IETF Logo Mail Archive

Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-01

Eric Rescorla <ekr@networkresonance.com> Mon, 28 July 2008 13:12 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B1B0F3A6A1D; Mon, 28 Jul 2008 06:12:43 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4B37D3A6A1D for <tcpm@core3.amsl.com>; Mon, 28 Jul 2008 06:12:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.553
X-Spam-Level:
X-Spam-Status: No, score=-0.553 tagged_above=-999 required=5 tests=[AWL=-0.058, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZW4iB23o8PoW for <tcpm@core3.amsl.com>; Mon, 28 Jul 2008 06:12:42 -0700 (PDT)
Received: from kilo.rtfm.com (unknown [74.95.2.169]) by core3.amsl.com (Postfix) with ESMTP id 4BD533A67DB for <tcpm@ietf.org>; Mon, 28 Jul 2008 06:12:42 -0700 (PDT)
Received: from kilo-2.local (localhost [127.0.0.1]) by kilo.rtfm.com (Postfix) with ESMTP id 3DD764B88F7; Mon, 28 Jul 2008 06:12:54 -0700 (PDT)
Date: Mon, 28 Jul 2008 06:12:53 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Joe Touch <touch@ISI.EDU>
In-Reply-To: <488D6968.9010102@isi.edu>
References: <20080728042451.C7A174B7AD3@kilo.rtfm.com> <488D6968.9010102@isi.edu>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.1 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20080728131254.3DD764B88F7@kilo.rtfm.com>
Cc: tcpm@ietf.org
Subject: Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-01
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

I did want to make one more note.

At Sun, 27 Jul 2008 23:38:32 -0700,
Joe Touch wrote:
> | - The discussion of key rollover seems incomplete
> |
> |       >> TCP-AO implementations SHOULD change keys for a connection at
> |       least every 2^31 bytes, to avoid resending segments with the same
> |       TCP sequence number, data, and length under the same key.
> |
> | How is this intended to work?
> 
> The key management mechanism should react to sequence numbers rolling
> over the ISN (perhaps masking out the high bit to roll over twice as often).

Regardless of whether there is a KMP, it strikes me as unwise to punt this
job to it. 

The TCP authentication protocol should be able to provide security for
packets even in the face of sequence number rollover, out to the
limits of security of the MAC algorithm (which far exceed 2^31 bytes
in both cases). There are (at least) two potential approaches:

1. Use a (synthetic) extended sequence number.
2. Change the key used to compute the MAC inside the protoco.

But I don't think it's a good idea to punt this to the KMP, since
you don't really need to change the key for any cryptographic reason.

-Ekr







_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email