IETF Logo Mail Archive

Re: [tcpinc] Revised version of TCP-ENO

Kyle Rose <krose@krose.org> Fri, 14 August 2015 19:53 UTC

Return-Path: <krose@krose.org>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F6211A8712 for <tcpinc@ietfa.amsl.com>; Fri, 14 Aug 2015 12:53:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pmV2hZgQVD2r for <tcpinc@ietfa.amsl.com>; Fri, 14 Aug 2015 12:53:20 -0700 (PDT)
Received: from mail-ig0-x230.google.com (mail-ig0-x230.google.com [IPv6:2607:f8b0:4001:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 465A21A8704 for <tcpinc@ietf.org>; Fri, 14 Aug 2015 12:53:20 -0700 (PDT)
Received: by igfj19 with SMTP id j19so20018723igf.0 for <tcpinc@ietf.org>; Fri, 14 Aug 2015 12:53:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hmbZK9o6ZAJ4/gCDspE5RFsFqrcqy/VloZvvuGB4jtI=; b=IQTrnsh0XciYel950Aggvn8F71MWC20+juiETNFrzsd8d2JF3H6CGpSWmhH+A4ivs2 lJehdkeqRZyZTnkSx2d6dCLi1Awgxgf+DJv87fd+TeflRvp8AtkxjtxFq5MKzq1Qxw7i 2E+bVVjtzqmkltteeOFA1NXBZ+KSidiDCH30I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=hmbZK9o6ZAJ4/gCDspE5RFsFqrcqy/VloZvvuGB4jtI=; b=DZPu6KO7S24DEP/V0m8i39LhDFJ09u9rP+oIWyEuRJ+c+c4SqCjD8XkpDWVgpMC1g4 pbQnMBnBEqLLGQ3nvsjY3Q/4xlNZ01ie+3aKYdELVdsuvQjhb9vu4MZ1BsCwP8E9mZHG OXPTpcnPMkAE6/MiPTW9zGT1Ae6t3izg6EE2C6Ou9Qpv15K904IlL0czaOGMa5aosMM2 WCaEhfO5kFhB02J95nfiAVKVGjkJqxygQdRMuV3iaIi+DiA8ae1hqQvwmH1xuksPkTMp Q6nzWS+LMLIAH5lreCSoS3Y9dF73QS0zarKHK35kQZ3lP71txkyVM0rROP2f94NqsVEz LAgA==
X-Gm-Message-State: ALoCoQmB/ppaP8nTiA2h0p9/1CzxmzZu/Llw1eMEaoIb472qiGQUWxunBo9CwS5dKUHdWTfWT0BR
MIME-Version: 1.0
X-Received: by 10.50.138.231 with SMTP id qt7mr4494122igb.96.1439581999562; Fri, 14 Aug 2015 12:53:19 -0700 (PDT)
Received: by 10.79.31.197 with HTTP; Fri, 14 Aug 2015 12:53:19 -0700 (PDT)
X-Originating-IP: [166.171.187.130]
Received: by 10.79.31.197 with HTTP; Fri, 14 Aug 2015 12:53:19 -0700 (PDT)
In-Reply-To: <CAJU8_nV0uxOL0=tTwJX+01SLGcz9Zg0sfYsE4Bo2uvg1t3aUMA@mail.gmail.com>
References: <87pp2vqplu.fsf@ta.scs.stanford.edu> <CAJU8_nXAHhf6dqqs0gUEGz49bG7YUO1qaGwaLm04+vstPTyfWg@mail.gmail.com> <87h9o4rqwz.fsf@ta.scs.stanford.edu> <874mk2kj56.fsf@alice.fifthhorseman.net> <CAJU8_nVcDmCw-0KYviJ5GWZL+-YcCg3wLMJqpkuh=iN8RppA+A@mail.gmail.com> <87y4hej2vf.fsf@alice.fifthhorseman.net> <87egj67sac.fsf@ta.scs.stanford.edu> <CAJU8_nV0uxOL0=tTwJX+01SLGcz9Zg0sfYsE4Bo2uvg1t3aUMA@mail.gmail.com>
Date: Fri, 14 Aug 2015 15:53:19 -0400
Message-ID: <CAJU8_nVMCWYu1vBZ1D-mrg3mTC52HY4atU59FPCYFXz3--9m-g@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
To: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
Content-Type: multipart/alternative; boundary="089e01184d5ab5a0e3051d4acd6f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/uDegXhtf0wpthNlWcGxYOUZdpS8>
Cc: tcpinc@ietf.org, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [tcpinc] Revised version of TCP-ENO
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2015 19:53:22 -0000

Upon further reflection ("these are loafers"), I am returning to my
previous position.

I was conflating two issues: cipher spec and authentication. The problem
here is that the application doesn't by default choose the cipher spec(s),
so the session ID is what it is, which means it needs to be lowest common
denominator over all applications. That means "public", at least for all
default cipher specs.

Is it reasonable for a system like tcpinc to support specs available via
TCPENO_SPECS that have properties that allow naïve misconfiguration to
create vulnerabilities? Maybe the historical problem of people doing dumb
things with SSL_Ciphers is not an issue for TCP-ENO, with sane defaults.

Kyle
> That said, one could imagine a fringe use case where an application
> wants to prove that two anonymous TCP connections belong to the same two
> processes, in which case the session ID of the first connection might be
> used as a MAC key to authenticate the session ID of the second.  So you
> don't want the session ID to be predictable, even if making it public
> doesn't hurt TCPINC itself.

I'm starting to come around to dkg's viewpoint that it doesn't
necessarily *have* to be public: batch signing of session IDs is one
suggested use case, but authentication protocols that don't do that
could potentially make use of the session ID being private.

I think maybe guidance about when it is appropriate to consider them
public vs. private belongs in section 4.1 of this doc, or in the API
doc if a section there is added on batch signing. Strictly speaking,
the current wording ("The session ID MUST NOT contain any confidential
data (such as data permitting the derivation of session keys)") is
probably right.

Kyle

v2.23.0 | Report a Bug | By Email