Re: [tcpinc] AD review of draft-ietf-tcpinc-tcpcrypt

Daniel B Giffin <dbg@scs.stanford.edu> Fri, 29 September 2017 20:34 UTC

Return-Path: <dbg@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A61E132949; Fri, 29 Sep 2017 13:34:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7xnC_P0H_cX5; Fri, 29 Sep 2017 13:34:36 -0700 (PDT)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7EEA1342E9; Fri, 29 Sep 2017 13:34:35 -0700 (PDT)
Received: from market.scs.stanford.edu (localhost [127.0.0.1]) by market.scs.stanford.edu (8.15.2/8.15.2) with ESMTP id v8TKYZRA002134; Fri, 29 Sep 2017 13:34:35 -0700 (PDT)
Received: (from dbg@localhost) by market.scs.stanford.edu (8.15.2/8.15.2/Submit) id v8TKYYJQ026932; Fri, 29 Sep 2017 13:34:34 -0700 (PDT)
Date: Fri, 29 Sep 2017 13:34:34 -0700
From: Daniel B Giffin <dbg@scs.stanford.edu>
To: Mirja =?unknown-8bit?Q?K=C3=BChlewind?= <ietf@kuehlewind.net>
Cc: draft-ietf-tcpinc-tcpcrypt.all@ietf.org, tcpinc <tcpinc@ietf.org>
Message-ID: <20170929203434.GA73214@scs.stanford.edu>
References: <D38E22E9-FBB6-40D1-BF85-D5A77F5C2365@kuehlewind.net> <20170830223758.GA73969@scs.stanford.edu> <3a8ac0e0-cd41-57c8-85a4-79c5f179385f@kuehlewind.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3a8ac0e0-cd41-57c8-85a4-79c5f179385f@kuehlewind.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/zIHQj26h5SRbs5_kY0Br45mjZSU>
Subject: Re: [tcpinc] AD review of draft-ietf-tcpinc-tcpcrypt
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Sep 2017 20:34:38 -0000

Hi Mirja (et al.),

Below I've tried to address the concerns you last raised.
We're ready to submit the tcpcrypt and ENO documents as soon
as we're all happy with these last few details.

Mirja wrote:
> The assignment should only be made in one of the documents and I think this
> one it the right one. So that should be removed from
> draft-ietf-tcpinc-tcpeno.

Ok, great ... we will strip those assignments from ENO.

> So in RFC793, if I recognize correctly, abort is rather something like a
> silent close. Is this what you want, or would it make sense to send a reset?

You're right, this wasn't clear.  I've inserted this paragraph
at the end of Section 3.3:

   Throughout this document, to "abort the connection" means to issue
   the "Abort" command as described in [RFC793], Section 3.8.  That is,
   the TCP connection is destroyed, RESET is transmitted, and the local
   user is alerted to the abort event.

> No, what I meant is maybe to say this:
> 
> "A host MUST NOT resume with a session secret if it has already failed
>     to negotiated resumption in the past with the same secret,
>     in either role."
> 
> Is that still what you wanted to say? If so, I think that's more clear.

Not quite; I've changed the wording of that paragraph (in Section 3.5) to be
more straitforward:

   A session secret may not be used to secure more than one TCP
   connection.  To prevent this, a host MUST NOT resume with a session
   secret if it has ever enabled encryption in the past with the same
   secret, in either role.  In the event that two hosts simultaneously
   send SYN segments to each other [...]

Lastly, concerning FIN/FINp in Section 3.7:

> I would rather state this the other way around:
> 
> "If the TCP FIN is set (on the last segment), the sender MUST set the "FINp"
> bit on the last frame that is send in that segment (unless it aborts the
> connection). A sender MUST NOT set the "FINp" bit except when the TCP FIN
> flag is set on the segment carrying that frame."
> 
> I know that sounds a bit confusing and maybe you can phrase it better. The
> point is you should not re-define (normatively) when the TCP FIN flag must
> be set, as this is defined in RFC793 and it is not good practice to define
> things twice in different documents.

Got it.  I've amended it to this, which avoids any
redefinition of FIN usage:

   A sender MUST set the "FINp" bit on the last frame it sends in the
   connection (unless it aborts the connection), and on no other frame.

   A receiver MUST NOT report the end-of-file condition to the
   connection's local user until receiving a frame with the "FINp" bit
   set.  If a host receives a segment with the TCP FIN flag set but the
   received datastream including this segment does not contain a frame
   with "FINp" set, the host SHOULD abort the connection and raise an
   error condition distinct from the end-of-file condition; however, if
   there are unacknowledged segments whose retransmission could
   potentially result in a valid frame, the host MAY instead drop the
   segment with the TCP FIN flag set.

Does that seem better?

d