Re: [tcpm] question about TCP-AO and rekeying
Eric Rescorla <ekr@networkresonance.com> Fri, 19 June 2009 16:44 UTC
Return-Path: <ekr@networkresonance.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9EEC13A6812 for <tcpm@core3.amsl.com>; Fri, 19 Jun 2009 09:44:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.511
X-Spam-Level:
X-Spam-Status: No, score=-1.511 tagged_above=-999 required=5 tests=[AWL=1.088, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lqBe9ayQ-+mU for <tcpm@core3.amsl.com>; Fri, 19 Jun 2009 09:44:05 -0700 (PDT)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id C4BC93A689B for <tcpm@ietf.org>; Fri, 19 Jun 2009 09:43:46 -0700 (PDT)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 2353850822; Fri, 19 Jun 2009 09:47:24 -0700 (PDT)
Date: Fri, 19 Jun 2009 09:47:24 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Joe Touch <touch@ISI.EDU>
In-Reply-To: <4A3BBC2E.9040100@isi.edu>
References: <4A2AB973.3030203@isi.edu> <20090616131807.75C481BC6EB@kilo.networkresonance.com> <4A37A202.9020500@isi.edu> <20090617054551.A4E0C1BCA23@kilo.networkresonance.com> <4A388C37.3030703@isi.edu> <20090617140939.A3AB61BCC72@kilo.networkresonance.com> <4A390EC0.6070003@isi.edu> <20090617161518.5276C50822@romeo.rtfm.com> <4A3917B7.20301@isi.edu> <20090617232813.1C49D50822@romeo.rtfm.com> <4A39C800.2030901@isi.edu> <20090618051622.719361BDC6B@kilo.networkresonance.com> <4A39CE62.9050201@isi.edu> <20090618135721.164F31BDF06@kilo.networkresonance.com> <4A3A4A5D.2060504@isi.edu> <20090619043328.6C06E1BE12E@kilo.networkresonance.com> <4A3B3290.9020906@isi.edu> <20090619132135.0DF111BE198@kilo.networkresonance.com> <4A3BB16A.1000508@isi.edu> <20090619161614.EFC4850822@romeo.rtfm.com> <4A3BBC2E.9040100@isi.edu>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20090619164724.2353850822@romeo.rtfm.com>
Cc: tcpm Extensions WG <tcpm@ietf.org>
Subject: Re: [tcpm] question about TCP-AO and rekeying
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2009 16:44:06 -0000
At Fri, 19 Jun 2009 09:26:22 -0700, Joe Touch wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Eric Rescorla wrote: > > At Fri, 19 Jun 2009 08:40:26 -0700, > > Joe Touch wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> > >> > >> Eric Rescorla wrote: > >> ... > >>>> If that's where we put that logic, what happens when we don't have a > >>>> KMP? How do we know that both ends will do the same thing with a set of > >>>> manually entered keys? > >>> It was my understanding that the consensus was that we were not > >>> going to design a system that attempted to prevent user error. > >> Oh, absolutely, agreed. > >> > >> This is the kind of error where two ends install the keys correctly, but > >> internally the two implementations resolve overlap in different ways, so > >> keying fails. > >> > >>> Given that typographical errors in key entry seem far more likely > >>> than this kind of misconfiguration, if our intent is to prevent > >>> user error, then we should be attacking that first. > >> As above, this isn't a user error issue. This is a case where leaving > >> something to the implementer is what is causing the problem. > > > > Then I don't understand what you're talking about. > > > > The user installs two MKTs, one of which covers all ports and > > one of which covers port 521 (randomly chosen). Either of these > > MKTs is valid and either end can use either one to secure > > the connection independently. It doesn't matter what the > > prioritization schemes are on either end. > > If we just require that each segment maps to exactly one MKT, then one > end can do this by: > > - first entered, first picked > > The other end can do this by: > > - longest match > > So both sides are complying with "match only one MKT", but users can > easily install keys on both ends that would still not work. > > > If you're saying that the installation of a more specific MKT > > should not only take priority over but actually disable a > > less specific MKT for that port, then I think that's a pretty > > clear bug. > > I'm saying that the way in which we resolve overlapping MKTs matters. > > a) disallow entry of overlapping MKTs > > this means that valid MKTs for a connection might not > be able to be entered if there are more general > keys entered > > this also incurs computation during key entry (manual > or otherwise); is there a standard efficient alg. for > determining overlap? Note that we could be talking about > masks, ranges, etc. > > b) allow overlapping MKTs > > this means we need to indicate the resolution mechanism > i.e., longest match, ordered match, etc. OK, I fear we're talking past each other. My claim is that the system must enforce the following invariant: * There must be only one MKT defined that matches any given set of parameters: (s-ip, d-ip, s-port, s-port, key-id). This includes wildcards and ranges. Therefore there is never any ambiguity about which MKT a given packet is associated with. The only ambiguity is which MKTs an outgoing packet might be protected with, because of priority. However, those MKTs will always have distinct key-ids so there is no confusion. I believe that that corresponds to your choice (a). However, I don't see either of the issues you raise as problems: - If you have a more general MKT that matches a connection, you can enter a new MKT that is more specific. It merely must have a new key-id. This is just a generalization of how you update keys with the same level of specificity. - I'm not concerned about the computational cost at key entry. Checking whether a new MKT has overlap with an existing MKT is a linear process in the number of existing MKTs [*]. It's certainly not going to be a problem with the number of keys you can plausibly manually enter. I agree that it would be nice if the KMP prevented this intentionally, rather than having a check at installation time. In any case, I don't really see how we can get away from doing this kind of checking. Let's say for the sake of argument that we *never* allowed ranges. I.e., all MKTs had to be fully specified or be a wildcard. Even then you'd need to do a table lookup to verify that no two MKTs exactly matched each other including key-id. -Ekr [*] At worst. You can actually do much better using good data structures.
- [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Eddy, Wesley M. (GRC-MS00)[Verizon]
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch