[tcpm] "The SYN trick"
Eric Rescorla <ekr@networkresonance.com> Tue, 11 March 2008 18:39 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: ietfarch-tcpm-archive@core3.amsl.com
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EC2013A6D98; Tue, 11 Mar 2008 11:39:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.245
X-Spam-Level:
X-Spam-Status: No, score=-100.245 tagged_above=-999 required=5 tests=[AWL=0.192, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nzsfh9BeU81s; Tue, 11 Mar 2008 11:39:13 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B18AE3A69AC; Tue, 11 Mar 2008 11:39:13 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C2BFF3A691E for <tcpm@core3.amsl.com>; Tue, 11 Mar 2008 11:39:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRX6H7b3xJqh for <tcpm@core3.amsl.com>; Tue, 11 Mar 2008 11:39:12 -0700 (PDT)
Received: from kilo.rtfm.com (dhcp-11ec.ietf71.ietf.org [130.129.17.236]) by core3.amsl.com (Postfix) with ESMTP id B0C583A69AC for <tcpm@ietf.org>; Tue, 11 Mar 2008 11:39:11 -0700 (PDT)
Received: from dhcp-1679.ietf71.ietf.org (localhost [127.0.0.1]) by kilo.rtfm.com (Postfix) with ESMTP id BE37B1ACED8 for <tcpm@ietf.org>; Tue, 11 Mar 2008 14:36:51 -0400 (EDT)
Date: Tue, 11 Mar 2008 14:36:51 -0400
From: Eric Rescorla <ekr@networkresonance.com>
To: tcpm@ietf.org
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.1 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20080311183651.BE37B1ACED8@kilo.rtfm.com>
Subject: [tcpm] "The SYN trick"
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
I'd suggested using the ISNs as an implicit diversifier for a single master shared key. E.g., K_connection = HMAC(K_master, ISN_i, ISN_r) As Joe points out if you use ISNs as an implicit diversifier for a shared connection key. Obviously, you can't use the ISN sound in the SYN/ACK to key the initial SYN. The natural thing to do here is: - For the initial SYN use K_connection = HMAC(K_master, ISN_i, 0) - For subsequent packets use K_connection = HMAC(K_master, ISN_i, ISN_r) -Ekr _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] "The SYN trick" Eric Rescorla
- Re: [tcpm] "The SYN trick" Brian Weis
- Re: [tcpm] "The SYN trick" Eric Rescorla
- Re: [tcpm] "The SYN trick" Brian Weis
- Re: [tcpm] "The SYN trick" Eric Rescorla