Re: [tcpm] question about TCP-AO and rekeying
Eric Rescorla <ekr@networkresonance.com> Wed, 17 June 2009 05:45 UTC
Return-Path: <ekr@networkresonance.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 17DC83A6C16 for <tcpm@core3.amsl.com>; Tue, 16 Jun 2009 22:45:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.018
X-Spam-Level:
X-Spam-Status: No, score=0.018 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vn5mvoKyHcB4 for <tcpm@core3.amsl.com>; Tue, 16 Jun 2009 22:45:25 -0700 (PDT)
Received: from kilo.networkresonance.com (74-95-2-169-SFBA.hfc.comcastbusiness.net [74.95.2.169]) by core3.amsl.com (Postfix) with ESMTP id 201133A6BA6 for <tcpm@ietf.org>; Tue, 16 Jun 2009 22:45:25 -0700 (PDT)
Received: from kilo.local (localhost [127.0.0.1]) by kilo.networkresonance.com (Postfix) with ESMTP id A4E0C1BCA23; Tue, 16 Jun 2009 22:45:51 -0700 (PDT)
Date: Tue, 16 Jun 2009 22:45:51 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Joe Touch <touch@ISI.EDU>
In-Reply-To: <4A37A202.9020500@isi.edu>
References: <4A2AB973.3030203@isi.edu> <20090616131807.75C481BC6EB@kilo.networkresonance.com> <4A37A202.9020500@isi.edu>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20090617054551.A4E0C1BCA23@kilo.networkresonance.com>
Cc: tcpm Extensions WG <tcpm@ietf.org>
Subject: Re: [tcpm] question about TCP-AO and rekeying
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2009 05:45:26 -0000
At Tue, 16 Jun 2009 06:45:38 -0700, Joe Touch wrote: > Eric Rescorla wrote: > > At Sat, 06 Jun 2009 11:46:11 -0700, > > Joe Touch wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Hi, all, > >> > >> One open issue remaining is how to express what was formerly a database > >> with a particular structure (TAPD, previously TSAD) in ways that impact > >> rekeying and possibly future master key management protocols. We decided > >> at the last meeting in SFO to do as follows: > >> > >> - require that each segment match only one key > >> - segments for established connections must match > >> only one connection key > >> - segments for new connections (SYNs) must match > >> only one master key > >> > >> Connection keys never overlap; there would never be two connection keys > >> with the same keyID and socket pair. The open issue focuses on master > >> keys, which would more likely be specified with wildcards, masks, or > >> ranges, esp. for remote port numbers, but also potentially for addresses > >> or local port numbers. This issue is particularly relevant for rekeying > >> - - adding new master keys that would result in new connection keys being > >> derived for existing connections - and how an endpoint would be able to > >> ensure uniqueness as above. > >> > >> Do we need additional constraints to ensure that master key descriptions > >> never overlap? > >> > >> As review, the previous description of keys as a database also implied, > >> by its structure, constraints on wildcards/masks/ranges. Each TAPD entry > >> was: > >> > >> a socket pair descriptor > >> which may include wildcards or masks > >> > >> one or more MKTs, each of which includes: > >> sendID > >> recvID > >> crypto info: > >> master key > >> MAC info > >> KDF info > >> > >> The TAPD was defined so that a segment matched at most one socket pair > >> descriptor, and that MKTs within that descriptor had distinct sendIDs > >> and recvIDs. > >> > >> If we remove that data structure, it would most obviously be replaced > >> with MKTs with their own socket descriptors, i.e.: > >> > >> MKT > >> socket pair descriptor (may include wildcards/masks) > >> sendID > >> recvID > >> crypto info > >> > >> The question that remains is whether MKTs that match a segment all have > >> identical socket pair descriptors, even down to their > >> wildcards/ranges/masks (which was previously required). If > >> not, then how do we ensure that MKTs don't interfere? > > > > I don't understand why this is a problem. The invariant that > > the system needs to enforce is that for any given packet > > there be at most one valid MKT with a given key-id, right? > > KeyID doesn't come into play for outgoing packets, so we can ignore that. > > However, the invariant is twofold: > > a) for a given packet, only one MKT applies > > b) for two endpoints with multiple MKTs, > the *same* MKT applies. I don't see that this is true. As I understand the current design there's no reason that both sides can't use different MKTs indefinitely. > >> If we throw our hands up and say this is "implementation detail", then > >> IMO we could be hobbling any KMP, since there would be no common data > >> for the KMP to coordinate. > > > > I don't see this. Obviously, any KMP will need some model for > > how it thinks about keys and any particular implementation of > > a KMP will need to interact with the system on which it is > > implemented in order to match that model to the system's > > implementation, but I don't see how that's a problem. It's > > not like we're defining a C API for the KMP implementations > > to call. > > If we don't specify some level of commonality, we can't expect to ever > define such an API. I don't consider the design of such an API in IETF either necessary or desirable. -Ekr
- [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Eddy, Wesley M. (GRC-MS00)[Verizon]
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch