Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01

ianG <> Wed, 26 August 2015 15:53 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 122381A0461 for <>; Wed, 26 Aug 2015 08:53:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ovwIPT1xpRx7 for <>; Wed, 26 Aug 2015 08:53:44 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 254FA1A03E1 for <>; Wed, 26 Aug 2015 08:53:43 -0700 (PDT)
Received: from tormenta.local ( []) by (Postfix) with ESMTPSA id 2F5636D788; Wed, 26 Aug 2015 11:53:42 -0400 (EDT)
Message-ID: <>
Date: Wed, 26 Aug 2015 16:53:41 +0100
From: ianG <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 26 Aug 2015 15:53:46 -0000

On 23/08/2015 17:26 pm, David Mazieres wrote:
> Eric Rescorla <> writes:

> ....  Ultimately this comes down to a question of
> subjective design priorities.  I'd like to hear how you and other
> working group members answer the following two questions a scale of 1 to
> 10:
>     A. How much do you care about conserving TCP option space?
>     B. How much do you care about simultaneous open.
> For me, I'd rate A a 9/10 and rate B a 5/10, which is why TCP-ENO looks
> the way it does.

For me - I'd rate B as lower, a 2.  But I'd really like to find out why 
this even exists.  Is there some way for someone who's got the kit to go 
out and measure how & where simultaneous opens are happening?

Without some data, this discussion is too theoretical;  I'd suggest 
dropping simultaneous open until someone can provide the fuller case.

>>> S 4.1.
>>>> Given that session IDs are required to be unique, why bother with the
>>>> spec-id prefix?
>>> Precisely to guarantee this uniqueness.  If one spec uses SHA-256 for
>>> session IDs and another uses Keccak, no standard cryptographic
>>> assumption implies uniqueness without that tag byte.
>> Can you unpack this some?
> Let's say that we can compute two transcripts, A and B, such that
> SHA-256(A) == KECCAK-256(B).  This doesn't violate any standard
> cryptographic assumptions.  Yet without the tag byte, it would be
> devastating to TCP-ENO's security in the event that different specs use
> different hash functions.

That doesn't work for me.  If someone can compute that, then

   (a) we've got much bigger problems with the hashes, and both of them 
needed to be deprecated a few years back,
   (b) most all other protocols are in deep-doo-doo and
   (c) this is TCPINC - we really don't care that much if the attacker 
can just kick the packets and force TCP to plaintext.

IOW, accept that risk.  Trust the crypto - it's the strongest thing 
we've got.

Or did I miss something?