Re: [tcpinc] new drafts of TCP-ENO and tcpcrypt

"Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net> Thu, 05 October 2017 11:42 UTC

Return-Path: <ietf@kuehlewind.net>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D0E41342CA for <tcpinc@ietfa.amsl.com>; Thu, 5 Oct 2017 04:42:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=ietf@kuehlewind.net header.d=kuehlewind.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oExjtQI_AMxL for <tcpinc@ietfa.amsl.com>; Thu, 5 Oct 2017 04:42:19 -0700 (PDT)
Received: from kuehlewind.net (kuehlewind.net [83.169.45.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5956F133352 for <tcpinc@ietf.org>; Thu, 5 Oct 2017 04:42:19 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kuehlewind.net; b=QFyfp2Kj0aIm3q4ToZ016P5zxEfZcqTGOD+Rg+PuiMFTEk4GOmEKavaS5RidWj/AJrzWRgzecczCRH1Jo9PMtt0kXiYjjR0XdHfa0b+ebqIXozSPKLhZCuPyp9cZAxiNvy94NIHPRNE5FukOxCb+d3mjVUKF6ROpru5ckYQ+AZM=; h=Received:Received:Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To:X-Mailer:X-PPP-Message-ID:X-PPP-Vhost;
Received: (qmail 16122 invoked from network); 5 Oct 2017 13:42:17 +0200
Received: from pd9e119f3.dip0.t-ipconnect.de (HELO ?192.168.178.33?) (217.225.25.243) by kuehlewind.net with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 5 Oct 2017 13:42:17 +0200
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
In-Reply-To: <20171004233140.GB84701@scs.stanford.edu>
Date: Thu, 5 Oct 2017 13:42:15 +0200
Cc: David Mazieres expires 2017-12-29 PST <mazieres-b6y844gfkp899wcr7iwrxxztue@temporary-address.scs.stanford.edu>, draft-ietf-tcpinc-tcpcrypt.all@ietf.org, tcpinc <tcpinc@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <BDB8460A-E193-4C9C-BCBA-99B805F93D0A@kuehlewind.net>
References: <D38E22E9-FBB6-40D1-BF85-D5A77F5C2365@kuehlewind.net> <20170830223758.GA73969@scs.stanford.edu> <3a8ac0e0-cd41-57c8-85a4-79c5f179385f@kuehlewind.net> <20170929203434.GA73214@scs.stanford.edu> <D78092B0-4C01-47D6-9B5D-9DB1DA5EFA83@kuehlewind.net> <877ewgrtp8.fsf@ta.scs.stanford.edu> <20171004233140.GB84701@scs.stanford.edu>
To: Daniel B Giffin <dbg@scs.stanford.edu>
X-Mailer: Apple Mail (2.3273)
X-PPP-Message-ID: <20171005114217.16115.42422@lvps83-169-45-111.dedicated.hosteurope.de>
X-PPP-Vhost: kuehlewind.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/YwgBK700VjmV02UIvOgIMxRGceY>
Subject: Re: [tcpinc] new drafts of TCP-ENO and tcpcrypt
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Oct 2017 11:42:21 -0000

Hi Daniel, hi all,

thanks for all the work and changes. I just realized that I didn’t answer (yet) David’s last mail but the resolution now is fine. Thanks for the additional explanation!

I’ve just requested IETF last call for both docs and put them on the telechat agenda for Oct 26. Likely there will be more comments from different directorates and the ADs and we potentially need another version then (just before the telechat or right after) but I’m not expecting any real issues.

Thanks for the good work!
Mirja


> Am 05.10.2017 um 01:31 schrieb Daniel B Giffin <dbg@scs.stanford.edu>du>:
> 
> We've posted new versions of the TCP-ENO and tcpcrypt
> drafts:
> 
>  https://datatracker.ietf.org/wg/tcpinc/documents/
> 
> The changes address the concerns in recent list discussion,
> intending to ready the documents for IETF last call.
> 
> The TCP-ENO document now makes no reference to tcpcrypt or
> TCP-Use-TLS; that is, it does not specify any values for
> those protocols in the "TCP encryption protocol identifiers"
> IANA registry.
> 
> The changes to the tcpcrypt document are, briefly:
> 
>  - remove citation from abstract
>  - fix IPR text
>  - define PRK, OKM before use
>  - "session caching" => "session resumption"
>  - the segment with last byte of Init1/Init2 "MUST" set PSH
>  - define "abort the connection" with reference to RFC793
>  - improve language about non-reuse of session secrets
>  - "application frame" => "encryption frame"
>  - "ignore frame" => "drop TCP segments"
>  - clarify FIN/FINp interaction
>  - IANA considerations: specify registry names appropriately
>    and add "Reference" columns
> 
> daniel
>