Re: [tcpm] public-private keys for TCP-AO
Joe Touch <touch@strayalpha.com> Tue, 30 October 2018 02:55 UTC
Return-Path: <touch@strayalpha.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34616126DBF for <tcpm@ietfa.amsl.com>; Mon, 29 Oct 2018 19:55:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zchQCXolwlcx for <tcpm@ietfa.amsl.com>; Mon, 29 Oct 2018 19:55:03 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7B47123FFD for <tcpm@ietf.org>; Mon, 29 Oct 2018 19:55:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=2ZfDryRuP8Eb8RbhsS7Vwpa4H+Xyl8IEyV8Y3KzdCDk=; b=k5KzIb8Z9YvpAvJ/nlk7hlVSe IDg//2arUpq/aurWzAblZpTR5+geDaN2DaOlUR2hifwsqyA1bX7wN9IE1ESJ4HOEznkBwt6/vsRwE 8DTOfTy+ySKGQXDtlJal/d3dCEa5AfRfW0rrtwGGfiVr35KNX1tDrOP0Vt2ANEf8uWFlYsOcmX6LT y8SShQaE0tDm92phirMsFWtlXCBKydxm2gq49gDw1ttAw0s7/4wdsqTjXPHDkeiY1nyWO7XoprLnT IumWg9kWCQZaADcQo1xVPMVHVd2V5JDFi1HXnGqkTPQgeGqu3+O8bHF6Wb10ZOSRIg+crVKpZWKz4 Lk5XQ7brA==;
Received: from cpe-172-250-240-132.socal.res.rr.com ([172.250.240.132]:55880 helo=[192.168.1.77]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1gHKBF-002oRQ-UJ; Mon, 29 Oct 2018 22:55:01 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_BC64B9E1-EAA6-4D4E-9CA1-C9B3AF14100E"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Joe Touch <touch@strayalpha.com>
In-Reply-To: <bd707072e91b420d93dd898f69d94898@XCH-ALN-014.cisco.com>
Date: Mon, 29 Oct 2018 19:54:55 -0700
Cc: "tcpm@ietf.org" <tcpm@ietf.org>
Message-Id: <68FFD5DF-E6B1-4E3A-B5F7-AB5114DA1BA0@strayalpha.com>
References: <95f4b81948844b2799ecca33450bdde1@XCH-ALN-014.cisco.com> <E4B83487-C832-4F41-BFFE-20CE2EA53AC4@strayalpha.com> <7597333b9a414761be688375acf48dd6@XCH-ALN-014.cisco.com> <0C168054-E3D6-4BC5-9E1E-A28059F1A27B@strayalpha.com> <12b0f677e60443d8a32b4d56370787d7@XCH-ALN-014.cisco.com> <4C874E0B-BB5D-4765-8A33-3B9C736B646B@strayalpha.com> <bd707072e91b420d93dd898f69d94898@XCH-ALN-014.cisco.com>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/7GfZgB0Q2IMRZ79cZJifCN3cY3E>
Subject: Re: [tcpm] public-private keys for TCP-AO
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Oct 2018 02:55:06 -0000
You’d want basically one per connection (the point is to avoid reusing them). You’d be surprised how many connections a pair of endpoints use over time. Joe > On Oct 29, 2018, at 7:00 PM, Jakob Heitz (jheitz) <jheitz@cisco.com> wrote: > > There are use cases where I don't need to generate a LOT. > One a month should be just fine, because I have no fear of them leaking into enemy hands. > I posit that distributing one shared secret key is a LOT harder than distributing 1000 public keys. > > Regards, > Jakob. > > From: Joe Touch <touch@strayalpha.com <mailto:touch@strayalpha.com>> > Sent: Monday, October 29, 2018 6:49 PM > To: Jakob Heitz (jheitz) <jheitz@cisco.com <mailto:jheitz@cisco.com>> > Cc: tcpm@ietf.org <mailto:tcpm@ietf.org> > Subject: Re: [tcpm] public-private keys for TCP-AO > > > > > On Oct 29, 2018, at 6:41 PM, Jakob Heitz (jheitz) <jheitz@cisco.com <mailto:jheitz@cisco.com>> wrote: > > Because distributing public keys is easier. > Private keys don't need to be distributed. They stay inside the machine that generates them. > > Sure, but you need to generate private/public key pairs on both sides of the connection - many of them - and then distribute them to both sides. I.e., the work gets a LOT larger. > > > Distributing and safe guarding symmetric keys is a major hassle. > > Agreed, but you only need one such shared key between each endpoint pair because you can derive session keys algorithmically. > > You can certainly TRY to work out the details as you suggest, but I suspect the number of keys needed would be prohibitive even for a single pair of endpoints. > > Joe > > > > Regards, > Jakob. > > From: Joe Touch <touch@strayalpha.com <mailto:touch@strayalpha.com>> > Sent: Monday, October 29, 2018 6:37 PM > To: Jakob Heitz (jheitz) <jheitz@cisco.com <mailto:jheitz@cisco.com>> > Cc: tcpm@ietf.org <mailto:tcpm@ietf.org> > Subject: Re: [tcpm] public-private keys for TCP-AO > > > > > > On Oct 29, 2018, at 6:22 PM, Jakob Heitz (jheitz) <jheitz@cisco.com <mailto:jheitz@cisco.com>> wrote: > > Can you think of a way to do it that will work? > Like the KDF is just a static list or something. > The sender generates a set of key pairs and numbers them. > It then puts the list of public keys into a file and distributes them to all receivers in the clear. > > You’d have to find a way to specify the use of private and public keys on both sides, in advance, and distribute enough for the upcoming connections - then you’d have to hash into that list in a way that avoids reuse. At that point, why not just distribute symmetric keys and be done with it? > > Joe > > The KDF is just to index into this file. > > Because the use case, at least, makes sense. > > Regards, > Jakob. > > From: Joe Touch <touch@strayalpha.com <mailto:touch@strayalpha.com>> > Sent: Monday, October 29, 2018 6:13 PM > To: Jakob Heitz (jheitz) <jheitz@cisco.com <mailto:jheitz@cisco.com>> > Cc: tcpm@ietf.org <mailto:tcpm@ietf.org> > Subject: Re: [tcpm] public-private keys for TCP-AO > > > > > > > On Oct 29, 2018, at 5:45 PM, Jakob Heitz (jheitz) <jheitz@cisco.com <mailto:jheitz@cisco.com>> wrote: > > Why was there not a public-private key algorithm specified for TCP-AO? Or did I miss it? > > There has not been. I doubt it would make sense (see below). > > > > > For example ECC. > An MKT can specify a private key for the sender and a public key for the receivers. > > Yes, but the MKT is derived into public/private keys using a KDF. > > I am not aware of a KDF that can take a private key and generate a derived private key that would work with a correspondingly derived public key generated from the corresponding public key. > > To use, the sender will hash the data, encrypt the hash and put the result into the MAC field. > The receiver would decrypt the MAC field, then hash the data and verify the hash against the decrypted MAC. > This way, the private key never needs to be exposed to anyone, simplifying key management. > Is there any objection to getting this done? > > See above; it doesn’t make sense with the way TCP-AO derives keys for each connection, AFAICT. > > Joe > > > > > > Regards, > Jakob. > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org <mailto:tcpm@ietf.org> > https://www.ietf.org/mailman/listinfo/tcpm <https://www.ietf.org/mailman/listinfo/tcpm> > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org <mailto:tcpm@ietf.org> > https://www.ietf.org/mailman/listinfo/tcpm <https://www.ietf.org/mailman/listinfo/tcpm> > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org <mailto:tcpm@ietf.org> > https://www.ietf.org/mailman/listinfo/tcpm <https://www.ietf.org/mailman/listinfo/tcpm> > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org <mailto:tcpm@ietf.org> > https://www.ietf.org/mailman/listinfo/tcpm <https://www.ietf.org/mailman/listinfo/tcpm>
- [tcpm] public-private keys for TCP-AO Jakob Heitz (jheitz)
- Re: [tcpm] public-private keys for TCP-AO Joe Touch
- Re: [tcpm] public-private keys for TCP-AO Jakob Heitz (jheitz)
- Re: [tcpm] public-private keys for TCP-AO Joe Touch
- Re: [tcpm] public-private keys for TCP-AO Jakob Heitz (jheitz)
- Re: [tcpm] public-private keys for TCP-AO Joe Touch
- Re: [tcpm] public-private keys for TCP-AO Jakob Heitz (jheitz)
- Re: [tcpm] public-private keys for TCP-AO Joe Touch
- Re: [tcpm] public-private keys for TCP-AO Jakob Heitz (jheitz)
- Re: [tcpm] public-private keys for TCP-AO Joe Touch
- Re: [tcpm] public-private keys for TCP-AO Jakob Heitz (jheitz)
- Re: [tcpm] public-private keys for TCP-AO Ignacio Goyret