Re: [tcpm] Updated SHA-2 AO draft
Brandon Williams <brandon.williams@akamai.com> Mon, 10 November 2014 00:36 UTC
Return-Path: <brandon.williams@akamai.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3A4F1A700A for <tcpm@ietfa.amsl.com>; Sun, 9 Nov 2014 16:36:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.794
X-Spam-Level:
X-Spam-Status: No, score=-4.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.594] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OdsSXgrcx0_2 for <tcpm@ietfa.amsl.com>; Sun, 9 Nov 2014 16:36:32 -0800 (PST)
Received: from prod-mail-xrelay02.akamai.com (prod-mail-xrelay02.akamai.com [72.246.2.14]) by ietfa.amsl.com (Postfix) with ESMTP id B39FE1A86E6 for <tcpm@ietf.org>; Sun, 9 Nov 2014 16:36:32 -0800 (PST)
Received: from prod-mail-xrelay02.akamai.com (localhost [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 8CA2D28540; Mon, 10 Nov 2014 00:36:31 +0000 (GMT)
Received: from prod-mail-relay07.akamai.com (prod-mail-relay07.akamai.com [172.17.121.112]) by prod-mail-xrelay02.akamai.com (Postfix) with ESMTP id 79CC82853B; Mon, 10 Nov 2014 00:36:31 +0000 (GMT)
Received: from [172.28.115.172] (unknown [172.28.115.172]) by prod-mail-relay07.akamai.com (Postfix) with ESMTP id 1D19E80047; Mon, 10 Nov 2014 00:36:31 +0000 (GMT)
Message-ID: <5460088F.6080104@akamai.com>
Date: Sun, 09 Nov 2014 19:36:31 -0500
From: Brandon Williams <brandon.williams@akamai.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: "Sujeet Nayak A (sua)" <sua@cisco.com>, "tcpm@ietf.org" <tcpm@ietf.org>
References: <D07531AA.74A10%sua@cisco.com>
In-Reply-To: <D07531AA.74A10%sua@cisco.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/_rs7Fz4RqefA5qfDJT4J_JBQQPs
Subject: Re: [tcpm] Updated SHA-2 AO draft
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2014 00:36:34 -0000
Hi Sujeet, I'm still concerned about whether there's enough space in the SYN header for this option. My concern is based mostly on a what I think is a flaw in the analysis from RFC5925 section 7.2, which leaves out the 4-byte MSS option. As the analysis from RFC6824 indicates, SYN packets typically include the MSS option, leaving only 21 bytes available in an option packed SYN and 16 in a worst-case unpacked SYN. TCP-AO with SHA1 works in either case, but SHA2 only works (just barely) in an option packed stack. Section 4 of your draft should probably be updated to account for the commonality of the MSS option and the related requirement either to drop one of the common SYN options or pack the option space. --Brandon On 10/28/2014 02:12 AM, Sujeet Nayak A (sua) wrote: > Hi, > Thanks everyone for your valuable review comments so far. Brian and > myself have updated the draft to produce the next version. > https://tools.ietf.org/html/draft-nayak-tcp-sha2-01 > > Some of the high level changes made are: > > * Because of TCP option space issue, SHA512 has been moved out of the > draft (a note added in the "Security Consideration" for future > support, when needed). > * Moved the motivation contents into the introduction section. > * Taken care of some of the RFC language related comments. > > Pl. review and let me know your feedback. On the other hand, if there is > a consensus that, the contents need to update RFC5926, and if that RFC > allows such an update, then we are happy to work with Greg on it. > > Regards, > > Sujeet -- Brandon Williams; Senior Principal Software Engineer Emerging Products Engineering; Akamai Technologies Inc.
- [tcpm] Updated SHA-2 AO draft Sujeet Nayak A (sua)
- Re: [tcpm] Updated SHA-2 AO draft Brandon Williams
- Re: [tcpm] Updated SHA-2 AO draft Joe Touch
- Re: [tcpm] Updated SHA-2 AO draft Sujeet Nayak A (sua)
- Re: [tcpm] Updated SHA-2 AO draft Brandon Williams
- Re: [tcpm] Updated SHA-2 AO draft Sujeet Nayak A (sua)