IETF Logo Mail Archive

Re: [tcpm] TCP-AO: Text for New_Key Process

Eric Rescorla <ekr@networkresonance.com> Thu, 29 January 2009 15:36 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0285128C1E8; Thu, 29 Jan 2009 07:36:36 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 485AB28C1E8 for <tcpm@core3.amsl.com>; Thu, 29 Jan 2009 07:36:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.561
X-Spam-Level:
X-Spam-Status: No, score=-2.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4cuh3ZZaLxN5 for <tcpm@core3.amsl.com>; Thu, 29 Jan 2009 07:36:34 -0800 (PST)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id 3D6DF28C0ED for <tcpm@ietf.org>; Thu, 29 Jan 2009 07:36:34 -0800 (PST)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 2136150823; Thu, 29 Jan 2009 07:52:51 -0800 (PST)
Date: Thu, 29 Jan 2009 07:52:51 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: Joe Touch <touch@ISI.EDU>
In-Reply-To: <4981C803.8040504@isi.edu>
References: <7.1.0.9.2.20081219010400.02bfd3d8@gmail.com> <496d9941.18038e0a.5558.ffffd3a6@mx.google.com> <497F7DDC.70309@isi.edu> <20090128162756.3799450822@romeo.rtfm.com> <49808E94.8050107@isi.edu> <20090128175345.C434E50822@romeo.rtfm.com> <49809CBC.5080603@isi.edu> <20090129065500.243E550822@romeo.rtfm.com> <4981C803.8040504@isi.edu>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20090129155251.2136150823@romeo.rtfm.com>
Cc: tcpm@ietf.org, Allison Mankin <mankin@psg.com>, skonduru@juniper.net
Subject: Re: [tcpm] TCP-AO: Text for New_Key Process
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

At Thu, 29 Jan 2009 07:15:15 -0800,
Joe Touch wrote:
> Eric Rescorla wrote:
> > At Wed, 28 Jan 2009 09:58:20 -0800,
> >> It allows side A to tell side B when side A has a new key installed,
> >> without causing any packets to fall on the floor on side B (note that
> >> retransmissions, if received, could open the congestion window
> >> inappropriately).
> >> The mechanism I proposed achieved with no modifications to the TCP stack.
> > 
> > Yes, by laying the burden on some as yet nonexistent key management
> > mechanism.
> 
> We can bury the mechanism I suggest inside TCP-AO if desired, but I
> think that just ends up making it even more heavyweight. Automated key
> management is a mechanism that does not need to be inside TCP-AO - we
> were given that direction by the ADs from the start.

I don't consider this to be automated key management, and I don't
think it's very productive to argue about the direction from the ADs
gave us. My understanding from the discussion in MSP was that there
was general WG consensus that the protocol ought to include some
mechanism for automatic switchover of manually configured keys
without real-time coordination. The minutes aren't as explicit
as one might like but sort of reflect this when they say: 

"***ACTION*** GL will write the text up explaining all of this"

That isn't to say you need to love Greg's mechanism, but if you
think the WG shouldn't do this sort of thing at all, I think we
need a more meta discussion, perhaps requiring more time 
in SFO.



> >> The other mechanisms suggested all have the property of also using the
> >> KeyID value as a signal. The only downside of the mechanism I proposed
> >> is that is inefficient in the use of the KeyID space - however, the
> >> space is large enough that this isn't an issue.
> > 
> > That's far from the only downside.
> > 
> > For one, consider what happens if key 7 is misconfigured. In Greg's
> > system, everything works fine, because packets with MAC failures are
> > dropped.
> 
> I cannot believe TCP-AO needs to handle misconfigured keys. This is
> supposed to be a lightweight mechanism.

I agree it should be a lightweight mechanism, but as I took it your
argument is that we don't need an in protocol switchover mechanism
because it could be done with the external mechanism you propose.
My point is that your external mechanism is inferior in this 
respect, which motivates an internal mechanism.

This isn't the only downside, however. Your mechanism also entails
significantly more user intervention in the switchover process
to install these dummy keys. I don't consider that a feature.
  

> > In your system, the 5-6 transition is used to signal the
> > availability of 7, but if that transition fails the connection just
> > falls over.
> 
> It's trivial to handle misconfigured keys in a similar fashion in the
> mechanism I proposed - when you get keyID6, you switch to using keyID7;
> if you don't get ACKs after some timeout, you revert back. Again, this
> can be done without burying the mechanism inside TCP (you can do it by
> sampling the keyIDs received).

Well, you've now sort of reinvented the mechanism I originally
suggested and which is in Greg's message, but this is worse IMO because
substantial numbers of packets may be lost at one time before you can
switch over. Granted, this only happens with misconfiguration but it
makes misconfiguration quite bad. And the logic around failure also
becomes quite complicated. How long do I wait before I decide the
other side has screwed up? 


> >>> There's no natural	
> >>> connection between the switch from 5-6 and the switch from 5-7.
> >> Why should there be? IMO, it's up to the endpoints to decide how and
> >> when to switch keys; key change coordination needs to be _enabled_ by
> >> TCP-AO, but not provided by it. IMO, that's a KMS issue - whether
> >> automated at the endpoints, or via a protocol.
> > 
> > Again, I don't agree. TCP-AO should work fine without some additional
> > KMS, and that includes having unsynchronized key changes work correctly.
> 
> TCP-AO *supports* key management; it doesn't include it. Synchronizing
> key changes is key management.

This seems like a definitional argument. As I said at the beginning, 
it was my read of the discussion in MSP that the WG agreed there
should be such a mechanism. I think that having one would be a good
thing. If that's key management, then make the most of it.

-Ekr



_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email