IETF Logo Mail Archive

Re: [tcpinc] Revised version of TCP-ENO

David Mazieres <dm-list-tcpcrypt@scs.stanford.edu> Fri, 14 August 2015 17:49 UTC

Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 039E91A8AEF for <tcpinc@ietfa.amsl.com>; Fri, 14 Aug 2015 10:49:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.91
X-Spam-Level:
X-Spam-Status: No, score=-0.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CdB_xiweqBsH for <tcpinc@ietfa.amsl.com>; Fri, 14 Aug 2015 10:49:44 -0700 (PDT)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 236031A02F1 for <tcpinc@ietf.org>; Fri, 14 Aug 2015 10:49:44 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost.scs.stanford.edu [127.0.0.1]) by market.scs.stanford.edu (8.14.7/8.14.7) with ESMTP id t7EHnQtU012520; Fri, 14 Aug 2015 10:49:26 -0700 (PDT)
Received: (from dm@localhost) by market.scs.stanford.edu (8.14.7/8.14.7/Submit) id t7EHnOfs002410; Fri, 14 Aug 2015 10:49:24 -0700 (PDT)
X-Authentication-Warning: market.scs.stanford.edu: dm set sender to dm-list-tcpcrypt@scs.stanford.edu using -f
From: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Kyle Rose <krose@krose.org>
In-Reply-To: <55CDD63C.7060404@cs.tcd.ie>
References: <87pp2vqplu.fsf@ta.scs.stanford.edu> <CAJU8_nXAHhf6dqqs0gUEGz49bG7YUO1qaGwaLm04+vstPTyfWg@mail.gmail.com> <87h9o4rqwz.fsf@ta.scs.stanford.edu> <874mk2kj56.fsf@alice.fifthhorseman.net> <CAJU8_nVcDmCw-0KYviJ5GWZL+-YcCg3wLMJqpkuh=iN8RppA+A@mail.gmail.com> <87y4hej2vf.fsf@alice.fifthhorseman.net> <87egj67sac.fsf@ta.scs.stanford.edu> <55CDD63C.7060404@cs.tcd.ie>
Date: Fri, 14 Aug 2015 10:49:23 -0700
Message-ID: <87fv3lwyjg.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/cTBU7JVw0r2CxIZBXjvRtDJ_w_k>
Cc: tcpinc@ietf.org
Subject: Re: [tcpinc] Revised version of TCP-ENO
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2015 17:49:45 -0000

Stephen Farrell <stephen.farrell@cs.tcd.ie> writes:

> I think we might want to also consider that one thing that
> might happen is that loads and loads of these values (or
> values derived from them) could end up being accumulated and
> eventually end up really public. Just for safety's sake I'd
> probably prefer that what might end up public is not the same
> set of bits used as the session ID during the session though.
> For example, using the same bits might enable later correlations
> between log files that we'd prefer not be possible - say between
> some client-host-firewall log reported via telemetry and an
> application server log. So there might be benefits in defining
> a way to do that so that application developers don't get
> it badly wrong. In [1] we talk about a witness value that
> is different from a session ID. Not sure if that's useful
> here (or there;-) or not though.

I think you raise several questions here.

First, should what TCP-ENO calls the session ID be traceable to a
particular connection by a passive eavesdropper?  A contrived scenario
here is that for some reason you run a bulletin board that logs messages
and session IDs.  I put your bulletin board under surveillance,
recording a complete packet transcript.  Now I don't like a particular
message.  From its session ID, can I tell which client connection posted
the message (assuming, say, that all messages are the same length and
that timing information is obscured by batching the messages at the
server).  As I said, this is a bit contrived, but if everyone uses the
same encryption spec, I do think there is value in this kind of privacy,
and it is achieved by requiring the session ID to be computationally
indistinguishable from random.

Second, instead of a single session ID, should we define two values with
this property, a "witness" and a "session ID", where the witness is
available for use by other transport-level RFCs (such as MPTCP) and the
session ID is for use by applications.  Or, generalizing, allow a whole
host of values indexed by an integer.  The advantage of this is that
domain separation ensures that whatever your application does will not
undermine, say MPTCP.  This is a valid argument, but it adds a lot of
complexity, so it might be nice to avoid, also.

> Lastly, we should check that whatever is done here is ok for
> MTPCP.

I assume you mean MPTCP?  If so, I agree, assuming by "ok" you mean a
subsequent update of MPTCP can easily integrate with TCP-ENO (as opposed
to TCP-ENO citing RFC6824 as a normative reference and directly
specifying how the two work together).

David

v2.23.0 | Report a Bug | By Email