Re: [tcpinc] Adam Roach's Yes on draft-ietf-tcpinc-tcpcrypt-09: (with COMMENT)

Adam Roach <> Thu, 09 November 2017 02:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5F09E129ADF; Wed, 8 Nov 2017 18:12:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gjsFK_JoTwSp; Wed, 8 Nov 2017 18:11:56 -0800 (PST)
Received: from ( [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A45A212957C; Wed, 8 Nov 2017 18:11:56 -0800 (PST)
Received: from Orochi.local ( []) (authenticated bits=0) by (8.15.2/8.15.2) with ESMTPSA id vA92BtU9069340 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 8 Nov 2017 20:11:55 -0600 (CST) (envelope-from
X-Authentication-Warning: Host [] claimed to be Orochi.local
To: "Mirja Kuehlewind (IETF)" <>
Cc: The IESG <>, tcpinc <>,,,
References: <> <>
From: Adam Roach <>
Message-ID: <>
Date: Wed, 8 Nov 2017 20:11:49 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------F8FAB135FDE83A53ADACBB7F"
Content-Language: en-US
Archived-At: <>
Subject: Re: [tcpinc] Adam Roach's Yes on draft-ietf-tcpinc-tcpcrypt-09: (with COMMENT)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 09 Nov 2017 02:12:04 -0000

On 11/8/17 19:45, Mirja Kuehlewind (IETF) wrote:
>> In one interpretation, the TCP stack acts as if those packets were never
>> received, and so they are never acknowledged. Since retransmissions will
>> contain the same contents and also fail to decrypt, this is basically just
>> going to cause a connection failure upon expiration of the retransmission timer
>> -- in which case an immediate failure is clearly preferable.
> That’s not true. This is to cover the case where the packet got corrupted on the path, thus hopefully the retransmission will decrypt correctly.

So, to be clear, you're talking about packet corruption that happens to 
produce a valid checksum, right? If that's the reasoning here, the 
authors probably want to include that rationale in the document.

>> The other interpretation is that the TCP packet is processed as received, but
>> that all of the data that could not be decrypted is elided from the stream of
>> bytes provided to the receiving application. This is also a problem, since many
>> applications rely on the in-order delivery aspects of TCP. The prospect that a
>> sender could provide "Message A", "Message B", and then"Message C" to its TCP
>> socket and the receiver only get "Message A" followed immediately by "Message
>> C" is not something that applications will generally be capable of handling. As
>> before, a connection reset would be preferable to violating the in-order
>> delivery guarantees of TCP.
> This can never happen with TCP.

Right. That's exactly my point.