Re: [tcpm] public-private keys for TCP-AO

Joe Touch <> Tue, 30 October 2018 01:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0EEB51288BD for <>; Mon, 29 Oct 2018 18:13:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7ffe59E9ooH1 for <>; Mon, 29 Oct 2018 18:13:20 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 43CC5130F58 for <>; Mon, 29 Oct 2018 18:13:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=4zmZYRrpMrAeY/1m2BGXtAuVP3oAjSV+oRAGgIBRtvw=; b=QWrDbzfr91Y0gXWG0iP8uHaFX gFiG67p1d7bKcdUrFRu2CN7eMAoFI8pCime1PBY0itqhOVg3QD3DaulKFtUeUQAtnXmkZHOnjwX4O Z63NJIydDrvw09EyXcOFekt4yXqG79qHLd8JgHV4wwUt3/8HH0zAxvLu8xgWnehn7Mh6XCb/dBl2S AlfjRHEL6pRIU2cW2YHjUAZxSK6b5ybiatvhmbZQ4/jcyjRzDojj9e7SE0BoXnQO5EYPixo19MN3s DsBGdCUBwv7ZabljSrrdaXxm4QLI8kq+I2ZbZE/kZR3WSRmaSPl4eGZcCPUTYF/2QOpgDF+UI2WEn XSSQYJorA==;
Received: from ([]:54728 helo=[]) by with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <>) id 1gHIao-001dgg-CK; Mon, 29 Oct 2018 21:13:17 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_86396AA9-E0C9-492E-8697-4B55CCD64A0C"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Joe Touch <>
In-Reply-To: <>
Date: Mon, 29 Oct 2018 18:13:13 -0700
Cc: "" <>
Message-Id: <>
References: <>
To: "Jakob Heitz (jheitz)" <>
X-Mailer: Apple Mail (2.3445.9.1)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Get-Message-Sender-Via: authenticated_id:
X-From-Rewrite: unmodified, already matched
Archived-At: <>
Subject: Re: [tcpm] public-private keys for TCP-AO
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 30 Oct 2018 01:13:23 -0000

> On Oct 29, 2018, at 5:45 PM, Jakob Heitz (jheitz) <> wrote:
> Why was there not a public-private key algorithm specified for TCP-AO? Or did I miss it?

There has not been. I doubt it would make sense (see below).

> For example ECC.
> An MKT can specify a private key for the sender and a public key for the receivers.

Yes, but the MKT is derived into public/private keys using a KDF.

I am not aware of a KDF that can take a private key and generate a derived private key that would work with a correspondingly derived public key generated from the corresponding public key.

> To use, the sender will hash the data, encrypt the hash and put the result into the MAC field.
> The receiver would decrypt the MAC field, then hash the data and verify the hash against the decrypted MAC.
> This way, the private key never needs to be exposed to anyone, simplifying key management.
> Is there any objection to getting this done?

See above; it doesn’t make sense with the way TCP-AO derives keys for each connection, AFAICT.


> Regards,
> Jakob.
> _______________________________________________
> tcpm mailing list
> <>
> <>