IETF Logo Mail Archive

Re: [tcpm] [multipathtcp] new tcpcrypt draft available

Andrea Bittau <bittau@cs.stanford.edu> Tue, 18 February 2014 06:07 UTC

Return-Path: <bittau@gmail.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC8351A03E7; Mon, 17 Feb 2014 22:07:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F8pB_zFYzSV9; Mon, 17 Feb 2014 22:07:48 -0800 (PST)
Received: from mail-yh0-x231.google.com (mail-yh0-x231.google.com [IPv6:2607:f8b0:4002:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 913E11A0354; Mon, 17 Feb 2014 22:07:48 -0800 (PST)
Received: by mail-yh0-f49.google.com with SMTP id t59so14817276yho.22 for <multiple recipients>; Mon, 17 Feb 2014 22:07:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=47HJafA9d6TLTnoImYkjCAFaFJTliwP0afe953au8kA=; b=rYI0VGCPrB4+22CAJ1CYhDm5GvThmrK82t22gCbaacrG6rBoTDfDwg2Gcic6emcbum nqqJtuA0gFBb02sA4oVjulBbwOiNDqf4+OAypcpURFxP/d298hv4mxXZ8OK8mDPe42dU ZRZXGv5VmxUMIn4oC+3e7tv7pk4LJt3GzYWZKvlY7Bk+SMMXk+z6vCqAceB0ElycrFH6 zN33uR/pgosCYiqAJddvcF9sLqD6DAmnCAZB2Gcdx7Ol3gZjabJaEO8are2DmRsrEIbe +h4D0wIEX9FtoHI1gxjRcAVIyWQM6BxndLl1FPXsF2E9yB6FVWYAxdRTmE75WYXKd5jH aaJw==
MIME-Version: 1.0
X-Received: by 10.236.23.71 with SMTP id u47mr400395yhu.143.1392703665680; Mon, 17 Feb 2014 22:07:45 -0800 (PST)
Sender: bittau@gmail.com
Received: by 10.170.112.9 with HTTP; Mon, 17 Feb 2014 22:07:45 -0800 (PST)
In-Reply-To: <49717166-F3BE-4C1D-82FD-9F8D8246B3CD@isi.edu>
References: <CABu4T3+JhOs7xwvqQW=2wVkOjMUFt-w-grzB4p2+XQY-POd59Q@mail.gmail.com> <20140217115552.GD4609@cpaasch-mac> <655C07320163294895BBADA28372AF5D1E91AA@FR712WXCHMBA15.zeu.alcatel-lucent.com> <BD1C50C0-92CC-46D6-AC04-1FFDB3D65C66@isi.edu> <20140217190812.GC5650@cpaasch-mac> <128BA48D-958A-427D-B0B8-60E4A6155718@isi.edu> <49717166-F3BE-4C1D-82FD-9F8D8246B3CD@isi.edu>
Date: Mon, 17 Feb 2014 22:07:45 -0800
X-Google-Sender-Auth: _4GkurutXZSWrqO8Xn4SYOmGIiE
Message-ID: <CABu4T3+fAkcRhC=Hb76q-SU2M4sV2tPaiuJ1O_Dz-aOombjJNQ@mail.gmail.com>
From: Andrea Bittau <bittau@cs.stanford.edu>
To: Joe Touch <touch@isi.edu>, David Mazieres expires 2014-03-21 PDT <mazieres-q62p5pu3tq8f5z455cgphqc3gn@temporary-address.scs.stanford.edu>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/XBVoKT51rdwDVkjnqqIr6LaJ140
Cc: "multipathtcp@ietf.org" <multipathtcp@ietf.org>, "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpm] [multipathtcp] new tcpcrypt draft available
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2014 06:07:51 -0000

Here's our current thinking on the MAC option and TSO:

As already mentioned, including in the MAC in the payload has its
complications like pure ACKs.  Also, we wanted to stay as "clean" as
possible and not mix metadata and payload throughout the TCP
connection.  We do want to MAC control bits, and possibly even empty
RST packets.  Having the MAC as an option also makes it possible to
immediately MAC-check and decrypt packets that arrive out of order.
Having the MAC in payload would change TCP implementations quite
significantly and we did not want to over complicate things.  Having
it as an option felt more natural, and certainly simpler.

As for limited option space, especially in the context of mptcp, we
need to understand mptcp better and see if we can come up with a
compact integration.  We do intend to discuss this at the IETF meeting
to see if this will be a fundamental problem.

TSO: in the context of tcpcrypt, we're using the CPU to MAC and
encrypt every payload byte, and that operation will be the bottleneck
compared to (software-based) segmentation.  The offload probably won't
buy you much.  We'd love to offload the crypto in next-generation
TSOs, though! ;D

Of course our current design does not work with middleboxes that
coalesce or split packets.  If this proves to be an issue, we need to
redesign.


On Mon, Feb 17, 2014 at 11:31 AM, Joe Touch <touch@isi.edu> wrote:
>
>
>> On Feb 17, 2014, at 11:18 AM, Joe Touch <touch@isi.edu> wrote:
>>
>>
>>
>>>> On Feb 17, 2014, at 11:08 AM, Christoph Paasch <christoph.paasch@uclouvain.be> wrote:
>>>>
>>>> On 17/02/14 - 10:13:36, Joe Touch wrote:
>>>> FYI that trick was discussed for multipath tcp.  See their archives goe
>>>> the reasons this isn't a good approach.
>>>
>>> Oh indeed - I realize that the tcpcrypt draft mandates the MAC on every
>>> packet (even on empty acknowledgments).
>>>
>>> If the MAC would only be used on packets with data, then it would have been fine.
>>
>> Star
>
> See. Not star.  Sorry for the autocorrect.
>
>
>> the multipath archives. That still won't work.
>>
>>>
>>> The problem for MPTCP was (if I remember correctly from the archives) because a
>>> zero-window announcment would prevent acknowledgments on the return-path.
>>>
>>>
>>>
>>> I think there is a second point of discussion for tcpcrypt:
>>>
>>> Is it really worth to enforce the MAC on non-data segments?
>>
>> If not you're using TLS. Securing the control bits ought to be equally important, though I have other problems with this draft
>> Joe
>>
>>>
>>>
>>> Cheers,
>>> Christoph
>>>
>>>
>>>>> On Feb 17, 2014, at 4:06 AM, "Scharf, Michael (Michael)"
>>>>> <michael.scharf@alcatel-lucent.com> wrote:
>>>>>
>>>>> FYI - this could matter to tcpm as well
>>>>>
>>>>>> -----Original Message----- From: multipathtcp
>>>>>> [mailto:multipathtcp-bounces@ietf.org] On Behalf Of Christoph Paasch
>>>>>> Sent: Monday, February 17, 2014 12:56 PM To: Andrea Bittau Cc:
>>>>>> multipathtcp@ietf.org Subject: Re: [multipathtcp] new tcpcrypt draft
>>>>>> available
>>>>>>
>>>>>> Hello Andrea,
>>>>>>
>>>>>>> On 16/02/14 - 14:54:18, Andrea Bittau wrote: For those interested, we
>>>>>>> posted a revised version of the tcpcrypt draft (opportunistic TCP
>>>>>>> encryption):
>>>>>>>
>>>>>>> http://www.ietf.org/id/draft-bittau-tcp-crypt-04.txt
>>>>>>>
>>>>>>> This will be discussed on Monday morning in tcpm, at the end of
>>>>>>> Session 1 (09:00--11:30).
>>>>>>>
>>>>>>> All comments are welcome, including any points that you'd like us to
>>>>>>> address in our presentation.
>>>>>>
>>>>>> I think it would be important to consider moving the MAC from the TCP
>>>>>> options space to the payload (similar to an SSL-record) to allow
>>>>>> support for TSO and segment splitting middleboxes and to avoid using up
>>>>>> all the TCP option space.
>>>>>>
>>>>>>
>>>>>> Cheers, Christoph
>>>>>>
>>>>>> _______________________________________________ multipathtcp mailing
>>>>>> list multipathtcp@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/multipathtcp
>>>>>
>>>>> _______________________________________________ multipathtcp mailing
>>>>> list multipathtcp@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/multipathtcp
>>>>
>>>> _______________________________________________ tcpm mailing list
>>>> tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
>
> _______________________________________________
> multipathtcp mailing list
> multipathtcp@ietf.org
> https://www.ietf.org/mailman/listinfo/multipathtcp

v2.23.0 | Report a Bug | By Email