Re: [tcpinc] [tcpm] WGLC for draft-ietf-tcpinc-tcpeno
"Black, David" <David.Black@dell.com> Tue, 14 February 2017 23:07 UTC
Return-Path: <David.Black@dell.com>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A8B1129863; Tue, 14 Feb 2017 15:07:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=E1TgrmIP; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=VCyC9YNL
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L_AaqCHHjwkk; Tue, 14 Feb 2017 15:07:00 -0800 (PST)
Received: from esa7.dell-outbound.iphmx.com (esa7.dell-outbound.iphmx.com [68.232.153.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C1F112997E; Tue, 14 Feb 2017 15:06:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1487113436; x=1518649436; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=sgLCkpiYXq3ZOY9kWyKCnHaAs1undAaCOQ48RuhyIwo=; b=E1TgrmIPdOl1hyH+Usd3gNiPGB7C7E5+wUSN+RHpw8qUN+XDD8s+dWmv HOSznbj2dC9DuvVkX39F2p2DIDC9u/DUuq/M5JL8NkqVpMP4p9DrmyGO4 ibm5iP9PxSXVq6UgfvL73J0hjL2b6WCoDUioRCCqSaUzIzJ9nFHpYyV0z E=;
Received: from esa2.dell-outbound2.iphmx.com ([68.232.153.202]) by esa7.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Feb 2017 17:03:55 -0600
From: "Black, David" <David.Black@dell.com>
Received: from mailuogwhop.emc.com ([168.159.213.141]) by esa2.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Feb 2017 04:56:29 +0600
Received: from maildlpprd04.lss.emc.com (maildlpprd04.lss.emc.com [10.253.24.36]) by mailuogwprd04.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v1EN6nVN013893 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 14 Feb 2017 18:06:51 -0500
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com v1EN6nVN013893
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1487113611; bh=I7tznRKOxzt7l/jmXDeuigxekSY=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=VCyC9YNL0rQG/sD1XqeH26MziKfznqmGzQnoWJQFWxQjFJeZvDn619UhOSQU5LsMs 3hUY0ccB3s7xVAjQoAnSgYak76tko2r1gWZiA2obLj07+zmNBr58whSx3KOo9zK5kf ESIt9rlBl57NsVTH75o9OSefcnCAftS52n0uGQoU=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com v1EN6nVN013893
Received: from mailusrhubprd01.lss.emc.com (mailusrhubprd01.lss.emc.com [10.253.24.19]) by maildlpprd04.lss.emc.com (RSA Interceptor); Tue, 14 Feb 2017 18:06:11 -0500
Received: from MXHUB301.corp.emc.com (MXHUB301.corp.emc.com [10.146.3.27]) by mailusrhubprd01.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v1EN6QNu027985 (version=TLSv1.2 cipher=AES128-SHA256 bits=128 verify=FAIL); Tue, 14 Feb 2017 18:06:26 -0500
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB301.corp.emc.com ([10.146.3.27]) with mapi id 14.03.0266.001; Tue, 14 Feb 2017 18:06:25 -0500
To: "Scharf, Michael (Nokia - DE)" <michael.scharf@nokia.com>, Joe Touch <touch@isi.edu>, David Mazieres expires 2017-05-06 PDT <mazieres-pkmdzkf62nfmb5xbagc254xup6@temporary-address.scs.stanford.edu>, "Holland, Jake" <jholland@akamai.com>, "tcpinc@ietf.org" <tcpinc@ietf.org>
Thread-Topic: [tcpinc] [tcpm] WGLC for draft-ietf-tcpinc-tcpeno
Thread-Index: AQHSgJcEYYlWN3W1tEmC2QNcaxw5ZqFdcHGAgAu6P+A=
Date: Tue, 14 Feb 2017 23:06:25 +0000
Message-ID: <CE03DB3D7B45C245BCA0D243277949362F86DFB1@MX307CL04.corp.emc.com>
References: <D668D28F-42BB-40A4-81D1-1FF2D3D95ECB@akamai.com> <87fujvonza.fsf@ta.scs.stanford.edu> <1FD85C9B-BE52-4E9F-A6D9-54BAD0425C8A@akamai.com> <655C07320163294895BBADA28372AF5D48D1DE65@FR712WXCHMBA15.zeu.alcatel-lucent.com> <87zii0ydil.fsf@ta.scs.stanford.edu>, <ca32a70e-a7fe-5ce2-aaa4-781effa479cf@isi.edu> <AM5PR0701MB254723F1F442D3533DF15C9C93430@AM5PR0701MB2547.eurprd07.prod.outlook.com>
In-Reply-To: <AM5PR0701MB254723F1F442D3533DF15C9C93430@AM5PR0701MB2547.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.238.45.79]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd01.lss.emc.com
X-RSA-Classifications: public
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/aNljWxDTCuJT3tIobIM9whJj4Ok>
Cc: "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpinc] [tcpm] WGLC for draft-ietf-tcpinc-tcpeno
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2017 23:07:02 -0000
+1 with WG chair hat on - I think Joe's text sets the right expectation. Thanks, --David > -----Original Message----- > From: Tcpinc [mailto:tcpinc-bounces@ietf.org] On Behalf Of Scharf, Michael > (Nokia - DE) > Sent: Tuesday, February 07, 2017 1:54 AM > To: Joe Touch; David Mazieres expires 2017-05-06 PDT; Holland, Jake; > tcpinc@ietf.org > Cc: tcpm@ietf.org > Subject: Re: [tcpinc] [tcpm] WGLC for draft-ietf-tcpinc-tcpeno > > I'd agree to Joe's proposal "Although this protocol could benefit from extended > SYN space, e.g., to support in-band key coordination, future TEPs should expect > to use only the currently available space." > > Michael (chair hat off) > > ________________________________________ > From: Joe Touch <touch@isi.edu> > Sent: Monday, February 6, 2017 17:34 > To: David Mazieres expires 2017-05-06 PDT; Scharf, Michael (Nokia - DE); Holland, > Jake; tcpinc@ietf.org > Cc: tcpm@ietf.org > Subject: Re: [tcpm] [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno > > FWIW: > > > On 2/5/2017 5:26 AM, David Mazieres wrote: > > "Scharf, Michael (Nokia - DE)" <michael.scharf@nokia.com> writes: > > > >> While TCPM discusses large SYN options (for a long time already), all > >> known solutions have downsides. I do not believe that a non-TCPM > >> document should speculate on the feasibility solutions. > > Michael, what do you think of the new proposed wording? > > > > Various proposals exist to increase the maximum space for options in > > the TCP header. Though these proposals are highly experimental-- > The non-SYN extension is currently a WG document and intended for > standards-track. > > particularly those that apply to SYN segments > The SYN extension proposals all have significant known issues and are > both highly experimental and difficult to deploy. > > > --TCP-layer encryption > > could significantly benefit from the availability of increased SYN > > option space. > It might be useful to differentiate between the potential use of non-SYN > vs. SYN space. > > You should be more explicit that "Although this protocol could benefit > from extended SYN space, e.g., to support in-band key coordination, > future TEPs should expect to use only the currently available space." > > IMO, the following is speculative and not useful: > > > In particular, if future TEPs can perform key > > agreement by embedding public keys or Diffie-Hellman parameters > > within suboption data, it will simplify protocols and reduce the > > number of round trips required for connection setup. With large > > options, the 32-byte limit on length bytes could prove insufficient. > > This draft intentionally aborts TCP-ENO if a length byte is followed > > by an octet in the range 0x00-0x9f. > The following appears to direct TCPM docs to update this doc, which is > not appropriate. If there is a SYN extension, it is much more likely to > be a stand-alone doc to update RFC793 and other docs would individually > update protocols that might benefit from that space. > > > Any document updating TCP's > > option size limit can also define the format of larger suboptions by > > updating this draft to assign meaning to such currently undefined > > byte sequences. > > ... > > > > Our goal is not to second-guess TCPM, but rather to provide TCPM with a > > data point that they have a "customer" for large SYN options in the > > unlikely event that some proposal is ever deemed realistic. I could > > make the wording even stronger, as in: > > > > These proposals are highly experimental--with those that apply to SYN > > segments particularly unlikely to be adopted any time soon--but > > TCP-layer encryption could significantly benefit from the > > availability of increased SYN option space. > Actually, the above is much more useful (IMO), but most of the rest of > the paragraph can be omitted. > > Joe > > > > > But that could be seen as second-guessing TCPM in the other > > direction--telling TCPM we *don't* expect them to standardize large SYN > > options anytime soon. (Of course, it's true that I don't expect them to > > do that, but it might not be my place to say so in an RFC unless you > > sign off on the language...) > > > > As always, concrete suggestions on wording are appreciated. > > > > Thanks, > > David > > > > _______________________________________________ > > tcpm mailing list > > tcpm@ietf.org > > https://www.ietf.org/mailman/listinfo/tcpm > > _______________________________________________ > Tcpinc mailing list > Tcpinc@ietf.org > https://www.ietf.org/mailman/listinfo/tcpinc
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno Holland, Jake
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno David Mazieres
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno Holland, Jake
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno David Mazieres
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno Holland, Jake
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno David Mazieres
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno Scharf, Michael (Nokia - DE)
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno David Mazieres
- Re: [tcpinc] [tcpm] WGLC for draft-ietf-tcpinc-tc… Joe Touch
- Re: [tcpinc] [tcpm] WGLC for draft-ietf-tcpinc-tc… Joe Touch
- Re: [tcpinc] WGLC for draft-ietf-tcpinc-tcpeno Holland, Jake
- Re: [tcpinc] [tcpm] WGLC for draft-ietf-tcpinc-tc… Scharf, Michael (Nokia - DE)
- Re: [tcpinc] [tcpm] WGLC for draft-ietf-tcpinc-tc… Black, David