Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-01
Joe Touch <touch@ISI.EDU> Tue, 29 July 2008 22:30 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DBAF63A6B77; Tue, 29 Jul 2008 15:30:42 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B37B3A6B76 for <tcpm@core3.amsl.com>; Tue, 29 Jul 2008 15:30:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.489
X-Spam-Level:
X-Spam-Status: No, score=-2.489 tagged_above=-999 required=5 tests=[AWL=0.110, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XdLV-sEplREj for <tcpm@core3.amsl.com>; Tue, 29 Jul 2008 15:30:40 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 67A3F3A6AF8 for <tcpm@ietf.org>; Tue, 29 Jul 2008 15:30:40 -0700 (PDT)
Received: from [172.16.7.194] ([130.129.65.153]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id m6TMULM0006212 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 29 Jul 2008 15:30:24 -0700 (PDT)
Message-ID: <488F99DC.4040206@isi.edu>
Date: Tue, 29 Jul 2008 15:29:48 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: Eric Rescorla <ekr@networkresonance.com>
References: <20080728042451.C7A174B7AD3@kilo.rtfm.com> <488D6968.9010102@isi.edu> <20080728131254.3DD764B88F7@kilo.rtfm.com> <488DD77D.9070608@isi.edu> <20080728144721.AC9184B905A@kilo.rtfm.com> <488DE021.7070307@isi.edu> <20080728164013.422D14B9600@kilo.rtfm.com> <488E0644.6020006@isi.edu> <20080728180907.22EC04BA1D7@kilo.rtfm.com>
In-Reply-To: <20080728180907.22EC04BA1D7@kilo.rtfm.com>
X-Enigmail-Version: 0.95.6
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm@ietf.org
Subject: Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-01
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Eric, Eric Rescorla wrote: ...(concerns about having a separate key mgt doc) These concerns can be taken to the ADs, but at this point they may be moot. We might consider merging the resulting docs, but it's not clear why that would be useful. |> | The protocol must be constructed so that it is not possible to substitute |> | one packet for another and have it be accepted. This means that (either) |> | the data fed into the authentication function must be distinct or the |> | authentication function must have a distinct key. |> |> That implies a per-packet nonce, i.e., some fields - either in the |> packet or external - that are unique on a per-packet basis. | | Well, perhaps we're just differing in terminology, but I don't call | per-packet data fed into the authentication function a nonce. | I think of the nonce as a discrete value, not just the data. | But in this case we're just talking about MACing the packet. | | I just checked and neither AH nor TLS uses the term nonce here. IPsec uses sequence numbers for multiple reasons, so they're not called just nonces. I'm not sure if the same is true for TLS. If we're at least talking about the same thing (which I think we are now), then we can find a better word to describe it... Joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiPmdwACgkQE5f5cImnZrs0pACfTPAEByS/3DxoQGxYzttfWubt I64AoM+6MdHC8jUQKM2MMufdx+kBVCWI =cWF5 -----END PGP SIGNATURE----- _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-01 Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Adam Langley
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Adam Langley
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Adam Langley
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Anantha Ramaiah (ananth)
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Anantha Ramaiah (ananth)
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Anantha Ramaiah (ananth)
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Caitlin Bestler
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Lars Eggert
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- [tcpm] tcp-auth-opt issue: replay protection Joe Touch
- Re: [tcpm] tcp-auth-opt issue: replay protection Adam Langley
- Re: [tcpm] tcp-auth-opt issue: replay protection Joe Touch
- Re: [tcpm] tcp-auth-opt issue: replay protection Adam Langley
- Re: [tcpm] tcp-auth-opt issue: replay protection Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: replay protection Joe Touch
- Re: [tcpm] tcp-auth-opt issue: replay protection Adam Langley
- Re: [tcpm] tcp-auth-opt issue: replay protection Joe Touch
- Re: [tcpm] tcp-auth-opt issue: replay protection Lars Eggert
- Re: [tcpm] tcp-auth-opt issue: replay protection Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: replay protection Lars Eggert
- Re: [tcpm] tcp-auth-opt issue: replay protection Anantha Ramaiah (ananth)
- Re: [tcpm] tcp-auth-opt issue: replay protection Joe Touch
- Re: [tcpm] tcp-auth-opt issue: replay protection Eddy, Wesley M. (GRC-RCN0)[VZ]
- Re: [tcpm] tcp-auth-opt issue: replay protection Adam Langley
- Re: [tcpm] tcp-auth-opt issue: replay protection Caitlin Bestler
- Re: [tcpm] tcp-auth-opt issue: replay protection Joe Touch
- Re: [tcpm] tcp-auth-opt issue: replay protection Ron Bonica