Re: [tcpinc] Revised version of TCP-ENO
Kyle Rose <krose@krose.org> Fri, 14 August 2015 19:53 UTC
Return-Path: <krose@krose.org>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F6211A8712 for <tcpinc@ietfa.amsl.com>; Fri, 14 Aug 2015 12:53:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pmV2hZgQVD2r for <tcpinc@ietfa.amsl.com>; Fri, 14 Aug 2015 12:53:20 -0700 (PDT)
Received: from mail-ig0-x230.google.com (mail-ig0-x230.google.com [IPv6:2607:f8b0:4001:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 465A21A8704 for <tcpinc@ietf.org>; Fri, 14 Aug 2015 12:53:20 -0700 (PDT)
Received: by igfj19 with SMTP id j19so20018723igf.0 for <tcpinc@ietf.org>; Fri, 14 Aug 2015 12:53:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hmbZK9o6ZAJ4/gCDspE5RFsFqrcqy/VloZvvuGB4jtI=; b=IQTrnsh0XciYel950Aggvn8F71MWC20+juiETNFrzsd8d2JF3H6CGpSWmhH+A4ivs2 lJehdkeqRZyZTnkSx2d6dCLi1Awgxgf+DJv87fd+TeflRvp8AtkxjtxFq5MKzq1Qxw7i 2E+bVVjtzqmkltteeOFA1NXBZ+KSidiDCH30I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=hmbZK9o6ZAJ4/gCDspE5RFsFqrcqy/VloZvvuGB4jtI=; b=DZPu6KO7S24DEP/V0m8i39LhDFJ09u9rP+oIWyEuRJ+c+c4SqCjD8XkpDWVgpMC1g4 pbQnMBnBEqLLGQ3nvsjY3Q/4xlNZ01ie+3aKYdELVdsuvQjhb9vu4MZ1BsCwP8E9mZHG OXPTpcnPMkAE6/MiPTW9zGT1Ae6t3izg6EE2C6Ou9Qpv15K904IlL0czaOGMa5aosMM2 WCaEhfO5kFhB02J95nfiAVKVGjkJqxygQdRMuV3iaIi+DiA8ae1hqQvwmH1xuksPkTMp Q6nzWS+LMLIAH5lreCSoS3Y9dF73QS0zarKHK35kQZ3lP71txkyVM0rROP2f94NqsVEz LAgA==
X-Gm-Message-State: ALoCoQmB/ppaP8nTiA2h0p9/1CzxmzZu/Llw1eMEaoIb472qiGQUWxunBo9CwS5dKUHdWTfWT0BR
MIME-Version: 1.0
X-Received: by 10.50.138.231 with SMTP id qt7mr4494122igb.96.1439581999562; Fri, 14 Aug 2015 12:53:19 -0700 (PDT)
Received: by 10.79.31.197 with HTTP; Fri, 14 Aug 2015 12:53:19 -0700 (PDT)
X-Originating-IP: [166.171.187.130]
Received: by 10.79.31.197 with HTTP; Fri, 14 Aug 2015 12:53:19 -0700 (PDT)
In-Reply-To: <CAJU8_nV0uxOL0=tTwJX+01SLGcz9Zg0sfYsE4Bo2uvg1t3aUMA@mail.gmail.com>
References: <87pp2vqplu.fsf@ta.scs.stanford.edu> <CAJU8_nXAHhf6dqqs0gUEGz49bG7YUO1qaGwaLm04+vstPTyfWg@mail.gmail.com> <87h9o4rqwz.fsf@ta.scs.stanford.edu> <874mk2kj56.fsf@alice.fifthhorseman.net> <CAJU8_nVcDmCw-0KYviJ5GWZL+-YcCg3wLMJqpkuh=iN8RppA+A@mail.gmail.com> <87y4hej2vf.fsf@alice.fifthhorseman.net> <87egj67sac.fsf@ta.scs.stanford.edu> <CAJU8_nV0uxOL0=tTwJX+01SLGcz9Zg0sfYsE4Bo2uvg1t3aUMA@mail.gmail.com>
Date: Fri, 14 Aug 2015 15:53:19 -0400
Message-ID: <CAJU8_nVMCWYu1vBZ1D-mrg3mTC52HY4atU59FPCYFXz3--9m-g@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
To: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
Content-Type: multipart/alternative; boundary="089e01184d5ab5a0e3051d4acd6f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/uDegXhtf0wpthNlWcGxYOUZdpS8>
Cc: tcpinc@ietf.org, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [tcpinc] Revised version of TCP-ENO
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2015 19:53:22 -0000
Upon further reflection ("these are loafers"), I am returning to my previous position. I was conflating two issues: cipher spec and authentication. The problem here is that the application doesn't by default choose the cipher spec(s), so the session ID is what it is, which means it needs to be lowest common denominator over all applications. That means "public", at least for all default cipher specs. Is it reasonable for a system like tcpinc to support specs available via TCPENO_SPECS that have properties that allow naïve misconfiguration to create vulnerabilities? Maybe the historical problem of people doing dumb things with SSL_Ciphers is not an issue for TCP-ENO, with sane defaults. Kyle > That said, one could imagine a fringe use case where an application > wants to prove that two anonymous TCP connections belong to the same two > processes, in which case the session ID of the first connection might be > used as a MAC key to authenticate the session ID of the second. So you > don't want the session ID to be predictable, even if making it public > doesn't hurt TCPINC itself. I'm starting to come around to dkg's viewpoint that it doesn't necessarily *have* to be public: batch signing of session IDs is one suggested use case, but authentication protocols that don't do that could potentially make use of the session ID being private. I think maybe guidance about when it is appropriate to consider them public vs. private belongs in section 4.1 of this doc, or in the API doc if a section there is added on batch signing. Strictly speaking, the current wording ("The session ID MUST NOT contain any confidential data (such as data permitting the derivation of session keys)") is probably right. Kyle
- [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Daniel Kahn Gillmor
- Re: [tcpinc] Revised version of TCP-ENO Daniel Kahn Gillmor
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO Everhart, Craig
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Ted Hardie
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO Daniel B Giffin
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO Stephen Farrell
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO dm-list-tcpcrypt
- Re: [tcpinc] Revised version of TCP-ENO Stephen Farrell
- Re: [tcpinc] Revised version of TCP-ENO Martin Thomson
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres
- Re: [tcpinc] Revised version of TCP-ENO Kyle Rose
- Re: [tcpinc] Revised version of TCP-ENO David Mazieres