IETF Logo Mail Archive

Re: [tcpm] TCP-AO: Text for New_Key Process

Eric Rescorla <ekr@networkresonance.com> Mon, 02 February 2009 17:36 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DA2393A6BA7; Mon, 2 Feb 2009 09:36:04 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 248A128C1D0 for <tcpm@core3.amsl.com>; Mon, 2 Feb 2009 09:36:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.563
X-Spam-Level:
X-Spam-Status: No, score=-2.563 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6WfzUcLMSqYK for <tcpm@core3.amsl.com>; Mon, 2 Feb 2009 09:36:03 -0800 (PST)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id 3BFDA3A67F4 for <tcpm@ietf.org>; Mon, 2 Feb 2009 09:36:03 -0800 (PST)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 3D4A050822; Mon, 2 Feb 2009 09:52:25 -0800 (PST)
Date: Mon, 02 Feb 2009 09:52:25 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: "Eddy, Wesley M. (GRC-RCN0)[VZ]" <Wesley.M.Eddy@nasa.gov>
In-Reply-To: <C304DB494AC0C04C87C6A6E2FF5603DB21D105ED04@NDJSSCC01.ndc.nasa.gov>
References: <7.1.0.9.2.20081219010400.02bfd3d8@gmail.com> <496d9941.18038e0a.5558.ffffd3a6@mx.google.com> <497F7DDC.70309@isi.edu> <20090128162756.3799450822@romeo.rtfm.com> <49808E94.8050107@isi.edu> <20090128175345.C434E50822@romeo.rtfm.com> <49809CBC.5080603@isi.edu> <20090129065500.243E550822@romeo.rtfm.com> <4981C803.8040504@isi.edu> <20090129155251.2136150823@romeo.rtfm.com> <4981E474.6060402@isi.edu> <C304DB494AC0C04C87C6A6E2FF5603DB21D105ED04@NDJSSCC01.ndc.nasa.gov>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20090202175225.3D4A050822@romeo.rtfm.com>
Cc: Allison Mankin <mankin@psg.com>, "skonduru@juniper.net" <skonduru@juniper.net>, "tcpm@ietf.org" <tcpm@ietf.org>, Joe Touch <touch@ISI.EDU>
Subject: Re: [tcpm] TCP-AO: Text for New_Key Process
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

At Thu, 29 Jan 2009 21:28:47 -0600,
Eddy, Wesley M. (GRC-RCN0)[VZ] wrote:
> 
> I mostly agree with Joe, and have some brief comments below:
> >My view is that TCP-AO MUST support a mechanism for key coordination -
> >which I believe was consensus in the design team at least.
> >
> >I prefer TCP-AO not to include that mechanism internally, to 
> >keep things
> >simple. That's just a preference, though.
> >
> >I do think that mechanisms that couple tightly to a particular segment
> >exchange should be out of scope, however.
> >
> 
> 
> The direction that we were always heading in was that TCPM will make
> sure the spec for AO permits automated changes of keys and won't be
> breaking other parts of TCP in the meantime.  We understood that
> "permiting" or "supporting" the changeover in AO didn't mean actually
> being responsible for doing it all inside the TCP connection, and that
> the SECDIR would define a separate mechanism (not inside TCP) for this.

Not to put too fine a point on it, that hasn't happened, nor, years
later, is there anything even approaching the beginnings of an effort
towards secdir designing anything (as if secdir could design
anything), or (more realistically) an effort starting up to do so. The
manual keying stuff is it for the foreseeable future.


> To be done timely and without bugs, AO has to stay as simple as the
> needed security properties permit, so I have to agree with Joe.


Well, since the basic security property that people wanted was to be
able to change keys without breaking the connection, it seems to me
that it's important for it to actually work in some useful way.
Certainly, one could claim that having automatic switchover isn't
(e.g., that multiple phone calls to change a key is OK) important or
that Joe's suggestion gets the job done, but I don't think it's
realistic to claim that some putative automatic key management
mechanism is going to suddenly appear and make this problem go away.

-Ekr

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email