Re: [tcpm] AO-04: Text for Key Coordination
Joe Touch <touch@ISI.EDU> Mon, 23 March 2009 18:54 UTC
Return-Path: <touch@ISI.EDU>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BE9FD3A6981 for <tcpm@core3.amsl.com>; Mon, 23 Mar 2009 11:54:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_31=0.6, J_CHICKENPOX_91=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I1sMDoP01lQi for <tcpm@core3.amsl.com>; Mon, 23 Mar 2009 11:54:05 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 9B8A03A68AF for <tcpm@ietf.org>; Mon, 23 Mar 2009 11:54:05 -0700 (PDT)
Received: from [75.210.1.40] (40.sub-75-210-1.myvzw.com [75.210.1.40]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id n2NIrjax015341; Mon, 23 Mar 2009 11:53:47 -0700 (PDT)
Message-ID: <49C7DAB9.107@isi.edu>
Date: Mon, 23 Mar 2009 11:53:45 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: "Gregory M. Lebovitz" <gregory.ietf@gmail.com>
References: <49c7d378.16048e0a.3d85.ffffcfea@mx.google.com>
In-Reply-To: <49c7d378.16048e0a.3d85.ffffcfea@mx.google.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm@ietf.org
Subject: Re: [tcpm] AO-04: Text for Key Coordination
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2009 18:54:06 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, all, The key coordination mechanism described in -04 assumes that MKTs can be used and changed in each direction independently. In specific, it assumes that: sending NextKeyID=N means that the sender is "ready to receive" that the MKT indicated by N i.e., it hopefully causes the other site to start sending with MKT=N The text below tries to extend that to imply that the same signal also means a desire to force both sides to send with MKT=N, i.e., that NextKeyID means "wants to send AND is ready to receive". I.e., it implies that MKTs should be used symmetrically, and that coordination should result in closure to that state. This has several issues: 1) the mechanism is more complex, as described below 2) the mechanism requires resolution when both sides set different NextKeyID values i.e., if both sides change to different nextkeyID's that differ before closure to a new MKT, then it's not clear whether closure will be achieved or to what value. It's not clear why symmetric key *use* should be encouraged or required. I favor the current mechanism for its simplicity and, IMO, sufficiency. Further, I don't see a reason why we would need to require the API to force new keys entered into the TSAD to immediately be favored; a single TSAD entry could apply to multiple active connections, and it's not clear they should all change immediately as a result. I prefer to allow the API to have the user explicitly indicate the next_key for a given active connection (note that next_key isn't meaningful for connections not yet active anyway). Joe Gregory M. Lebovitz wrote: > Hey all, > I sent this text to Joe for -04, but it didn't quite make it. This text > may or may not need to be in the spec. Personally, I'd like to see it in > an example, or in an appendix, because I think it really makes clear how > the coordination occurs in tricky case. I do think the rules need to be > included in the main body text. Pls comment: > > > ============ > > For three keys K1, K# and Kx > > When only K1 is entered into TCP, set > > KeyID = K1 > > NextKeyID = KeyID > > > > send K1,K1 (per KeyID, NextKeyID convention) > > > > When K# is entered, set > > KeyID = K1 > > NextKeyID = K# > > send K1,K# and continue sending K1,K# until K*,K# is received (where > > "*" is wildcard ANY) > > > > Once receive K*,K# > > K1 - start 2MSL timer > > set KeyID = K# > > AND > > SEND K#, K# > > -thus, will no longer send with K1, even if receive a segment out of > > order with K1,K1 because already know that other side has and can use > > K#, and K# has higher preference over K1. > > > > When Kx is entered > > K1 - MSLtimer !=0 > > KeyID = K# > > NextKeyID = Kx > > AND > > SEND K#, Kx until K*,Kx is received. > > > > Once receive K*,Kx > > K1 - MSLtimer !=0 > > set > > K# - start 2MSLtimer > > KeyID = Kx > > AND > > SEND Kx, Kx > > > > In the below case, we assume K1 was current, then K# and Kx > respectively > > where entered in quick succession. > > > > KeyID = K1 > > NextKeyID = K# > > > > if no segments are received from Alice with K# in NextKeyID, then K# > > never gets set to KeyID, and as such no segement is ever sent MAC'd > > using K#. > > > > Then Kx is entered into Bob's TCP. Now: > > > > KeyID = K1 > > K# - start 2MSL timer > > NextKeyID = Kx > > > > because > > (a) we never made the shift to sending protected with K#, and > > (b) K1 is the only known good key for both me and Alice, so far, and > > (c) there can only be one NextKeyID, and Kx was the last entered, so > > it gets NextKeyID > > > > In JT's out of order arrival example... > > > > The following flag settings would exist on Bob: > > KeyID = K1 > > K# - 2MSLtimer !=0 > > NextKeyID = Kx > > > > For snd = what Alice sends, rcv = what Bob receives, rply = what Bob > > sends next (and we drop the "Ks" for ease of notation) > > > > snd rcv rply > > ----- ---- ------- > > 1,1 1,1 1,x > > 1,# 1,x x,x Bob executes K1 start 2MSLtimer, AND KeyID = Kx, > > AND NextKeyID=KeyID > > 1,x 1,# x,x > > (at this point Alice would start sending x,x) > > (even if she didn't for some reason, like she hadn't yet received back > > an x,x from Bob due to drops or latency, it would look like: > > 1,x 1,x x,x > > 1,x 1,x x,x > > 1,x 1,x x,x > > ... > > (until Alice finally received an x,x from Bob, and thus started > sending x,x) > > x,x x,x x,x > > x,x x,x x,x > > > > The rules describing all this are: > > > > For local values of > > KeyID > > NextKeyID > > > SENDING: > > IF NextKeyID = KeyID, send KeyID(KeyID), NextKeyID(KeyID) > > ELSE send KeyID(KeyID), NextKeyID(NextKeyID) > > > KEY MOVEMENT: > > when you receive a NextKeyID = Ky from peer: > > > IF for local Ky 2MSLtime != 0, then do nothing > > IF local KeyID = Ky, do nothing > > IF local NextKeyID = Ky, and NextKeyID != KeyID > > THEN, given a current KeyID = Kx, start Kx 2MSLtimer > > AND set local KeyID = Ky > > AND set local NextKeyID = KeyID > > > ENTERING KEYS INTO TCP: > > When a new key Ky is entered into TCP, for an existing Kx: > > > IF NextKeyID = KeyID, THEN set NextKeyID = Ky, > now KextKeyID = Ky and KeyID = Kx > > IF local Kx = NextKeyID != KeyID, THEN set Kx 2MSLtimer, > > AND set NextKeyID = Ky > > IF Ky 2MSLtimer != 0, THEN set Ky 2MSLtimer = 0, AND NextKeyID = Ky > > (This one is for repeated keyID value usage, or correcting a > config > > mixup.) > > or we might want to say: > > IF Ky 2MSLtimer !=0, THEN throw error "Ky already in aging state, > > cannot install" > > > > Thoughts? > Gregory. > > +++++++++++++++++++++++ > IETF-related email from > Gregory M. Lebovitz > Juniper Networks > g r e go r y d o t i e tf a t g m a i l do t c o m > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknH2rkACgkQE5f5cImnZrv4cgCdGGl76ducLvmgwR8lyXKp0RZS eaAAoLiPUq9nn/h3axscGxn6NaiJ/xOU =pFhi -----END PGP SIGNATURE-----
- [tcpm] AO-04: Text for Key Coordination Gregory M. Lebovitz
- Re: [tcpm] AO-04: Text for Key Coordination Joe Touch