IETF Logo Mail Archive

Re: [tcpm] public-private keys for TCP-AO

Joe Touch <touch@strayalpha.com> Tue, 30 October 2018 02:55 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34616126DBF for <tcpm@ietfa.amsl.com>; Mon, 29 Oct 2018 19:55:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zchQCXolwlcx for <tcpm@ietfa.amsl.com>; Mon, 29 Oct 2018 19:55:03 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7B47123FFD for <tcpm@ietf.org>; Mon, 29 Oct 2018 19:55:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=2ZfDryRuP8Eb8RbhsS7Vwpa4H+Xyl8IEyV8Y3KzdCDk=; b=k5KzIb8Z9YvpAvJ/nlk7hlVSe IDg//2arUpq/aurWzAblZpTR5+geDaN2DaOlUR2hifwsqyA1bX7wN9IE1ESJ4HOEznkBwt6/vsRwE 8DTOfTy+ySKGQXDtlJal/d3dCEa5AfRfW0rrtwGGfiVr35KNX1tDrOP0Vt2ANEf8uWFlYsOcmX6LT y8SShQaE0tDm92phirMsFWtlXCBKydxm2gq49gDw1ttAw0s7/4wdsqTjXPHDkeiY1nyWO7XoprLnT IumWg9kWCQZaADcQo1xVPMVHVd2V5JDFi1HXnGqkTPQgeGqu3+O8bHF6Wb10ZOSRIg+crVKpZWKz4 Lk5XQ7brA==;
Received: from cpe-172-250-240-132.socal.res.rr.com ([172.250.240.132]:55880 helo=[192.168.1.77]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1gHKBF-002oRQ-UJ; Mon, 29 Oct 2018 22:55:01 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_BC64B9E1-EAA6-4D4E-9CA1-C9B3AF14100E"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Joe Touch <touch@strayalpha.com>
In-Reply-To: <bd707072e91b420d93dd898f69d94898@XCH-ALN-014.cisco.com>
Date: Mon, 29 Oct 2018 19:54:55 -0700
Cc: "tcpm@ietf.org" <tcpm@ietf.org>
Message-Id: <68FFD5DF-E6B1-4E3A-B5F7-AB5114DA1BA0@strayalpha.com>
References: <95f4b81948844b2799ecca33450bdde1@XCH-ALN-014.cisco.com> <E4B83487-C832-4F41-BFFE-20CE2EA53AC4@strayalpha.com> <7597333b9a414761be688375acf48dd6@XCH-ALN-014.cisco.com> <0C168054-E3D6-4BC5-9E1E-A28059F1A27B@strayalpha.com> <12b0f677e60443d8a32b4d56370787d7@XCH-ALN-014.cisco.com> <4C874E0B-BB5D-4765-8A33-3B9C736B646B@strayalpha.com> <bd707072e91b420d93dd898f69d94898@XCH-ALN-014.cisco.com>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/7GfZgB0Q2IMRZ79cZJifCN3cY3E>
Subject: Re: [tcpm] public-private keys for TCP-AO
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Oct 2018 02:55:06 -0000

You’d want basically one per connection (the point is to avoid reusing them). You’d be surprised how many connections a pair of endpoints use over time.

Joe

> On Oct 29, 2018, at 7:00 PM, Jakob Heitz (jheitz) <jheitz@cisco.com> wrote:
> 
> There are use cases where I don't need to generate a LOT.
> One a month should be just fine, because I have no fear of them leaking into enemy hands.
> I posit that distributing one shared secret key is a LOT harder than distributing 1000 public keys.
>  
> Regards,
> Jakob.
>  
> From: Joe Touch <touch@strayalpha.com <mailto:touch@strayalpha.com>> 
> Sent: Monday, October 29, 2018 6:49 PM
> To: Jakob Heitz (jheitz) <jheitz@cisco.com <mailto:jheitz@cisco.com>>
> Cc: tcpm@ietf.org <mailto:tcpm@ietf.org>
> Subject: Re: [tcpm] public-private keys for TCP-AO
>  
>  
> 
> 
> On Oct 29, 2018, at 6:41 PM, Jakob Heitz (jheitz) <jheitz@cisco.com <mailto:jheitz@cisco.com>> wrote:
>  
> Because distributing public keys is easier.
> Private keys don't need to be distributed. They stay inside the machine that generates them.
>  
> Sure, but you need to generate private/public key pairs on both sides of the connection - many of them - and then distribute them to both sides. I.e., the work gets a LOT larger.
>  
>  
> Distributing and safe guarding symmetric keys is a major hassle.
>  
> Agreed, but you only need one such shared key between each endpoint pair because you can derive session keys algorithmically.
>  
> You can certainly TRY to work out the details as you suggest, but I suspect the number of keys needed would be prohibitive even for a single pair of endpoints.
>  
> Joe
> 
> 
>  
> Regards,
> Jakob.
>  
> From: Joe Touch <touch@strayalpha.com <mailto:touch@strayalpha.com>> 
> Sent: Monday, October 29, 2018 6:37 PM
> To: Jakob Heitz (jheitz) <jheitz@cisco.com <mailto:jheitz@cisco.com>>
> Cc: tcpm@ietf.org <mailto:tcpm@ietf.org>
> Subject: Re: [tcpm] public-private keys for TCP-AO
>  
>  
> 
> 
> 
> On Oct 29, 2018, at 6:22 PM, Jakob Heitz (jheitz) <jheitz@cisco.com <mailto:jheitz@cisco.com>> wrote:
>  
> Can you think of a way to do it that will work?
> Like the KDF is just a static list or something.
> The sender generates a set of key pairs and numbers them.
> It then puts the list of public keys into a file and distributes them to all receivers in the clear.
>  
> You’d have to find a way to specify the use of private and public keys on both sides, in advance, and distribute enough for the upcoming connections - then you’d have to hash into that list in a way that avoids reuse. At that point, why not just distribute symmetric keys and be done with it?
>  
> Joe
>  
> The KDF is just to index into this file.
>  
> Because the use case, at least, makes sense.
>  
> Regards,
> Jakob.
>  
> From: Joe Touch <touch@strayalpha.com <mailto:touch@strayalpha.com>> 
> Sent: Monday, October 29, 2018 6:13 PM
> To: Jakob Heitz (jheitz) <jheitz@cisco.com <mailto:jheitz@cisco.com>>
> Cc: tcpm@ietf.org <mailto:tcpm@ietf.org>
> Subject: Re: [tcpm] public-private keys for TCP-AO
>  
>  
> 
> 
> 
> 
> On Oct 29, 2018, at 5:45 PM, Jakob Heitz (jheitz) <jheitz@cisco.com <mailto:jheitz@cisco.com>> wrote:
>  
> Why was there not a public-private key algorithm specified for TCP-AO? Or did I miss it?
>  
> There has not been. I doubt it would make sense (see below).
> 
> 
> 
> 
> For example ECC.
> An MKT can specify a private key for the sender and a public key for the receivers.
>  
> Yes, but the MKT is derived into public/private keys using a KDF.
>  
> I am not aware of a KDF that can take a private key and generate a derived private key that would work with a correspondingly derived public key generated from the corresponding public key.
>  
> To use, the sender will hash the data, encrypt the hash and put the result into the MAC field.
> The receiver would decrypt the MAC field, then hash the data and verify the hash against the decrypted MAC.
> This way, the private key never needs to be exposed to anyone, simplifying key management.
> Is there any objection to getting this done?
>  
> See above; it doesn’t make sense with the way TCP-AO derives keys for each connection, AFAICT.
>  
> Joe
> 
> 
> 
> 
>  
> Regards,
> Jakob.
>  
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org <mailto:tcpm@ietf.org>
> https://www.ietf.org/mailman/listinfo/tcpm <https://www.ietf.org/mailman/listinfo/tcpm>
>  
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org <mailto:tcpm@ietf.org>
> https://www.ietf.org/mailman/listinfo/tcpm <https://www.ietf.org/mailman/listinfo/tcpm>
>  
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org <mailto:tcpm@ietf.org>
> https://www.ietf.org/mailman/listinfo/tcpm <https://www.ietf.org/mailman/listinfo/tcpm>
>  
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org <mailto:tcpm@ietf.org>
> https://www.ietf.org/mailman/listinfo/tcpm <https://www.ietf.org/mailman/listinfo/tcpm>

v2.23.0 | Report a Bug | By Email