IETF Logo Mail Archive

Re: [tcpm] TCP-AO: Text for New_Key Process

Joe Touch <touch@ISI.EDU> Tue, 03 February 2009 07:15 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A4A813A6951; Mon, 2 Feb 2009 23:15:35 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9F97B3A6951 for <tcpm@core3.amsl.com>; Mon, 2 Feb 2009 23:15:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.487
X-Spam-Level:
X-Spam-Status: No, score=-2.487 tagged_above=-999 required=5 tests=[AWL=0.112, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ziteH3xqh4HZ for <tcpm@core3.amsl.com>; Mon, 2 Feb 2009 23:15:33 -0800 (PST)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id EB8253A68C1 for <tcpm@ietf.org>; Mon, 2 Feb 2009 23:15:32 -0800 (PST)
Received: from [192.168.1.42] (pool-71-106-119-240.lsanca.dsl-w.verizon.net [71.106.119.240]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id n137F0Js022668; Mon, 2 Feb 2009 23:15:01 -0800 (PST)
Message-ID: <4987EEF3.6040609@isi.edu>
Date: Mon, 02 Feb 2009 23:14:59 -0800
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: Eric Rescorla <ekr@networkresonance.com>
References: <7.1.0.9.2.20081219010400.02bfd3d8@gmail.com> <496d9941.18038e0a.5558.ffffd3a6@mx.google.com> <497F7DDC.70309@isi.edu> <5E6CB562-0495-4D2B-924E-AB4650924151@nokia.com> <49876D92.6030701@juniper.net> <20090203041229.0584550823@romeo.rtfm.com>
In-Reply-To: <20090203041229.0584550823@romeo.rtfm.com>
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: "tcpm@ietf.org" <tcpm@ietf.org>, Allison Mankin <mankin@psg.com>, "skonduru@juniper.net" <skonduru@juniper.net>
Subject: Re: [tcpm] TCP-AO: Text for New_Key Process
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

TCP doesn't *need* to send any packets. Whatever mechanism you design 
needs to assume that.

Also, "opportunistically" means that on some systems that packet would 
go through, and on others it wouldn't - depending on when the key was in 
place. So key placement would impact throughput (because TCP interprets 
loss as congestion). While the impact could be reduced by using SACK, 
etc., that's not a great place in the design space to play, IMO.

Joe

Eric Rescorla wrote:
> As previously noted, you can do automatic switchover without 
> changing the TCP state machine at all: you just opportunistically
> encrypt the occasional packet that would be sent already.
> 
> -Ekr
> 
> At Mon, 2 Feb 2009 17:02:58 -0500,
> Ron Bonica wrote:
>> +1
>>
>> Lars Eggert wrote:
>>> On 2009-1-27, at 23:34, Joe Touch wrote:
>>>> I was under the assumption that our design space was as close to TCP
>>>> MD5 as
>>>> possible, i.e., augment existing segments with a new option, but neither
>>>> generate nor consume new segments.
>>> That's my recollection as well, and hopefully it's in the minutes of the
>>> WG meeting where we adopted the work item. The idea was to be as
>>> lightweight (in terms of changes to TCP) as possible, and changes to the
>>> state machine, etc. seem rather heavyweight.
>>>
>>> Lars
>>>
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email