Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 [This time for sure]
Joe Touch <touch@ISI.EDU> Mon, 23 March 2009 14:37 UTC
Return-Path: <touch@ISI.EDU>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D67B63A67DD for <tcpm@core3.amsl.com>; Mon, 23 Mar 2009 07:37:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lc0XbSyUFz+a for <tcpm@core3.amsl.com>; Mon, 23 Mar 2009 07:37:58 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id DE2E63A6BBD for <tcpm@ietf.org>; Mon, 23 Mar 2009 07:37:51 -0700 (PDT)
Received: from [75.211.77.114] (114.sub-75-211-77.myvzw.com [75.211.77.114]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id n2NEc8LS009906; Mon, 23 Mar 2009 07:38:10 -0700 (PDT)
Message-ID: <49C79ECF.2010501@isi.edu>
Date: Mon, 23 Mar 2009 07:38:07 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: Eric Rescorla <ekr@rtfm.com>
References: <d3aa5d00903230443s6d57cef4t4e30ef2aa68216e@mail.gmail.com>
In-Reply-To: <d3aa5d00903230443s6d57cef4t4e30ef2aa68216e@mail.gmail.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm@ietf.org
Subject: Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 [This time for sure]
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2009 14:37:59 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eric Rescorla wrote: > Eric Rescorla wrote: > ... >>> The most serious problem is the confusion in the text between >>> three concepts: >>> >>> - Master Keys >>> - Key-Ids >>> - Traffic keys >> We can clean up specific cases you can point us to, however the primary >> components are: >> >> master key tuples >> which are uniquely specified by a TCP socket pair >> together with a KeyID; a keyID alone is insufficient >> >> traffic keys >> which are derived from master key tuples and >> instantiated connection information (i.e., from the >> TCP TCB) > > Fine, but this version of the document repeatedly uses "key-id" > as synechdoche for both of these concepts, which is extraordinarily > confusing. A key-id is a label that points to another object. Agreed. Let's agree on what to fix (I think we have) and scrub the doc on that point. >>> As an example, S 8.1 reads: >>> >>> At any given time, a single TCP connection may have multiple KeyIDs >>> specified for each segment direction (incoming, outgoing). TCP-AO >>> provides a mechanism to indicate when a new KeyID is ready, to allow >>> >>> It's not that you have multiple key-ids. >> In each direction, there can be more than one KeyID inside the TCP >> segment header - at least that's what the ext is supposed to say. > > OK, well, I don't think that's what it says, and if so it's even > more confusing. An endpoint may have up to 256 master key tuples > (MKT) specified for each connection. It uses one and advertises > up to one more, but it is quite possible it would accept all 256. Will fix. >>> Indeed, if we're using >>> keys with different outgoing and incoming key-ids, you will *always* >>> have multiple key-ids. Rather, it's that you have multiple >>> master keys. >> Multiple keyIDs within a single connection means multiple master key >> tuples; the text can indicate that as well. That doesn't mean we don't >> have multiple keyIDs, though. > > Yes, but that's a representational issue, not a conceptual issue. > Again, it's a mistake to use "key-id" to stand for MKT. Yes. Will fix. >> The basic unit is the master key tuple, as per section 5: >> >> master key - i.e., the key string >> keyID >> MAC algorhtm >> >> Whenever the keyID appears in a segment (sent or received), that tuple >> is used to validate the contents. As per the most recent coordination, >> keyIDs are bidirectional, so there is no send or receive difference. > > It was not my understanding that we agreed that key-ids were bidirectional. > Rather, I believe we agreed that MKTs were bidirectional and that > there was a separate key-id in each direction, to address Russ's > concern. Russ can clarify. First, let's clarify some terms: key-id = a digit in [0..255] that, together with a connection's socket pair (as per RFC793, i.e., srcIP, dstIP, srcport, dstport) indicates a single MKT. key-id field = the value in the TCP-AO option key-id fields are unidirectional - they indicate the key-id used to authenticate that TCP segment key-ids are bidirectional - they indicate (with the socket pair) a MKT that can be used in either direction However, there is no utility in referring to the same MKT with different key-id values for the different directions of a single connection. Russ - can you clarify if that's what you were requesting? ... >> - -- changes name of top set to 'master_tuple' (as per Section 5) >> - -- adds the master key, which is the shared secret > > Sure. > > >>> As I've indicated previously, I find the TSAD/TAPD concept incredibly >>> unhelpful. There may well be implementations for which it is natural, >>> but I don't consider it the natural one, and making it in effect a >>> mandatory feature of the protocol seems like an undue burden on >>> implementors. I appreciate that this has been in the document since >>> day one, but if you go back to my review of -00 a year ago, I raised >>> exactly the same concern and we have never taken the discussion to >>> closure or had a consensus call, so I don't consider this in any >>> respect a settled issue. If there are those who feel it's important to >>> keep this design, I would ask the chairs to make this topic an >>> explicit agenda item and I would like agenda time to present an >>> alternative design. >> I've explained this in detail to Gregory, but I'm not sure if all of our >> discussion ended up in the text. Here's my recollection of that: >> >> Regardless of what happens outside TCP, when a new connection starts >> (initiating or responding), TCP needs to know whether TCP-AO is required >> or not. We need some way to describe policy for uninstantiated >> connections, and a way to tie that policy to keying material. That's >> what the TAPD is, and why it was thus renamed. > > This may or may not be true, but it doesn't follow that we need a > TAPD. As I indicated in a previous message, an alternative design > is to simply attach policy information to an individual *socket* > at the time it's instantiated: > > - Sockets instantiated in LISTEN mode would get a list of potential > remote addresses and MKTs (one could think of this as a mini-TAPD if > one wanted). > - Sockets instantiated with CONNECT would get a list of MKTs. > > If a packet is received for a connection in neither state it would > be assumed that AO did not apply. A system may want to force TCP-AO (or allow non-TCP-AO) on connections it is not yet ready to listen to (e.g., before any communications process starts). > My point is *not* that this is necessarily a superior implementation, > but that it's up to the implementor how to do things and that the > TSAD/TAPD concept is over-prescriptive (and confusing). All that > is required of the implementation is that it be unambiguous which > policy is to be applied. I agree that it's up to the implementer. IMO, it's useful to explain the behavior in terms of a central dbase - any implementation that is equivalent is fine. Do we need to say that more directly? >>> >> When a TAPD entry matches a new connection, TCP-AO is required. >>> This is true regardless of whether there are any master key tuples >>> present. >>> >>> Even if we accept the TAPD construct, this is too much requirement >>> on the implementation. Why can't I have a TPAD entry that means >>> "don't do AO". >> That's what the text implies. I.e., a TAPD entry without any master key >> tuples is equivalent to one that says "don't do AO". it doesn't make >> sense to have master key tuples and say "don't do AO" at the same time. >> >> I can clarify this if useful, but I thought it was clear enough as-is. >> Can others comment? > > But that is not in fact what the later text says, Rather, 9.5 (ii) > says: > > ii. If there is a TAPD entry with zero master key tuples, > silently discard the segment and cease further TCP > processing. Ahhh. Thanks. We need to change the text to allow for two variants: 1) TAPD without a key that MUST be TCP-AO'd (i.e., before a key is available) 2) TAPD to allow non-TCP-AO I can fix the text accordingly. >>> For a particular endpoint (i.e., IP address) there would be exactly >>> one TAPD that is consulted by all pending connections, the same way >>> that there is only one table of TCBs (a database can support multiple >>> endpoints, but an endpoint is represented in only one database). >>> Multiple databases could be used to support virtual hosts, i.e., >>> groups of interfaces. >>> >>> Again, TMI. This is one implementation, but there are sensible >>> implementations with multiple TAPDs. >> How ever many TAPDs an implementation has, they must act as if they were >> a single TAPD. Otherwise, I could have this: >> >> TAPD 1 TAPD 2 >> >> SRCIP=*,DSTIP=10.0.0.1 SRCIP=192.168.1.1,DSTIP=* >> -> MKT ID=23 -> MKT ID=54 >> >> Which one wins? > > I agree that it needs to be unambigous what packet processing > needs to be applied. But you're specifying one implementation. I'm trying to say that an implementation must act like a system with one TSAD (and can say that explicitly). A database is a property of relationships between sets of data (i.e., <socketpair, keyID> values and MKTs). Databases can be implemented in various ways, so long as that relationship is preserved. We rely on that relationship for correct operation, though. Joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknHns8ACgkQE5f5cImnZruKIQCdHi0nUBMsYwdaekjiRcnxZ9YZ 2DkAoOmtBJeDhDj2levO92ts0hxNrBH+ =ozcN -----END PGP SIGNATURE-----
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 … Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eddy, Wesley M. (GRC-RCN0)[Verizon]