Re: [tcpm] question about TCP-AO and rekeying

Joe Touch <touch@ISI.EDU> Thu, 18 June 2009 05:19 UTC

Return-Path: <touch@ISI.EDU>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D57093A6B15 for <tcpm@core3.amsl.com>; Wed, 17 Jun 2009 22:19:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.885
X-Spam-Level:
X-Spam-Status: No, score=-1.885 tagged_above=-999 required=5 tests=[AWL=-0.486, BAYES_00=-2.599, J_CHICKENPOX_23=0.6, J_CHICKENPOX_33=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gW1OrUTmQIpz for <tcpm@core3.amsl.com>; Wed, 17 Jun 2009 22:19:29 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 0D8A33A6BF1 for <tcpm@ietf.org>; Wed, 17 Jun 2009 22:19:29 -0700 (PDT)
Received: from [192.168.1.46] (pool-71-105-84-152.lsanca.dsl-w.verizon.net [71.105.84.152]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id n5I5JVew011272; Wed, 17 Jun 2009 22:19:32 -0700 (PDT)
Message-ID: <4A39CE62.9050201@isi.edu>
Date: Wed, 17 Jun 2009 22:19:30 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: Eric Rescorla <ekr@networkresonance.com>
References: <4A2AB973.3030203@isi.edu> <20090616131807.75C481BC6EB@kilo.networkresonance.com> <4A37A202.9020500@isi.edu> <20090617054551.A4E0C1BCA23@kilo.networkresonance.com> <4A388C37.3030703@isi.edu> <20090617140939.A3AB61BCC72@kilo.networkresonance.com> <4A390EC0.6070003@isi.edu> <20090617161518.5276C50822@romeo.rtfm.com> <4A3917B7.20301@isi.edu> <20090617232813.1C49D50822@romeo.rtfm.com> <4A39C800.2030901@isi.edu> <20090618051622.719361BDC6B@kilo.networkresonance.com>
In-Reply-To: <20090618051622.719361BDC6B@kilo.networkresonance.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm Extensions WG <tcpm@ietf.org>
Subject: Re: [tcpm] question about TCP-AO and rekeying
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2009 05:19:30 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Eric Rescorla wrote:
> At Wed, 17 Jun 2009 21:52:16 -0700,
> Joe Touch wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>>
>>>>> If so, the entry fails. If that's what
>>>>> you mean by "prohibit overlaps", yes, I think we should
>>>>> prohibit overlaps. 
>>>>>
>>>>> If what you mean is that two MKTs with different key-ids can't overlap
>>>>> the same socket pair space, I don't see a problem with that.
>>>> That is a problem for outgoing SYNs. For those, either the connection
>>>> has to know a-priori which ID to use, or we need to make sure MKTs can't
>>>> overlap at all (ignoring keyIDs).
>>> I'm sorry, but I don't see why. 
>> So let's consider outgoing SYNs.
>>
>> Consider a system with two MKTs:
>>
>> 	MKT alpha	from ANY:ANY to JOE:80	KEYID=4
>>
>> 	MKT beta	from ANY:ANY to ANY:ANY	KEYID=5
>>
>>
>> So my web client wants to connect to JOE:80. The web client has not been
>> modified to indicate a desired KEYID; I doubt many apps will be so
>> modified. So I'll need to ensure that the socket pair of the SYN matches
>> only one MKT.
>>
>> That means I can't have default keys, like beta.
> 
> Why on earth would you want to do this? The misquote Dr. Strangelove,
> "the whole point of a cryptographic key is lost unless you keep it
> a secret. Why would you tell the world?"
> 
> Since almost every other machine on the Internet isn't going to 
> have key beta, you're going to get packets that aren't protected
> with AO, in which case you'll have to discard them. Configuring
> your system this way is mostly useful for breaking TCP

It's a bit overgeneralized above, but clamp it down a bit more and it
might still make sense, e.g.:

	alpha		from ME:ANY to JOE:BGP KEYID=6
	beta		from ME:ANY to JOE:ANY KEYID=7

I.e., I may want to lock BGP with a different key than other connections
between the two, but OK to use a single key for the rest.

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAko5zmIACgkQE5f5cImnZrv6RACeO6qWdPaOSbNpxHvBWHnhIPOj
NIkAn0Ls9Ejgfe0apGSGuNJ4b53XD6Bq
=ldoM
-----END PGP SIGNATURE-----