Re: [tcpm] TCP-AO review comments.
Stefanos Harhalakis <v13@v13.gr> Sun, 10 August 2008 12:07 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 05BD83A6DBB; Sun, 10 Aug 2008 05:07:48 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D3E233A68D7 for <tcpm@core3.amsl.com>; Sun, 10 Aug 2008 05:07:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.299
X-Spam-Level:
X-Spam-Status: No, score=-1.299 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kWPePxG2T2Zn for <tcpm@core3.amsl.com>; Sun, 10 Aug 2008 05:07:46 -0700 (PDT)
Received: from mx-out.forthnet.gr (mx-out.forthnet.gr [193.92.150.104]) by core3.amsl.com (Postfix) with ESMTP id AE9873A6B13 for <tcpm@ietf.org>; Sun, 10 Aug 2008 05:07:45 -0700 (PDT)
Received: from mx-av-05.forthnet.gr (mx-av.forthnet.gr [193.92.150.27]) by mx-out-01.forthnet.gr (8.14.3/8.14.3) with ESMTP id m7AC7jK8006537; Sun, 10 Aug 2008 15:07:45 +0300
Received: from MX-IN-01.forthnet.gr (mx-in-01.forthnet.gr [193.92.150.23]) by mx-av-05.forthnet.gr (8.14.3/8.14.3) with ESMTP id m7AC7j35027974; Sun, 10 Aug 2008 15:07:45 +0300
Received: from hell.hell.gr (adsl69-188.lsf.forthnet.gr [79.103.196.188]) by MX-IN-01.forthnet.gr (8.14.3/8.14.3) with ESMTP id m7AC7aJx032430; Sun, 10 Aug 2008 15:07:37 +0300
Authentication-Results: MX-IN-01.forthnet.gr smtp.mail=v13@v13.gr; spf=neutral
Authentication-Results: MX-IN-01.forthnet.gr header.from=v13@v13.gr; sender-id=neutral
From: Stefanos Harhalakis <v13@v13.gr>
To: Joe Touch <touch@isi.edu>
Date: Sun, 10 Aug 2008 15:07:35 +0300
User-Agent: KMail/1.9.9
References: <0C53DCFB700D144284A584F54711EC58058C2FD4@xmb-sjc-21c.amer.cisco.com> <200808101237.46574.v13@v13.gr> <489ECCD2.9010608@isi.edu>
In-Reply-To: <489ECCD2.9010608@isi.edu>
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200808101507.35830.v13@v13.gr>
Cc: tcpm@ietf.org, "Anantha Ramaiah (ananth)" <ananth@cisco.com>
Subject: Re: [tcpm] TCP-AO review comments.
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
On Sunday 10 August 2008, Joe Touch wrote: > Stefanos Harhalakis wrote: > | Also, is there any good in including a (1-byte - or smaller with some > | unused > | bits) version field in TCP-AO? This will help similar future > | extensions/replacements and will also allow for easier authentication > | option > | handshaking by falling back to the highest commonly supported method. > > <indiv hat on> > Options don't typically have version numbers; they're implicit in the > option KIND itself. IMO, that's why TCP-AO is requesting a new KIND value. Agreed, but since this is a 'group of options' that exclude each other, a kind of initial handshake is inevitable. As far as I see it, even with just TCP-MD5 and TCP-AO there is an initial handshake problem for deciding which one of them both ends support (no?). Practically this makes the transition from MD5 to AO a hard issue. Considering this, in the future (lets say in 5 years) another such option 'upgrade' won't be feasible. Of course a new KIND is required for TCP-AO but I believe that this should be the last one for the "series" of TCP authentication options. In fact, this may not be considered as a different 'KIND' of options, unless the SYN-senter negotiations all authentication options and the SYN-receiver selects the best that it supports. Since this isn't possible with limited TCP options space and SYN-cookies issues, something different is required (versioning). Do you see another (better) long-term solution? _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- Re: [tcpm] TCP-AO review comments. Joe Touch
- [tcpm] TCP-AO review comments. Anantha Ramaiah (ananth)
- Re: [tcpm] TCP-AO review comments. Joe Touch
- Re: [tcpm] TCP-AO review comments. Anantha Ramaiah (ananth)
- Re: [tcpm] TCP-AO review comments. Joe Touch
- Re: [tcpm] TCP-AO review comments. Eddy, Wesley M. (GRC-RCN0)[VZ]
- Re: [tcpm] TCP-AO review comments. Adam Langley
- Re: [tcpm] TCP-AO review comments. Chandrashekhar Appanna
- Re: [tcpm] TCP-AO review comments. Lars Eggert
- Re: [tcpm] TCP-AO review comments. Caitlin Bestler
- Re: [tcpm] TCP-AO review comments. Eric Rescorla
- Re: [tcpm] TCP-AO review comments. Joe Touch
- Re: [tcpm] TCP-AO review comments. Ron Bonica
- Re: [tcpm] TCP-AO review comments. Stefanos Harhalakis
- Re: [tcpm] TCP-AO review comments. Joe Touch
- Re: [tcpm] TCP-AO review comments. Joe Touch
- Re: [tcpm] TCP-AO review comments. Stefanos Harhalakis
- Re: [tcpm] TCP-AO review comments. Joe Touch
- Re: [tcpm] TCP-AO review comments. Stefanos Harhalakis