Re: [tcpm] TCP-AO Option Layout - Alignment and Padding

Joe Touch <touch@ISI.EDU> Tue, 29 July 2008 10:31 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E56F63A6B48; Tue, 29 Jul 2008 03:31:40 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 05F633A6B41 for <tcpm@core3.amsl.com>; Tue, 29 Jul 2008 03:31:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.224
X-Spam-Level:
X-Spam-Status: No, score=-2.224 tagged_above=-999 required=5 tests=[AWL=-0.225, BAYES_00=-2.599, J_CHICKENPOX_33=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yvo-YW0hZzAn for <tcpm@core3.amsl.com>; Tue, 29 Jul 2008 03:31:39 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 209B53A6B48 for <tcpm@ietf.org>; Tue, 29 Jul 2008 03:31:39 -0700 (PDT)
Received: from [130.129.20.69] ([130.129.20.69]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id m6TAVSKs002849 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 29 Jul 2008 03:31:32 -0700 (PDT)
Message-ID: <488EF15F.4070302@isi.edu>
Date: Tue, 29 Jul 2008 03:30:55 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: YOSHIFUJI Hideaki / ???? <yoshfuji@linux-ipv6.org>
References: <20080729.060448.112613043.yoshfuji@linux-ipv6.org>
In-Reply-To: <20080729.060448.112613043.yoshfuji@linux-ipv6.org>
X-Enigmail-Version: 0.95.6
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm@ietf.org
Subject: Re: [tcpm] TCP-AO Option Layout - Alignment and Padding
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, Hideaki (et al.),

YOSHIFUJI Hideaki / ???? wrote:
| Hello.
|
| In section 3.2., TCP-AO Option is defined as follows (option 1):
|             +---------------------+---------+-------------------+
|             | Kind= TBD-IANA-KIND | Len=var |      MAC          |
|             +---------------------+---------+-------------------+
|             |              MAC (con't)            ...
|             +-------------------------------------...
|
|               ...-----------------+---------+
|               ...  MAC (con't)    |  KeyID  |
|               ...-----------------+---------+
|
| With this layout, An implementation will end up put it like this
|                                     +---------+---------+
|                                     | Kind=?? | Length  |
|                                     +---------+---------+
|                 +--------------...--+---------+
|                 |       MAC         |  KeyID  |
|                 +--------------...--+---------+

Why is this the case? IP with no options is 20 bytes; the base TCP is 20
bytes, so the options begin aligned; noting that most MAC sizes are
multiples of 4 bytes, the alignment is most likely to result in:

~                 +---------+---------+--------------------+
~                 | Kind=?? | Length  |   MAC...           |
~                 +---------+---------+--------------------+
~                 ...
~                 ....
~                 +-------------------+---------+
~                 |       MAC         |  KeyID  |
~                 +-------------------+---------+

In this case, the prepad is 0 and the postpad is 1, but the MAC is only
half-word aligned.

If we want to reduce padding and keep the MAC aligned, the best option is:

~                 +---------+---------+---------+---------+
~                 | Kind=?? | Length  |  KeyID  |   0     |
~                 +---------+---------+---------+---------+
~                 ...
~                 ...
~                 +---------------------------------------+
~                 |       MAC...                          |
~                 +---------------------------------------+

I.e., pad ourselves. We suggest that the option start word-aligned. This
wastes space, IMO.

I would favor a more economical approach that recognizes that a few bits
of MAC could be sacrificed for our KeyID, e.g.:

~                 +---------+---------+-----+--------------+
~                 | Kind=?? | Length  | KID |  MAC'...     |
~                 +---------+---------+-----+--------------+
~                 ...
~                 ....
~                 +-------------------+
~                 |       MAC'        |
~                 +-------------------+

Use 2 bits for the KID; 1 is insufficient, and 2 is more than sufficient
IMO.

The MAC' is a half-word aligned MAC with the top 2 bits overwritten
(i.e., it is NOT shifted right); the KID occupies those top 2 bits.

If a user wants word alignment, pick a MAC length of N-2 bytes.

Wouldn't that be simpler and more space efficient?

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiO8V8ACgkQE5f5cImnZrvd+wCg4JO7RFCZ0QMtb0l1UzHu+Zi8
NMgAoJJ88bwhDpoZIRvG1Gp4xphzM32F
=oNW1
-----END PGP SIGNATURE-----
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm