IETF Logo Mail Archive

Re: [tcpm] TCP-AO: Text for New_Key Process

Eric Rescorla <ekr@networkresonance.com> Wed, 28 January 2009 17:37 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 661513A6A74; Wed, 28 Jan 2009 09:37:28 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 89BE13A67DA for <tcpm@core3.amsl.com>; Wed, 28 Jan 2009 09:37:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.559
X-Spam-Level:
X-Spam-Status: No, score=-2.559 tagged_above=-999 required=5 tests=[AWL=0.040, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u-FNwn9O2nrb for <tcpm@core3.amsl.com>; Wed, 28 Jan 2009 09:37:26 -0800 (PST)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id 691203A6A74 for <tcpm@ietf.org>; Wed, 28 Jan 2009 09:37:26 -0800 (PST)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id C434E50822; Wed, 28 Jan 2009 09:53:45 -0800 (PST)
Date: Wed, 28 Jan 2009 09:53:45 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: Joe Touch <touch@ISI.EDU>
In-Reply-To: <49808E94.8050107@isi.edu>
References: <7.1.0.9.2.20081219010400.02bfd3d8@gmail.com> <496d9941.18038e0a.5558.ffffd3a6@mx.google.com> <497F7DDC.70309@isi.edu> <20090128162756.3799450822@romeo.rtfm.com> <49808E94.8050107@isi.edu>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20090128175345.C434E50822@romeo.rtfm.com>
Cc: tcpm@ietf.org, Allison Mankin <mankin@psg.com>, skonduru@juniper.net
Subject: Re: [tcpm] TCP-AO: Text for New_Key Process
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

At Wed, 28 Jan 2009 08:57:56 -0800,
Joe Touch wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> Eric Rescorla wrote:
> > At Tue, 27 Jan 2009 13:34:20 -0800,
> > Joe Touch wrote:
> >> I'll kick off discussion on this point on the list.
> >>
> >> IMO, this mechanism is not viable for TCP-AO; it requires generating
> >> (and consuming) TCP segments that a native TCP would not generate. I was
> >> under the assumption that our design space was as close to TCP MD5 as
> >> possible, i.e., augment existing segments with a new option, but neither
> >> generate nor consume new segments.
> > 
> > I think it's important to separate two issues:
> > 
> > 1. How can an implementation decide when it's safe to use a newly installed
> >    key?
> > 2. How can an implementation help a peer implementation make that decision.
> > 
> > I think it's pretty clear that the most natural way to answer question
> > (1) is "when you see a segment protected with that key". Unfortunately,
> > this creates a deadlock problem since both sides are waiting for the
> > other side to use the key. Thus, we need a combination of two 
> > methods:
> > 
> > 1. If a node has two keys, OLD and NEW, as soon as it sees a segment
> >    from the peer protected with NEW, it starts sending with NEW.
> > 2. If a node has two keys, OLD and NEW, and it's still using OLD
> >    it occasionally experimentally sends a segment with NEW (probing).
> 
> I've already shown a way to achieve this without requiring the use of
> the NEW key, i.e., that used two KeyIDs with the OLD key, using the
> change in the KeyID to inform the endpoints. I've also described in that
> email a way to achieve this using the current API, without asking TCP-AO
> to generate new packets or to do anything conditional _inside_ TCP-AO;
> this can (and, IMO, should) all be accomplished with an external
> mechanism, with __no__ impact on the stack.

I read your mechanism, but I'm not sure it works.

The basic unit of operation here isn't keys but key-ids. It's true that
in your example key-id 6 refers to the same key as key-id 5, but that's
not something that the stack should be observing. In other words,
if you get a packet with key-id 6 and you only have key-id 5, you should
reject it, not try the key corresponding to key-id 5, so we've reduced
this to a previously unsolved problem.

If your point is that at the time I install key-id 5 I also install a
dummy key-id 6, and use that purely for signalling, I agree that that
would work, but it strikes me as extremely kludgy. There's no natural
connection between the switch from 5-6 and the switch from 5-7. So, 
no, I don't favor that approach.

-Ekr








_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email