Re: [tcpm] public-private keys for TCP-AO

"Jakob Heitz (jheitz)" <> Tue, 30 October 2018 01:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AB19A1274D0 for <>; Mon, 29 Oct 2018 18:41:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.97
X-Spam-Status: No, score=-14.97 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ed2OyP9BxnW0 for <>; Mon, 29 Oct 2018 18:41:50 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 48946126DBF for <>; Mon, 29 Oct 2018 18:41:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=23150; q=dns/txt; s=iport; t=1540863710; x=1542073310; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Sp4JIqIId0FMLSvJhuH11nb6ZnnA4CH3uzk7VxZyyJc=; b=MoKyKBN35E7S+oHmR5ZGndlZtSa3pmAVR6Zg191ZC+yN10m3Zt/DYJVT 6MVB61HJUGgoE4YnZg9kM7azTzyWabNe/1neMhUledTnXW6jCEueRN6D5 wn0COVBm1l6FP1S60tFfngkZl0MZQb+8QXM0JHMWS9irF79buQDAWmoJe E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AEAACZtddb/5JdJa1kGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBUQUBAQEBCwGBDUgvZn8oCoNriBiMGYINlyCBegsBARgBCoR?= =?us-ascii?q?JAheDFiE0DQ0BAwEBAgEBAm0cDIU6AQEBAQMBASEKQQsQAgEIEQQBASgDAgI?= =?us-ascii?q?CJQsUCQgBAQQOBQiDGoEdZA+pbIEuih0Fi0keF4FBP4QjWYJCAQGCF4JOglc?= =?us-ascii?q?CjkqGIolJVAkCkHogjWaCYZZ1AhEUgSYdOIFVcBU7gmyCJQEXiFyFPm+MBoE?= =?us-ascii?q?fAQE?=
X-IronPort-AV: E=Sophos;i="5.54,442,1534809600"; d="scan'208,217";a="193766347"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Oct 2018 01:41:49 +0000
Received: from ( []) by (8.15.2/8.15.2) with ESMTPS id w9U1fmj1011936 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 30 Oct 2018 01:41:49 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 29 Oct 2018 20:41:48 -0500
Received: from ([]) by ([]) with mapi id 15.00.1395.000; Mon, 29 Oct 2018 20:41:48 -0500
From: "Jakob Heitz (jheitz)" <>
To: Joe Touch <>
CC: "" <>
Thread-Topic: [tcpm] public-private keys for TCP-AO
Thread-Index: AdRv51Oca8SVyggpTLame1T3B/a0kQAME/iAAApbkFD//7O5gIAAU4Pg
Date: Tue, 30 Oct 2018 01:41:48 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_12b0f677e60443d8a32b4d56370787d7XCHALN014ciscocom_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [tcpm] public-private keys for TCP-AO
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 30 Oct 2018 01:41:53 -0000

Because distributing public keys is easier.
Private keys don't need to be distributed. They stay inside the machine that generates them.

Distributing and safe guarding symmetric keys is a major hassle.


From: Joe Touch <>
Sent: Monday, October 29, 2018 6:37 PM
To: Jakob Heitz (jheitz) <>
Subject: Re: [tcpm] public-private keys for TCP-AO

On Oct 29, 2018, at 6:22 PM, Jakob Heitz (jheitz) <<>> wrote:

Can you think of a way to do it that will work?
Like the KDF is just a static list or something.
The sender generates a set of key pairs and numbers them.
It then puts the list of public keys into a file and distributes them to all receivers in the clear.

You’d have to find a way to specify the use of private and public keys on both sides, in advance, and distribute enough for the upcoming connections - then you’d have to hash into that list in a way that avoids reuse. At that point, why not just distribute symmetric keys and be done with it?


The KDF is just to index into this file.

Because the use case, at least, makes sense.


From: Joe Touch <<>>
Sent: Monday, October 29, 2018 6:13 PM
To: Jakob Heitz (jheitz) <<>>
Subject: Re: [tcpm] public-private keys for TCP-AO

On Oct 29, 2018, at 5:45 PM, Jakob Heitz (jheitz) <<>> wrote:

Why was there not a public-private key algorithm specified for TCP-AO? Or did I miss it?

There has not been. I doubt it would make sense (see below).

For example ECC.
An MKT can specify a private key for the sender and a public key for the receivers.

Yes, but the MKT is derived into public/private keys using a KDF.

I am not aware of a KDF that can take a private key and generate a derived private key that would work with a correspondingly derived public key generated from the corresponding public key.

To use, the sender will hash the data, encrypt the hash and put the result into the MAC field.
The receiver would decrypt the MAC field, then hash the data and verify the hash against the decrypted MAC.
This way, the private key never needs to be exposed to anyone, simplifying key management.
Is there any objection to getting this done?

See above; it doesn’t make sense with the way TCP-AO derives keys for each connection, AFAICT.



tcpm mailing list<>

tcpm mailing list<>