Re: [tcpinc] Resumption safety (was "Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpcrypt-09: (with DISCUSS and COMMENT)")

"Valery Smyslov" <svanru@gmail.com> Tue, 12 December 2017 17:46 UTC

Return-Path: <svanru@gmail.com>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42304127ABE for <tcpinc@ietfa.amsl.com>; Tue, 12 Dec 2017 09:46:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.261
X-Spam-Level:
X-Spam-Status: No, score=-2.261 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, STOX_REPLY_TYPE=0.439] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lFJiXMt1OJrk for <tcpinc@ietfa.amsl.com>; Tue, 12 Dec 2017 09:46:14 -0800 (PST)
Received: from mail-lf0-x230.google.com (mail-lf0-x230.google.com [IPv6:2a00:1450:4010:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68726127286 for <tcpinc@ietf.org>; Tue, 12 Dec 2017 09:46:14 -0800 (PST)
Received: by mail-lf0-x230.google.com with SMTP id e137so24123444lfg.5 for <tcpinc@ietf.org>; Tue, 12 Dec 2017 09:46:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:from:to:cc:references:in-reply-to:subject:date :mime-version:content-transfer-encoding:importance; bh=s9V2dTJSPnv3pokjA4Bc3ElwssAwsbZ73xlbOXSPHsU=; b=JfliK/ddlWtYsADKvY9XHkNNVBWKx+sZLgKOjXtdwS32ahcff+lq74KYBaJ8S4mvqT CrM+gDpI/eMb9ZxBGWiKZMikwz89Eva+gQIY84Y7NRN3QBXd3O5i6rihWfeQRq1BKy3m fx7hvdbXl8EgKU+cFuhv2BhgaeKdX3wQAH3NZHV7CPdVngk9Zd54FPUjMDGlxgR1bfkF HRcVqVr6feu5bJTyvtMyyUvhCinZ/vovAt+dv/U4LuAck8w4DWFXVQfbPy6V0BT0MlL8 CdysapAgbvVXNYiXLegpZ9IMpBr88EvhNhZt25Go6KqOdAuNJO2nGuoaF+/A5c+cuVnT OZKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:from:to:cc:references:in-reply-to :subject:date:mime-version:content-transfer-encoding:importance; bh=s9V2dTJSPnv3pokjA4Bc3ElwssAwsbZ73xlbOXSPHsU=; b=EF3cUVKIo+wQbhBuNfch1iJVPAVpJrJv04FOJ7AdPk5Qd0DeqnCtYTW3FfI6+j1M4n 4Dot7nHUnxK8p9XgQSEZa8jG9srtM4We01rxA+xUfypuFqgN5NnKWm4ZB2TE8PC47K15 PRk5HYAHD78t8SqWWuRy+W6wlHfPmqDFwkurnZQ4DRi2K7balrDT/bRzwXC9arN2O8AD CMC0qKtsbp1OVH9AmbNgedloy/YeCwD+8lGbNC05f+H486YGo4QRDzKGfDupNtX7Vglu gAkp8yLRt8zUws/Uq0mBrI5BnOr3ojKK+USXsI5XX6DUMmwVpisYr4GpaBQd9QE290jP r/tA==
X-Gm-Message-State: AKGB3mLR0QEEZoFS/LbvAGBgDBXdVaqCPDsQMmlLY9URVTZJL5Jrg75v xcn1ywo7ksRDA+fHe/byY0Ejfg==
X-Google-Smtp-Source: ACJfBouDM1g8m8RmU12DBdxTKPP91snMxMpnxiWBuqCKL8kFCTGmatuYGPs8lfTm8mk27k0hcnD+ZQ==
X-Received: by 10.46.92.9 with SMTP id q9mr2374889ljb.78.1513100772698; Tue, 12 Dec 2017 09:46:12 -0800 (PST)
Received: from chichi (ppp83-237-171-154.pppoe.mtu-net.ru. [83.237.171.154]) by smtp.gmail.com with ESMTPSA id z64sm3282043lfa.34.2017.12.12.09.46.11 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 12 Dec 2017 09:46:11 -0800 (PST)
Message-ID: <D75B7F96F2DC4C2BA702CF1953C60FC0@chichi>
From: "Valery Smyslov" <svanru@gmail.com>
To: "Kyle Rose" <krose@krose.org>
Cc: "Black, David" <David.Black@dell.com>, "Eric Rescorla" <ekr@rtfm.com>, "tcpinc" <tcpinc@ietf.org>, "Mirja Kuehlewind \(IETF\)" <ietf@kuehlewind.net>
References: <CAJU8_nUUHbmFcPA2obo6q3dLqL1MGE2iKen-0EQ82re=+gtTfw@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD96B0D@MX307CL04.corp.emc.com> <23072.32691.892725.97892@fireball.acr.fi> <01bc01d36a71$45957db0$d0c07910$@gmail.com> <CABcZeBPN_XQc8np3CWi_-AtDUafW4ZPc8EnRje8yj57Rv-vxyw@mail.gmail.com> <B0FB25D40E23475C9259A4C204B327D2@chichi> <CE03DB3D7B45C245BCA0D243277949362FDD6E73@MX307CL04.corp.emc.com> <CAJU8_nW9fkn9E=NbKFZ3zy5uSY36WFqRcQpBYdyYuLwzAbqFHA@mail.gmail.com> <CAJU8_nX7NOSG8hkUYqG_GeqSyPzmhwsyA30Z0riqRmwK8SozpQ@mail.gmail.com> <073801d37315$90c89bd0$b259d370$@gmail.com> <CAJU8_nV+hc_ZHfwT99c7SrxCBb83UR9S8Odm+DSmtDnm6+4h3Q@mail.gmail.com>
In-Reply-To: <CAJU8_nV+hc_ZHfwT99c7SrxCBb83UR9S8Odm+DSmtDnm6+4h3Q@mail.gmail.com>
Date: Tue, 12 Dec 2017 20:46:08 +0300
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="utf-8"; reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/wxximhhIzGJI3Gde4w1K4sIQxtU>
Subject: Re: [tcpinc] Resumption safety (was "Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpcrypt-09: (with DISCUSS and COMMENT)")
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2017 17:46:16 -0000

>> That's why I agree that we shouldn't take any steps now (in a hurry and for
>> tcpcrypt only).
>
> Just to clarify, (speaking as member, not chair) I am in favor of
> adding nonces on each connection, but (as chair) not in favor of
> changing MTI TEPs to SIV.

Yes, that's what I meant. We are in agreement here.