Re: [tcpm] Minimum nonce length in draft-touch-tcpm-experimental-options
Pasi Sarolahti <pasi.sarolahti@iki.fi> Wed, 29 February 2012 20:08 UTC
Return-Path: <pasi.sarolahti@iki.fi>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DDB321E808A for <tcpm@ietfa.amsl.com>; Wed, 29 Feb 2012 12:08:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.291
X-Spam-Level:
X-Spam-Status: No, score=-106.291 tagged_above=-999 required=5 tests=[AWL=0.308, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6oTY08WmNPab for <tcpm@ietfa.amsl.com>; Wed, 29 Feb 2012 12:08:33 -0800 (PST)
Received: from smtp-1.hut.fi (smtp-1.hut.fi [130.233.228.91]) by ietfa.amsl.com (Postfix) with ESMTP id 39A6621E8087 for <tcpm@ietf.org>; Wed, 29 Feb 2012 12:08:33 -0800 (PST)
Received: from localhost (katosiko.hut.fi [130.233.228.115]) by smtp-1.hut.fi (8.13.6/8.12.10) with ESMTP id q1TK8Su7025087; Wed, 29 Feb 2012 22:08:28 +0200
Received: from smtp-1.hut.fi ([130.233.228.91]) by localhost (katosiko.hut.fi [130.233.228.115]) (amavisd-new, port 10024) with LMTP id 17069-1477; Wed, 29 Feb 2012 22:08:27 +0200 (EET)
Received: from smtp.netlab.hut.fi (luuri.netlab.hut.fi [130.233.154.177]) by smtp-1.hut.fi (8.13.6/8.12.10) with ESMTP id q1TK8NSU025083; Wed, 29 Feb 2012 22:08:23 +0200
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.netlab.hut.fi (Postfix) with ESMTP id 5F78C1E136; Wed, 29 Feb 2012 22:08:23 +0200 (EET)
X-Virus-Scanned: by amavisd-new at luuri.netlab.hut.fi
Received: from smtp.netlab.hut.fi ([127.0.0.1]) by localhost (luuri.netlab.hut.fi [127.0.0.1]) (amavisd-new, port 10024) with LMTP id b7tbzru0rBip; Wed, 29 Feb 2012 22:08:19 +0200 (EET)
Received: from [192.168.1.65] (dsl-hkibrasgw4-fe5cdf00-46.dhcp.inet.fi [80.223.92.46]) by smtp.netlab.hut.fi (Postfix) with ESMTPSA id 9444E1E0B7; Wed, 29 Feb 2012 22:08:19 +0200 (EET)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset="us-ascii"
From: Pasi Sarolahti <pasi.sarolahti@iki.fi>
In-Reply-To: <11225_1330460112_4F4D35D0_11225_4274_1_CAO249ycxh75VETJ6jYScpw-ChCi9As6x6x35RnXHKWY1TVEkYw@mail.gmail.com>
Date: Wed, 29 Feb 2012 22:08:23 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <7CC5FA62-2223-4003-BE21-F9E2F6120D96@iki.fi>
References: <133D9897FB9C5E4E9DF2779DC91E947C06C80E75@SLFSNX.rcs.alcatel-research.de> <11225_1330460112_4F4D35D0_11225_4274_1_CAO249ycxh75VETJ6jYScpw-ChCi9As6x6x35RnXHKWY1TVEkYw@mail.gmail.com>
To: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
X-Mailer: Apple Mail (2.1257)
X-TKK-Virus-Scanned: by amavisd-new-2.1.2-hutcc at katosiko.hut.fi
Cc: tcpm@ietf.org, Joe Touch <touch@isi.edu>
Subject: Re: [tcpm] Minimum nonce length in draft-touch-tcpm-experimental-options
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Feb 2012 20:08:34 -0000
On Feb 28, 2012, at 10:14 PM, Yoshifumi Nishida wrote: >> Does that statement intend to say something like "MUST NOT be shorter >> than 16 bits long"? Or shall even a nonce of length 0 be allowed, >> provided that there are additional security mechanism such as checksums >> or digital signatures? In the latter case, existing use of the >> codepoints without nonce could be compliant to the recommendation, >> provided that there are other means to detect false positives. > > I don't have strong opinion on this yet, but I personally think we > don't have to mention minimum length specifically in the draft. > However, I might prefer to put a little bit more stress in this regards, like, > o It's implementor's responsibility to find good balance between > the overhead of magic number and the overhead to handle false > positive. > o the draft doesn't guarantee anything even if an implementor > chooses longer magic number I agree. Given the scarcity of TCP option space, you do not want to use any more space for the magic number than necessary. Maybe one possible option could be to use a 32-bit magic number in the SYN handshake, to declare that for the rest of that connection option types 253 and 254 are used without magic number for feature X (or perhaps with a shorter magic number, to allow simultaneous experimental features). This could be useful when the option space is expected to get tight. - Pasi
- [tcpm] Minimum nonce length in draft-touch-tcpm-e… SCHARF, Michael
- Re: [tcpm] Minimum nonce length in draft-touch-tc… Yoshifumi Nishida
- Re: [tcpm] Minimum nonce length in draft-touch-tc… Pasi Sarolahti
- Re: [tcpm] Minimum nonce length in draft-touch-tc… SCHARF, Michael
- Re: [tcpm] Minimum nonce length in draft-touch-tc… Joe Touch