Re: [tcpm] Review of draft-lebovitz-ietf-tcpm-tcp-ao-crypto-01
Eric Rescorla <ekr@networkresonance.com> Mon, 27 July 2009 14:54 UTC
Return-Path: <ekr@networkresonance.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C45A63A6980 for <tcpm@core3.amsl.com>; Mon, 27 Jul 2009 07:54:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.538
X-Spam-Level:
X-Spam-Status: No, score=-0.538 tagged_above=-999 required=5 tests=[AWL=-0.556, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rE6SgHtTUvCW for <tcpm@core3.amsl.com>; Mon, 27 Jul 2009 07:54:07 -0700 (PDT)
Received: from kilo.networkresonance.com (74-95-2-169-SFBA.hfc.comcastbusiness.net [74.95.2.169]) by core3.amsl.com (Postfix) with ESMTP id DEDA73A6B23 for <tcpm@ietf.org>; Mon, 27 Jul 2009 07:54:06 -0700 (PDT)
Received: from kilo.local (localhost [127.0.0.1]) by kilo.networkresonance.com (Postfix) with ESMTP id D62181D2EEB; Mon, 27 Jul 2009 07:56:53 -0700 (PDT)
Date: Mon, 27 Jul 2009 07:56:53 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: "Gregory M. Lebovitz" <gregory.ietf@gmail.com>
In-Reply-To: <4a6d643c.0fba720a.10e1.ffffd732@mx.google.com>
References: <20090726234651.18D7A50822@romeo.rtfm.com> <4a6d643c.0fba720a.10e1.ffffd732@mx.google.com>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20090727145653.D62181D2EEB@kilo.networkresonance.com>
Cc: tcpm@ietf.org
Subject: Re: [tcpm] Review of draft-lebovitz-ietf-tcpm-tcp-ao-crypto-01
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2009 14:54:07 -0000
At Mon, 27 Jul 2009 01:24:21 -0700, Gregory M. Lebovitz wrote: > > inline... > > At 04:46 PM 7/26/2009, Eric Rescorla wrote: > >$Id: draft-lebovitz-ietf-tcpm-tcp-ao-crypto-01-rev.txt,v 1.1 > >2009/07/26 22:40:47 ekr Exp $ > > > >TECHNICAL > >S 3.1. > >This mixing of the KDF interface and the NIST 800-108 interface > >is extraordinarily confusing. > > I'm not sure it's "mixing". Isn't one is a subset of the other? The > KDF interface is an interface. The NIST thing is the actual > concatenated construct which fulfills the Context. Well, as usual, the interface is abstract and the NIST thing is a concrete implementation. > >To recap: > >The input to the KDF requires: > > > >- Master Key > >- Context (i.e., the conn-data) > > it's not just the Data_Block (updated lingo, per auth-opt-05). In > order to follow SP800-180, the context is a few things concatenated, > and Data_Block is one of the things. Yes, that's what it is now and my point is that that's wrong. > >- Output length > > > >Now, as it happens, you're constructing your KDFs a la SP800-108, > >so you then use the relevant PRF with an input block constructed > >as: > > > > ( i || Label || Context || Output_Length) > > > >But that is not a meaningful part of the interface to the KDF > >as far as AO is concerned. If you were (for instance) to define > >a new TLS PRF based KDF, you would not use i internally because > >the TLS PRF generates an arbitrary length string. Again, it's > >important to distinguish between the TCP-AO requirements and > >what this document happens to do. > > I think this document is NOT just the generic interface - that's > covered in auth-opt-05. This document reminds us of the generic > interface, and then specifically defines how to do the SHA1 and > AES-128 KDFs themselves. That's why we made it specific. Maybe I'm > not understanding you? Apparently not. My point is that you shouldn't be exporting the SP800-108 stuff into the TCP-AO document, and the way you have defined the generic interface does that. > >S 3.1.3. > >Wait, I don't remember agreeing to this. I'm happy to use these > >as labels in soem IANA registry, byt people's UI is not our > >business. > > This is the years of IKE interop work which motivates this. Well, years of TLS interop suggest the exact contrary. We're not in the business of mandating UI. > Clarifying the UI representations to make it very easy on operators > is a good thing. Others opinions on this UI guidance? > >S 2.3. > > (1) Key Derivation Functions (KDFs) which name a pseudorandom > > function (PRF) and use a Master_Key and some connection- > > specific Input with that PRF to produce Conn_Keys, the keys > > suitable for authenticating and integrity checking > > individual TCP segments. > > > >This is confusing. KDFs may or may not be constructed with PRFs. > >However, THESE KDFs are so constructed. If you're giong to have > >a document which applies to future KDFs, don't say PRF here. > > it does say "which name", not "MUST name". Doesn't this cover your point? Not really, no. I think you need to separate the abstract requirements from the concrete instantiations. -Ekr
- [tcpm] Review of draft-lebovitz-ietf-tcpm-tcp-ao-… Eric Rescorla
- Re: [tcpm] Review of draft-lebovitz-ietf-tcpm-tcp… Gregory M. Lebovitz
- Re: [tcpm] Review of draft-lebovitz-ietf-tcpm-tcp… Eric Rescorla