/YXc2DyruDkKxTqr+ZA5U32ZRcTVguQfKJGdgeCCcWfm389blvkY g19MDJsXK3prtvEjYkw11sbQiuvIjY4+yUuAU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=I2yXA+Cutm9Y2G/UKGxGmOg+MH/P+3LmjGEmVmrLR7M=; b=IE0PBxUOLeLy84bNM1XLlq06uSuZgib+g1xouOJl1mHq4hzJNQbBI5kkKTqk1bvcMW 3S39hjgi5yjIaBfgkwcaqff1mh5yYxqvC5xO2jMJ/iAu0rie/oiBecPpb58zSSTpSXDv nU4NdXP7FIavpmLlqudgCyyktSsrnbOB76MneKusQNvxpVs3d1jD7EuImBK8BIOZ8dHm e9EO/Jn1/wRDHyWze26km4QfLLuwUkh+PadRSvAbGP7nGYqv+8qfuvkOhuov7I2iW9WC acC97yu0Qgv/sCBidlKZMAamWRzSONSjqqofBRvxZn0USr2UYDbJ0wo68QSNa3mq7PKS T91g==
X-Gm-Message-State: ALoCoQkTNhyCezBDWgC/tTS4eMJ2J8q0KpVd6EtPe0Sx7BHEe6JcUiMCYaarx9B+q2vpoeF9cmzc
MIME-Version: 1.0
X-Received: by 10.107.131.132 with SMTP id n4mr35607706ioi.63.1439514795254; Thu, 13 Aug 2015 18:13:15 -0700 (PDT)
Received: by 10.79.31.197 with HTTP; Thu, 13 Aug 2015 18:13:15 -0700 (PDT)
X-Originating-IP: [207.172.212.184]
In-Reply-To: <87egj67sac.fsf@ta.scs.stanford.edu>
References: <87pp2vqplu.fsf@ta.scs.stanford.edu> <CAJU8_nXAHhf6dqqs0gUEGz49bG7YUO1qaGwaLm04+vstPTyfWg@mail.gmail.com> <87h9o4rqwz.fsf@ta.scs.stanford.edu> <874mk2kj56.fsf@alice.fifthhorseman.net> <CAJU8_nVcDmCw-0KYviJ5GWZL+-YcCg3wLMJqpkuh=iN8RppA+A@mail.gmail.com> <87y4hej2vf.fsf@alice.fifthhorseman.net> <87egj67sac.fsf@ta.scs.stanford.edu>
Date: Thu, 13 Aug 2015 21:13:15 -0400
Message-ID: <CAJU8_nV0uxOL0=tTwJX+01SLGcz9Zg0sfYsE4Bo2uvg1t3aUMA@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
To: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/Vt0uDV92Mq2tbNxiZ7sqw-OiiHY>
Cc: tcpinc@ietf.org, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [tcpinc] Revised version of TCP-ENO
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2015 01:13:16 -0000

> That said, one could imagine a fringe use case where an application
> wants to prove that two anonymous TCP connections belong to the same two
> processes, in which case the session ID of the first connection might be
> used as a MAC key to authenticate the session ID of the second.  So you
> don't want the session ID to be predictable, even if making it public
> doesn't hurt TCPINC itself.

I'm starting to come around to dkg's viewpoint that it doesn't
necessarily *have* to be public: batch signing of session IDs is one
suggested use case, but authentication protocols that don't do that
could potentially make use of the session ID being private.

I think maybe guidance about when it is appropriate to consider them
public vs. private belongs in section 4.1 of this doc, or in the API
doc if a section there is added on batch signing. Strictly speaking,
the current wording ("The session ID MUST NOT contain any confidential
data (such as data permitting the derivation of session keys)") is
probably right.

Kyle

v2.23.0 | Report a Bug | By Email