[tcpm] tcp-auth-opt issue: keyID randomness

Joe Touch <touch@ISI.EDU> Wed, 30 July 2008 23:00 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [] (localhost []) by core3.amsl.com (Postfix) with ESMTP id E016C3A68A0; Wed, 30 Jul 2008 16:00:34 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 296BD3A6893 for <tcpm@core3.amsl.com>; Wed, 30 Jul 2008 16:00:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id JOHkwuMxlmiO for <tcpm@core3.amsl.com>; Wed, 30 Jul 2008 16:00:32 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu []) by core3.amsl.com (Postfix) with ESMTP id 6F9223A67F2 for <tcpm@ietf.org>; Wed, 30 Jul 2008 16:00:32 -0700 (PDT)
Received: from [] (c1-vpn7.isi.edu []) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id m6UN0Z3F016558 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 30 Jul 2008 16:00:38 -0700 (PDT)
Message-ID: <4890F270.8000902@isi.edu>
Date: Wed, 30 Jul 2008 16:00:00 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird (Windows/20080708)
MIME-Version: 1.0
To: tcpm@ietf.org
X-Enigmail-Version: 0.95.6
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: [tcpm] tcp-auth-opt issue: keyID randomness
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

Hash: SHA1

As per Ran's request, should the keyID be selected at random to enable
early discard algorithms, e.g., to reduce the impact of an attacker who
would need to guess a valid keyID value?

	I discussed this issue with Ran, and suggested that all crypto
	properties should be contained in the MAC field; such a field
	might include a 'hard to guess' arbitrary fixed part and a
	computed (e.g., HMAC) part, to enable efficient 'triage'
	of randomly-generated DOS packets.

Overall, this suggests that the document could note that the keyID is
NOT intended for protection, and any valid values may be used at any time.

Comments (esp. from Ran, who raised the issue)?

Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

tcpm mailing list