IETF Logo Mail Archive

Re: [tcpm] TCP-AO: Text for New_Key Process

Eric Rescorla <ekr@networkresonance.com> Tue, 03 February 2009 03:54 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CF3FD3A6BDE; Mon, 2 Feb 2009 19:54:32 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 603D13A6B46 for <tcpm@core3.amsl.com>; Mon, 2 Feb 2009 19:54:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.564
X-Spam-Level:
X-Spam-Status: No, score=-2.564 tagged_above=-999 required=5 tests=[AWL=0.035, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03q4F+C4Yq68 for <tcpm@core3.amsl.com>; Mon, 2 Feb 2009 19:54:30 -0800 (PST)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id 56FC23A6A00 for <tcpm@ietf.org>; Mon, 2 Feb 2009 19:54:30 -0800 (PST)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 83BCF50822; Mon, 2 Feb 2009 20:10:52 -0800 (PST)
Date: Mon, 02 Feb 2009 20:10:52 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: touch@ISI.EDU
In-Reply-To: <1233596612.498730c436efe@webmail.isi.edu>
References: <7.1.0.9.2.20081219010400.02bfd3d8@gmail.com> <496d9941.18038e0a.5558.ffffd3a6@mx.google.com> <497F7DDC.70309@isi.edu> <20090128162756.3799450822@romeo.rtfm.com> <B33C7F84-66B7-4F2C-9B04-2BC1716C7994@cisco.com> <498618DA.1070308@isi.edu> <20090202162602.D178450822@romeo.rtfm.com> <1233596612.498730c436efe@webmail.isi.edu>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20090203041052.83BCF50822@romeo.rtfm.com>
Cc: tcpm@ietf.org, Allison Mankin <mankin@psg.com>, skonduru@juniper.net
Subject: Re: [tcpm] TCP-AO: Text for New_Key Process
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

At Mon,  2 Feb 2009 09:43:32 -0800,
touch@ISI.EDU wrote:
> 
> Quoting Eric Rescorla <ekr@networkresonance.com>:
> 
> > At Sun, 01 Feb 2009 13:49:14 -0800,
> > Joe Touch wrote:
> > > 
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > > 
> > > FYI - there's an important reason not to use a separate flag bit. Doing
> > > so requires parsing the bits of the incoming packet, i.e., this adds
> > > extra processing. It also indicates to everyone on the wire that a key
> > > change is pending; when using only the KeyID, no extra parsing is needed
> > > and the meaning of a changing key is opaque to those on the wire.
> > 
> > The extra parsing hardly strikes me as a severe burden and I don't
> > really understand why we would care if an observer knows that a key
> > change is imminent.
> > 
> > 
> > > Using a key flag means that one side can only ever tell the other end
> > > "ready to use the new key", not which key (if there could be more than
> > > one). That means that if you try it once and it fails and you want to
> > > try it again, you might have to wait MSL (a few minutes) to try it
> > > again, otherwise an old packet might indicate 'ready to receive the new
> > > key" for the wrong key.
> > 
> > Well, I don't really favor they ke flag approach, but it occurs to
> > me that this is easily fixed by replacing the key flag with a 
> > "ready to use" byte. Recall that the length of the MAC is tied
> > to the key so if you know the key-id you know the length of the
> > MAC. This makes the Length byte partly redundant. Accordingly,
> > you could have the following format:
> > 
> >  - Kind (1)
> >  - Length (1)
> >  - Key-ID (1)
> >  - Ready-keys [variable]
> >  - MAC
> 
> That is variable length, even when the active key has not changed; that means
> conditional parsing is required, which is cumbersome.

s/cumbersome/trivial/


> We wanted to avoid
> conditional parsing even to save a single byte (the odd/even mechanism I
> suggested in earlier drafts). This seems even more awkward and unnecessary.

I'm not sure what you mean "we". I wanted to avoid the odd/even mechanism
because I thought it was kludgy, but necause I wanted to avoid conditional 
parsing.


> > > Overall, using just the keyID value as the indicator seems much more
> > > flexible to and simple to me.
> > 
> > It's marginally simpler for the implementor of AO and a huge pain for
> > everyone else.
> 
> It is simpler for the AO specification, simpler for the implementer, and exactly
> the same effort for everyone else (i.e., the user/process changing over the
> keys). 

Well, obviously people can differ about what's simpler, but
I don't agree with this. 

Either the user has to create bogus keys used solely as a key change
signal or there has to be logic pulled up into some putative (i.e.,
nonexistent) application layer key management logic to do the signally
you suggest. I don't consider that simpler.

-Ekr

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email