[tcpm] AO-04: Text for Key Coordination
"Gregory M. Lebovitz" <gregory.ietf@gmail.com> Mon, 23 March 2009 18:22 UTC
Return-Path: <gregory.ietf@gmail.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F1A603A6C5F for <tcpm@core3.amsl.com>; Mon, 23 Mar 2009 11:22:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.298
X-Spam-Level:
X-Spam-Status: No, score=-2.298 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6+dRBOcF3UE4 for <tcpm@core3.amsl.com>; Mon, 23 Mar 2009 11:21:59 -0700 (PDT)
Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.29]) by core3.amsl.com (Postfix) with ESMTP id 71B5A3A6981 for <tcpm@ietf.org>; Mon, 23 Mar 2009 11:21:59 -0700 (PDT)
Received: by yw-out-2324.google.com with SMTP id 5so3471219ywh.49 for <tcpm@ietf.org>; Mon, 23 Mar 2009 11:22:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:x-mailer:date:to :from:subject:mime-version:content-type; bh=UNo7ORO8fa2txWHuD666LJSWlqz1u5gwcP9ZC2AH/Aw=; b=N6b9bgfev9HFppZT4OUHfjvXKQ+U10GlFDGk2zzA4KGXibNAqqb4eRXwuFJlpIqFaC zT5Q+VBxY5kPRKuuDOckvLCaS9Cs3ifc/LPxi8RNnD3WMDJmtwVgJUfZf+e8Z+Dz49bC zZpADqHikXiOq8VLdVQF86ccpKEP3nPzFUqJU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:x-mailer:date:to:from:subject:mime-version:content-type; b=PwkZMBE+QlN9jrJouVBCCAovauZlKMUFRxREBTAoAPV2amBbMiA6kN9GOuUJdgOMVf c1AzRqyyRGmk6bXG23TFkH1z9i91kN+UZRyQ6C0eZlz7cXLloQ+OUqrYHRJKuKPZrGQ7 psRCYsFCxxMbHP0eHPFIRfNtxOLOfxiRCgNgU=
Received: by 10.142.84.11 with SMTP id h11mr2956213wfb.337.1237832568677; Mon, 23 Mar 2009 11:22:48 -0700 (PDT)
Received: from Gregory-T60.gmail.com (dhcp-14dc.meeting.ietf.org [130.129.20.220]) by mx.google.com with ESMTPS id 22sm11710902wfd.46.2009.03.23.11.22.47 (version=SSLv3 cipher=RC4-MD5); Mon, 23 Mar 2009 11:22:48 -0700 (PDT)
Message-ID: <49c7d378.16048e0a.3d85.ffffcfea@mx.google.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 23 Mar 2009 11:22:43 -0700
To: Joe Touch <touch@ISI.EDU>, tcpm@ietf.org
From: "Gregory M. Lebovitz" <gregory.ietf@gmail.com>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=====================_356183609==.ALT"
Subject: [tcpm] AO-04: Text for Key Coordination
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2009 18:22:01 -0000
Hey all, I sent this text to Joe for -04, but it didn't quite make it. This text may or may not need to be in the spec. Personally, I'd like to see it in an example, or in an appendix, because I think it really makes clear how the coordination occurs in tricky case. I do think the rules need to be included in the main body text. Pls comment: > ============ > For three keys K1, K# and Kx > When only K1 is entered into TCP, set > KeyID = K1 > NextKeyID = KeyID > > send K1,K1 (per KeyID, NextKeyID convention) > > When K# is entered, set > KeyID = K1 > NextKeyID = K# > send K1,K# and continue sending K1,K# until K*,K# is received (where > "*" is wildcard ANY) > > Once receive K*,K# > K1 - start 2MSL timer > set KeyID = K# > AND > SEND K#, K# > -thus, will no longer send with K1, even if receive a segment out of > order with K1,K1 because already know that other side has and can use > K#, and K# has higher preference over K1. > > When Kx is entered > K1 - MSLtimer !=0 > KeyID = K# > NextKeyID = Kx > AND > SEND K#, Kx until K*,Kx is received. > > Once receive K*,Kx > K1 - MSLtimer !=0 > set > K# - start 2MSLtimer > KeyID = Kx > AND > SEND Kx, Kx > > In the below case, we assume K1 was current, then K# and Kx respectively > where entered in quick succession. > > KeyID = K1 > NextKeyID = K# > > if no segments are received from Alice with K# in NextKeyID, then K# > never gets set to KeyID, and as such no segement is ever sent MAC'd > using K#. > > Then Kx is entered into Bob's TCP. Now: > > KeyID = K1 > K# - start 2MSL timer > NextKeyID = Kx > > because > (a) we never made the shift to sending protected with K#, and > (b) K1 is the only known good key for both me and Alice, so far, and > (c) there can only be one NextKeyID, and Kx was the last entered, so > it gets NextKeyID > > In JT's out of order arrival example... > > The following flag settings would exist on Bob: > KeyID = K1 > K# - 2MSLtimer !=0 > NextKeyID = Kx > > For snd = what Alice sends, rcv = what Bob receives, rply = what Bob > sends next (and we drop the "Ks" for ease of notation) > > snd rcv rply > ----- ---- ------- > 1,1 1,1 1,x > 1,# 1,x x,x Bob executes K1 start 2MSLtimer, AND KeyID = Kx, > AND NextKeyID=KeyID > 1,x 1,# x,x > (at this point Alice would start sending x,x) > (even if she didn't for some reason, like she hadn't yet received back > an x,x from Bob due to drops or latency, it would look like: > 1,x 1,x x,x > 1,x 1,x x,x > 1,x 1,x x,x > ... > (until Alice finally received an x,x from Bob, and thus started sending x,x) > x,x x,x x,x > x,x x,x x,x > The rules describing all this are: > > For local values of > KeyID > NextKeyID > SENDING: > IF NextKeyID = KeyID, send KeyID(KeyID), NextKeyID(KeyID) > ELSE send KeyID(KeyID), NextKeyID(NextKeyID) > KEY MOVEMENT: > when you receive a NextKeyID = Ky from peer: > IF for local Ky 2MSLtime != 0, then do nothing > IF local KeyID = Ky, do nothing > IF local NextKeyID = Ky, and NextKeyID != KeyID > THEN, given a current KeyID = Kx, start Kx 2MSLtimer > AND set local KeyID = Ky > AND set local NextKeyID = KeyID > ENTERING KEYS INTO TCP: > When a new key Ky is entered into TCP, for an existing Kx: > IF NextKeyID = KeyID, THEN set NextKeyID = Ky, now KextKeyID = Ky and KeyID = Kx > IF local Kx = NextKeyID != KeyID, THEN set Kx 2MSLtimer, > AND set NextKeyID = Ky > IF Ky 2MSLtimer != 0, THEN set Ky 2MSLtimer = 0, AND NextKeyID = Ky > (This one is for repeated keyID value usage, or correcting a config > mixup.) > or we might want to say: > IF Ky 2MSLtimer !=0, THEN throw error "Ky already in aging state, > cannot install" > Thoughts? Gregory. +++++++++++++++++++++++ IETF-related email from Gregory M. Lebovitz Juniper Networks g r e go r y d o t i e tf a t g m a i l do t c o m
- [tcpm] AO-04: Text for Key Coordination Gregory M. Lebovitz
- Re: [tcpm] AO-04: Text for Key Coordination Joe Touch