Re: [tcpm] question about TCP-AO and rekeying

Eric Rescorla <ekr@networkresonance.com> Wed, 17 June 2009 16:11 UTC

Return-Path: <ekr@networkresonance.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E7B823A6C3C for <tcpm@core3.amsl.com>; Wed, 17 Jun 2009 09:11:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.291
X-Spam-Level:
X-Spam-Status: No, score=-1.291 tagged_above=-999 required=5 tests=[AWL=1.308, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cOsGYR9d6kjZ for <tcpm@core3.amsl.com>; Wed, 17 Jun 2009 09:11:43 -0700 (PDT)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id 0FED03A6AC1 for <tcpm@ietf.org>; Wed, 17 Jun 2009 09:11:43 -0700 (PDT)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 5276C50822; Wed, 17 Jun 2009 09:15:18 -0700 (PDT)
Date: Wed, 17 Jun 2009 09:15:18 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Joe Touch <touch@ISI.EDU>
In-Reply-To: <4A390EC0.6070003@isi.edu>
References: <4A2AB973.3030203@isi.edu> <20090616131807.75C481BC6EB@kilo.networkresonance.com> <4A37A202.9020500@isi.edu> <20090617054551.A4E0C1BCA23@kilo.networkresonance.com> <4A388C37.3030703@isi.edu> <20090617140939.A3AB61BCC72@kilo.networkresonance.com> <4A390EC0.6070003@isi.edu>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20090617161518.5276C50822@romeo.rtfm.com>
Cc: tcpm Extensions WG <tcpm@ietf.org>
Subject: Re: [tcpm] question about TCP-AO and rekeying
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2009 16:11:44 -0000

At Wed, 17 Jun 2009 08:41:52 -0700,
Joe Touch wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> Eric Rescorla wrote:
> > At Tue, 16 Jun 2009 23:24:55 -0700,
> > Joe Touch wrote:
> >> Eric Rescorla wrote:
> >> ...
> >>>> However, the invariant is twofold:
> >>>>
> >>>> 	a) for a given packet, only one MKT applies
> >>>>
> >>>> 	b) for two endpoints with multiple MKTs,
> >>>> 	the *same* MKT applies.
> >>> I don't see that this is true. As I understand the current design
> >>> there's no reason that both sides can't use different MKTs
> >>> indefinitely.
> >> Each side can use a different MKT to transmit. However, if side A uses
> >> MKT X to transmit, then side B needs to know to use MKT X to receive. If
> >> side A matches MKT X on transmit and side B matches MKT Y on receive,
> >> then there's a problem for that connection.
> >>
> >> So let's rephrase, recognizing that there are two MKTs at any given time
> >> (one for transmit on each side, and the same pair for receive on the
> >> opposite side).
> >>
> >> b) for two endpoints, if a given packet matches MKT on one side during
> >> transmit, it must match the corresponding MKT on the other side during
> >> receive.
> > 
> > Right, but this doesn't require ordering or non-overlapping, as far as
> > I can tell.  It merely requires that at any time there only be one MKT
> > corresponding to any given socketpair/key-id.
> 
> That is only possible with either non-overlapping or ordering to resolve
> overlaps.

I don't see why this is true. Any time a new key is entered, you
find all other keys that overlap with it and verify that they
have distinct key-ids. If so, the entry fails. If that's what
you mean by "prohibit overlaps", yes, I think we should
prohibit overlaps. 

If what you mean is that two MKTs with different key-ids can't overlap
the same socket pair space, I don't see a problem with that.

-Ekr