IETF Logo Mail Archive

Re: [tcpm] TCP-AO: Text for New_Key Process

Joe Touch <touch@ISI.EDU> Tue, 03 February 2009 16:36 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 832C128C172; Tue, 3 Feb 2009 08:36:23 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E193328C172 for <tcpm@core3.amsl.com>; Tue, 3 Feb 2009 08:36:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aTn7pfiuGwny for <tcpm@core3.amsl.com>; Tue, 3 Feb 2009 08:36:21 -0800 (PST)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) by core3.amsl.com (Postfix) with ESMTP id 0852D28C126 for <tcpm@ietf.org>; Tue, 3 Feb 2009 08:36:20 -0800 (PST)
Received: from [128.9.168.63] (bet.isi.edu [128.9.168.63]) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id n13GYrrb023920; Tue, 3 Feb 2009 08:34:54 -0800 (PST)
Message-ID: <4988722D.9070104@isi.edu>
Date: Tue, 03 Feb 2009 08:34:53 -0800
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: Eric Rescorla <ekr@networkresonance.com>
References: <7.1.0.9.2.20081219010400.02bfd3d8@gmail.com> <496d9941.18038e0a.5558.ffffd3a6@mx.google.com> <497F7DDC.70309@isi.edu> <20090128162756.3799450822@romeo.rtfm.com> <B33C7F84-66B7-4F2C-9B04-2BC1716C7994@cisco.com> <498618DA.1070308@isi.edu> <20090202162602.D178450822@romeo.rtfm.com> <1233596612.498730c436efe@webmail.isi.edu> <20090203041052.83BCF50822@romeo.rtfm.com> <4987D110.7020804@isi.edu> <20090203152834.712B350822@romeo.rtfm.com>
In-Reply-To: <20090203152834.712B350822@romeo.rtfm.com>
X-Enigmail-Version: 0.95.7
X-MailScanner-ID: n13GYrrb023920
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm@ietf.org, Allison Mankin <mankin@psg.com>, skonduru@juniper.net
Subject: Re: [tcpm] TCP-AO: Text for New_Key Process
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Eric Rescorla wrote:
> At Mon, 02 Feb 2009 21:07:28 -0800,
> Joe Touch wrote:
>>
>>
>> Eric Rescorla wrote:
>> ...
>>>>> Well, I don't really favor they ke flag approach, but it occurs to
>>>>> me that this is easily fixed by replacing the key flag with a 
>>>>> "ready to use" byte. Recall that the length of the MAC is tied
>>>>> to the key so if you know the key-id you know the length of the
>>>>> MAC. This makes the Length byte partly redundant. Accordingly,
>>>>> you could have the following format:
>>>>>
>>>>>  - Kind (1)
>>>>>  - Length (1)
>>>>>  - Key-ID (1)
>>>>>  - Ready-keys [variable]
>>>>>  - MAC
>>>> That is variable length, even when the active key has not changed; that means
>>>> conditional parsing is required, which is cumbersome.
>>> s/cumbersome/trivial/
>> Well, if trivial means the following, sure:
>>
>> 1) get the keyID
>> 2) go to the TSAD to get the MAC length
>> 3) pass the KeyID and the MAC pointer = (option start + length - 
>> mac_length) to the verification alg
> 
> Well, Joe, since you brought it up, this whole architecture
> you've invented for the internal structure (TSAD, etc.) is the
> source of the clumsiness, not the need for variable parsing.

OK, let's call the place where the connection info is stored the STORE.
Then the steps still become:

- - get the keyID from the packet
- - go to the STORE to find out how long the MAC is
- - pass the keyID and (optionstart + len - maclen)

Still three steps, vs one:

- - pass the keyID and (optionstart + 2)

Note that the second way doesn't need to go to a separate table of
information to figure out how to finish parsing the packet. Regardless
of what you call it or where you put it, this takes multiple steps and
consulting the STORE before you can pass the required information to the
verification algorithm.

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJiHIsE5f5cImnZrsRAm7SAKDJ4CchLK9OwIzv0m3Km9tm0rnT+ACdEMY3
balSjdIt1pxxmLvq7Q3I/NE=
=aE98
-----END PGP SIGNATURE-----
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email