[tcpinc] New TCP-ENO draft
David Mazieres <dm-list-tcpcrypt@scs.stanford.edu> Fri, 20 October 2017 09:24 UTC
Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94CEA132697; Fri, 20 Oct 2017 02:24:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SfTMXudkym97; Fri, 20 Oct 2017 02:24:33 -0700 (PDT)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C43481320D8; Fri, 20 Oct 2017 02:24:33 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost [127.0.0.1]) by market.scs.stanford.edu (8.15.2/8.15.2) with ESMTP id v9K9OWFM076452; Fri, 20 Oct 2017 02:24:32 -0700 (PDT)
Received: (from dm@localhost) by market.scs.stanford.edu (8.15.2/8.15.2/Submit) id v9K9OWkf022309; Fri, 20 Oct 2017 02:24:32 -0700 (PDT)
From: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
To: tcpinc <tcpinc@ietf.org>, secdir@ietf.org, Watson Ladd <watsonbladd@gmail.com>
In-Reply-To: <CACsn0cnXQapmKG6RrRfP8bqkyt4p0YakgH-Q0XDYivcPV1WgLg@mail.gmail.com>
References: <CACsn0cnUbMha8ZyP5h3E7zJqo5PinppXRhWxqy2d1b6nF4XmwA@mail.gmail.com> <87o9p3wkek.fsf@ta.scs.stanford.edu> <CACsn0cnXQapmKG6RrRfP8bqkyt4p0YakgH-Q0XDYivcPV1WgLg@mail.gmail.com>
Reply-To: David Mazieres expires 2018-01-18 PST <mazieres-mg5kiw2qxw8mu2d3dtfu5s7wii@temporary-address.scs.stanford.edu>
Date: Fri, 20 Oct 2017 02:24:32 -0700
Message-ID: <87a80mxjcf.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/um5DuXa1sUzxXLUiAdRjI07xJM8>
Subject: [tcpinc] New TCP-ENO draft
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Oct 2017 09:24:34 -0000
There's a new TCP-ENO draft in the usual place: https://datatracker.ietf.org/doc/draft-ietf-tcpinc-tcpeno/ This draft addresses last call comments we received. Other than some typos, the main changes are to update the requirements language (section 1) to use RFC8174 and to add a new section 8.5. Since 8.5 contains new language, we'd appreciate other eyes on this paragraph (even just comments saying "looks fine" would be helpful): 8.5. Unpredictability of session IDs Section 5.1 specifies that all but the first (TEP identifier) byte of a session ID MUST be computationally indistinguishable from random bytes to a network eavesdropper. This property is easy to ensure under standard assumptions about cryptographic hash functions. Such unpredictability helps security in a broad range of cases. For example, it makes it possible for applications to use a session ID from one connection to authenticate a session ID from another, thereby tying the two connections together. If furthermore helps ensure that TEPs do not trivially subvert the 33-byte minimum length requirement for session IDs by padding shorter session IDs with zeros. Thanks, David
- Re: [tcpinc] Review of draft-ietf-tcpinc-tcpeno-10 David Mazieres
- Re: [tcpinc] Review of draft-ietf-tcpinc-tcpeno-10 Watson Ladd
- [tcpinc] New TCP-ENO draft David Mazieres