Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 [This time for sure]
"Eddy, Wesley M. (GRC-RCN0)[Verizon]" <wesley.m.eddy@nasa.gov> Mon, 23 March 2009 14:56 UTC
Return-Path: <wesley.m.eddy@nasa.gov>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BAA233A6835 for <tcpm@core3.amsl.com>; Mon, 23 Mar 2009 07:56:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.384
X-Spam-Level:
X-Spam-Status: No, score=-6.384 tagged_above=-999 required=5 tests=[AWL=0.215, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jeaRQGEiyb8h for <tcpm@core3.amsl.com>; Mon, 23 Mar 2009 07:56:15 -0700 (PDT)
Received: from ndjsnpf02.ndc.nasa.gov (ndjsnpf02.ndc.nasa.gov [198.117.1.122]) by core3.amsl.com (Postfix) with ESMTP id D4A643A6857 for <tcpm@ietf.org>; Mon, 23 Mar 2009 07:56:14 -0700 (PDT)
Received: from ndjsppt02.ndc.nasa.gov (ndjsppt02.ndc.nasa.gov [198.117.1.101]) by ndjsnpf02.ndc.nasa.gov (Postfix) with ESMTP id D6E71A80CD; Mon, 23 Mar 2009 09:57:04 -0500 (CDT)
Received: from ndjshub05.ndc.nasa.gov (ndjshub05.ndc.nasa.gov [198.117.4.164] (may be forged)) by ndjsppt02.ndc.nasa.gov (8.14.1/8.14.1) with ESMTP id n2NEv99k020191; Mon, 23 Mar 2009 09:57:09 -0500
Received: from NDJSSCC01.ndc.nasa.gov ([198.117.4.166]) by ndjshub05.ndc.nasa.gov ([198.117.4.164]) with mapi; Mon, 23 Mar 2009 09:57:04 -0500
From: "Eddy, Wesley M. (GRC-RCN0)[Verizon]" <wesley.m.eddy@nasa.gov>
To: Joe Touch <touch@ISI.EDU>, Eric Rescorla <ekr@rtfm.com>
Date: Mon, 23 Mar 2009 09:57:03 -0500
Thread-Topic: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 [This time for sure]
Thread-Index: AcmrxR8VeDUBz+PvRP2NuB8UukhA4gAAd2uA
Message-ID: <C304DB494AC0C04C87C6A6E2FF5603DB220CD56901@NDJSSCC01.ndc.nasa.gov>
References: <d3aa5d00903230443s6d57cef4t4e30ef2aa68216e@mail.gmail.com> <49C79ECF.2010501@isi.edu>
In-Reply-To: <49C79ECF.2010501@isi.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 [This time for sure]
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2009 14:56:15 -0000
>-----Original Message----- >From: tcpm-bounces@ietf.org [mailto:tcpm-bounces@ietf.org] On >Behalf Of Joe Touch >Sent: Monday, March 23, 2009 10:38 AM > > ... > >>> >>> Whenever the keyID appears in a segment (sent or received), >that tuple >>> is used to validate the contents. As per the most recent >coordination, >>> keyIDs are bidirectional, so there is no send or receive difference. >> >> It was not my understanding that we agreed that key-ids were >bidirectional. >> Rather, I believe we agreed that MKTs were bidirectional and that >> there was a separate key-id in each direction, to address Russ's >> concern. > >Russ can clarify. First, let's clarify some terms: > >key-id = a digit in [0..255] that, together with a connection's socket >pair (as per RFC793, i.e., srcIP, dstIP, srcport, dstport) indicates a >single MKT. > >key-id field = the value in the TCP-AO option > >key-id fields are unidirectional - they indicate the key-id used to >authenticate that TCP segment > >key-ids are bidirectional - they indicate (with the socket pair) a MKT >that can be used in either direction > >However, there is no utility in referring to the same MKT with >different >key-id values for the different directions of a single connection. > This set of definitions makes sense to me, and I think it clarifies what we mean by bidirectional versus unidirectional, which was what seemed to be a major point of disconnect in conversation. Eric or Russ, do you agree? --------------------------- Wes Eddy Network & Systems Architect Verizon FNS / NASA GRC Office: (216) 433-6682 ---------------------------
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 … Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eddy, Wesley M. (GRC-RCN0)[Verizon]