[tcpm] regarding upcoming tcpcrypt presentation
Joe Touch <touch@isi.edu> Thu, 13 February 2014 21:00 UTC
Return-Path: <touch@isi.edu>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F9661A0488 for <tcpm@ietfa.amsl.com>; Thu, 13 Feb 2014 13:00:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Level:
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.548] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k4xGmLbEPOhc for <tcpm@ietfa.amsl.com>; Thu, 13 Feb 2014 13:00:50 -0800 (PST)
Received: from darkstar.isi.edu (darkstar.isi.edu [128.9.128.127]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF201A0283 for <tcpm@ietf.org>; Thu, 13 Feb 2014 13:00:50 -0800 (PST)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by darkstar.isi.edu (8.13.8/8.13.8) with ESMTP id s1DL0QN8020826 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <tcpm@ietf.org>; Thu, 13 Feb 2014 13:00:29 -0800 (PST)
Message-ID: <52FD326A.10803@isi.edu>
Date: Thu, 13 Feb 2014 13:00:26 -0800
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: "tcpm@ietf.org" <tcpm@ietf.org>
References: <4DC6C56D.6040709@ieca.com> <D1CCED3D-C041-4DA2-B999-D3EF7FC889D0@cisco.com> <20110727184256.GA3690@shorty> <CADRHXGuS3G=UWVxZzuQ80kHEydrcMZKJ4hG23Sm8h7A3LPvULQ@mail.gmail.com> <4E308A4B.4090702@isi.edu>
In-Reply-To: <4E308A4B.4090702@isi.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/6kh42OuiE1cewl9bKQh42P7LjFI
Subject: [tcpm] regarding upcoming tcpcrypt presentation
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 21:00:55 -0000
Since this is the second (at least - maybe third) time this concept will be presented to the IETF, it might be useful to at least consider addressing comments that go back around 3 years: 1) the posted code still codepoint-squats: > ...it appears to use *two* unassigned TCP option codepoints > (69 and 70), rather than experimental codepoints (and, IMO, it should > use the latter instead). The doc should use the experimental codepoints with registered ExIDs, as per RFC6994 2) The MAC aspect is redundant with TCP-AO, and it might even be reasonable to consider extending TCP-AO to support encryption in addition to authentication using a single system. > TCP-AO could easily support a mode where the TCP body was encrypted, > e.g., where the encryption algorithm were defined to use the > connection context (TCP header, IP pseudoheader) as context. 3) the description of the protocol itself is insufficient The draft does not link sufficiently to the description of TCP states and processing options in those different states, or to the order of option processing. Joe