Re: [tcpm] question about TCP-AO and rekeying
Eric Rescorla <ekr@networkresonance.com> Tue, 16 June 2009 13:17 UTC
Return-Path: <ekr@networkresonance.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 42AD43A6AF4 for <tcpm@core3.amsl.com>; Tue, 16 Jun 2009 06:17:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.018
X-Spam-Level:
X-Spam-Status: No, score=0.018 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wRCZKRXmN21H for <tcpm@core3.amsl.com>; Tue, 16 Jun 2009 06:17:48 -0700 (PDT)
Received: from kilo.networkresonance.com (74-95-2-169-SFBA.hfc.comcastbusiness.net [74.95.2.169]) by core3.amsl.com (Postfix) with ESMTP id 55C313A69C5 for <tcpm@ietf.org>; Tue, 16 Jun 2009 06:17:48 -0700 (PDT)
Received: from kilo.local (localhost [127.0.0.1]) by kilo.networkresonance.com (Postfix) with ESMTP id 75C481BC6EB; Tue, 16 Jun 2009 06:18:07 -0700 (PDT)
Date: Tue, 16 Jun 2009 06:18:06 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Joe Touch <touch@ISI.EDU>
In-Reply-To: <4A2AB973.3030203@isi.edu>
References: <4A2AB973.3030203@isi.edu>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20090616131807.75C481BC6EB@kilo.networkresonance.com>
Cc: tcpm Extensions WG <tcpm@ietf.org>
Subject: Re: [tcpm] question about TCP-AO and rekeying
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2009 13:17:49 -0000
At Sat, 06 Jun 2009 11:46:11 -0700, Joe Touch wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, all, > > One open issue remaining is how to express what was formerly a database > with a particular structure (TAPD, previously TSAD) in ways that impact > rekeying and possibly future master key management protocols. We decided > at the last meeting in SFO to do as follows: > > - require that each segment match only one key > - segments for established connections must match > only one connection key > - segments for new connections (SYNs) must match > only one master key > > Connection keys never overlap; there would never be two connection keys > with the same keyID and socket pair. The open issue focuses on master > keys, which would more likely be specified with wildcards, masks, or > ranges, esp. for remote port numbers, but also potentially for addresses > or local port numbers. This issue is particularly relevant for rekeying > - - adding new master keys that would result in new connection keys being > derived for existing connections - and how an endpoint would be able to > ensure uniqueness as above. > > Do we need additional constraints to ensure that master key descriptions > never overlap? > > As review, the previous description of keys as a database also implied, > by its structure, constraints on wildcards/masks/ranges. Each TAPD entry > was: > > a socket pair descriptor > which may include wildcards or masks > > one or more MKTs, each of which includes: > sendID > recvID > crypto info: > master key > MAC info > KDF info > > The TAPD was defined so that a segment matched at most one socket pair > descriptor, and that MKTs within that descriptor had distinct sendIDs > and recvIDs. > > If we remove that data structure, it would most obviously be replaced > with MKTs with their own socket descriptors, i.e.: > > MKT > socket pair descriptor (may include wildcards/masks) > sendID > recvID > crypto info > > The question that remains is whether MKTs that match a segment all have > identical socket pair descriptors, even down to their > wildcards/ranges/masks (which was previously required). If > not, then how do we ensure that MKTs don't interfere? I don't understand why this is a problem. The invariant that the system needs to enforce is that for any given packet there be at most one valid MKT with a given key-id, right? There are a number of ways to enforce this, including: 1. Having some kind of database. 2. Tying MKTs to sockets directly at the time of instantiation (including half-open sockets). > If we throw our hands up and say this is "implementation detail", then > IMO we could be hobbling any KMP, since there would be no common data > for the KMP to coordinate. I don't see this. Obviously, any KMP will need some model for how it thinks about keys and any particular implementation of a KMP will need to interact with the system on which it is implemented in order to match that model to the system's implementation, but I don't see how that's a problem. It's not like we're defining a C API for the KMP implementations to call. -Ekr
- [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Eddy, Wesley M. (GRC-MS00)[Verizon]
- Re: [tcpm] question about TCP-AO and rekeying Eric Rescorla
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch
- Re: [tcpm] question about TCP-AO and rekeying Joe Touch