IETF Logo Mail Archive

Re: [tcpm] TCP-AO: Text for New_Key Process

touch@ISI.EDU Mon, 02 February 2009 17:44 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 54F553A6BA7; Mon, 2 Feb 2009 09:44:42 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C572628C169 for <tcpm@core3.amsl.com>; Mon, 2 Feb 2009 09:44:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DPS1zgGc1+Ge for <tcpm@core3.amsl.com>; Mon, 2 Feb 2009 09:44:40 -0800 (PST)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) by core3.amsl.com (Postfix) with ESMTP id E7EEC3A6B35 for <tcpm@ietf.org>; Mon, 2 Feb 2009 09:44:39 -0800 (PST)
Received: from webmail.isi.edu (webmail.isi.edu [128.9.152.28]) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id n12HhYUC005661 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 2 Feb 2009 09:43:35 -0800 (PST)
Received: (from apache@localhost) by webmail.isi.edu (8.12.8/8.12.7) id n12HhWUn024286; Mon, 2 Feb 2009 09:43:32 -0800
X-Authentication-Warning: webmail.isi.edu: apache set sender to touch@isi.edu using -f
Received: from system212-7.losangeles.af.mil (system212-7.losangeles.af.mil [138.13.212.7]) by webmail.isi.edu (IMP) with HTTP for <touch@localhost>; Mon, 2 Feb 2009 09:43:32 -0800
Message-ID: <1233596612.498730c436efe@webmail.isi.edu>
Date: Mon, 02 Feb 2009 09:43:32 -0800
From: touch@ISI.EDU
To: Eric Rescorla <ekr@networkresonance.com>
References: <7.1.0.9.2.20081219010400.02bfd3d8@gmail.com> <496d9941.18038e0a.5558.ffffd3a6@mx.google.com> <497F7DDC.70309@isi.edu> <20090128162756.3799450822@romeo.rtfm.com> <B33C7F84-66B7-4F2C-9B04-2BC1716C7994@cisco.com> <498618DA.1070308@isi.edu> <20090202162602.D178450822@romeo.rtfm.com>
In-Reply-To: <20090202162602.D178450822@romeo.rtfm.com>
MIME-Version: 1.0
User-Agent: Internet Messaging Program (IMP) 3.2.2
X-Originating-IP: 138.13.212.7
X-MailScanner-ID: n12HhYUC005661
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm@ietf.org, Allison Mankin <mankin@psg.com>, skonduru@juniper.net
Subject: Re: [tcpm] TCP-AO: Text for New_Key Process
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

Quoting Eric Rescorla <ekr@networkresonance.com>:

> At Sun, 01 Feb 2009 13:49:14 -0800,
> Joe Touch wrote:
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > FYI - there's an important reason not to use a separate flag bit. Doing
> > so requires parsing the bits of the incoming packet, i.e., this adds
> > extra processing. It also indicates to everyone on the wire that a key
> > change is pending; when using only the KeyID, no extra parsing is needed
> > and the meaning of a changing key is opaque to those on the wire.
> 
> The extra parsing hardly strikes me as a severe burden and I don't
> really understand why we would care if an observer knows that a key
> change is imminent.
> 
> 
> > Using a key flag means that one side can only ever tell the other end
> > "ready to use the new key", not which key (if there could be more than
> > one). That means that if you try it once and it fails and you want to
> > try it again, you might have to wait MSL (a few minutes) to try it
> > again, otherwise an old packet might indicate 'ready to receive the new
> > key" for the wrong key.
> 
> Well, I don't really favor they ke flag approach, but it occurs to
> me that this is easily fixed by replacing the key flag with a 
> "ready to use" byte. Recall that the length of the MAC is tied
> to the key so if you know the key-id you know the length of the
> MAC. This makes the Length byte partly redundant. Accordingly,
> you could have the following format:
> 
>  - Kind (1)
>  - Length (1)
>  - Key-ID (1)
>  - Ready-keys [variable]
>  - MAC

That is variable length, even when the active key has not changed; that means
conditional parsing is required, which is cumbersome. We wanted to avoid
conditional parsing even to save a single byte (the odd/even mechanism I
suggested in earlier drafts). This seems even more awkward and unnecessary.

> > Overall, using just the keyID value as the indicator seems much more
> > flexible to and simple to me.
> 
> It's marginally simpler for the implementor of AO and a huge pain for
> everyone else.

It is simpler for the AO specification, simpler for the implementer, and exactly
the same effort for everyone else (i.e., the user/process changing over the
keys). 

Joe
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email