Re: [tcpm] TCP-AO: Text for New_Key Process
Eric Rescorla <ekr@networkresonance.com> Tue, 03 February 2009 15:12 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B183A3A6831; Tue, 3 Feb 2009 07:12:15 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 01F143A6831 for <tcpm@core3.amsl.com>; Tue, 3 Feb 2009 07:12:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.565
X-Spam-Level:
X-Spam-Status: No, score=-2.565 tagged_above=-999 required=5 tests=[AWL=0.034, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9bFUGhgWqQwG for <tcpm@core3.amsl.com>; Tue, 3 Feb 2009 07:12:12 -0800 (PST)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id D749A3A6824 for <tcpm@ietf.org>; Tue, 3 Feb 2009 07:12:12 -0800 (PST)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 712B350822; Tue, 3 Feb 2009 07:28:34 -0800 (PST)
Date: Tue, 03 Feb 2009 07:28:34 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: Joe Touch <touch@ISI.EDU>
In-Reply-To: <4987D110.7020804@isi.edu>
References: <7.1.0.9.2.20081219010400.02bfd3d8@gmail.com> <496d9941.18038e0a.5558.ffffd3a6@mx.google.com> <497F7DDC.70309@isi.edu> <20090128162756.3799450822@romeo.rtfm.com> <B33C7F84-66B7-4F2C-9B04-2BC1716C7994@cisco.com> <498618DA.1070308@isi.edu> <20090202162602.D178450822@romeo.rtfm.com> <1233596612.498730c436efe@webmail.isi.edu> <20090203041052.83BCF50822@romeo.rtfm.com> <4987D110.7020804@isi.edu>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20090203152834.712B350822@romeo.rtfm.com>
Cc: tcpm@ietf.org, Allison Mankin <mankin@psg.com>, skonduru@juniper.net
Subject: Re: [tcpm] TCP-AO: Text for New_Key Process
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
At Mon, 02 Feb 2009 21:07:28 -0800, Joe Touch wrote: > > > > Eric Rescorla wrote: > ... > >>> Well, I don't really favor they ke flag approach, but it occurs to > >>> me that this is easily fixed by replacing the key flag with a > >>> "ready to use" byte. Recall that the length of the MAC is tied > >>> to the key so if you know the key-id you know the length of the > >>> MAC. This makes the Length byte partly redundant. Accordingly, > >>> you could have the following format: > >>> > >>> - Kind (1) > >>> - Length (1) > >>> - Key-ID (1) > >>> - Ready-keys [variable] > >>> - MAC > >> That is variable length, even when the active key has not changed; that means > >> conditional parsing is required, which is cumbersome. > > > > s/cumbersome/trivial/ > > Well, if trivial means the following, sure: > > 1) get the keyID > 2) go to the TSAD to get the MAC length > 3) pass the KeyID and the MAC pointer = (option start + length - > mac_length) to the verification alg Well, Joe, since you brought it up, this whole architecture you've invented for the internal structure (TSAD, etc.) is the source of the clumsiness, not the need for variable parsing. I've written quite a few crypto stacks, including ones with MAC length dependent parsing (SSL has it) and if things are done properly, this isn't clumsy at all. So, no, I'm not particularly receptive to arguments about simplicity that derive from the TSAD architecture, since, as I've said several times now, I'd remove it entirely. -Ekr _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- Re: [tcpm] TCP-AO: Text for New_Key Process Gregory M. Lebovitz
- Re: [tcpm] TCP-AO: Text for New_Key Process Alfred Hönes
- Re: [tcpm] TCP-AO: Text for New_Key Process Joe Touch
- Re: [tcpm] TCP-AO: Text for New_Key Process Lars Eggert
- Re: [tcpm] TCP-AO: Text for New_Key Process Eric Rescorla
- Re: [tcpm] TCP-AO: Text for New_Key Process Joe Touch
- Re: [tcpm] TCP-AO: Text for New_Key Process Eric Rescorla
- Re: [tcpm] TCP-AO: Text for New_Key Process Joe Touch
- Re: [tcpm] TCP-AO: Text for New_Key Process Joe Touch
- Re: [tcpm] TCP-AO: Text for New_Key Process Eric Rescorla
- Re: [tcpm] TCP-AO: Text for New_Key Process Joe Touch
- Re: [tcpm] TCP-AO: Text for New_Key Process Eric Rescorla
- Re: [tcpm] TCP-AO: Text for New_Key Process Joe Touch
- Re: [tcpm] TCP-AO: Text for New_Key Process Brian Weis
- Re: [tcpm] TCP-AO: Text for New_Key Process Joe Touch
- Re: [tcpm] TCP-AO: Text for New_Key Process Brian Weis
- Re: [tcpm] TCP-AO: Text for New_Key Process Eric Rescorla
- Re: [tcpm] TCP-AO: Text for New_Key Process Eddy, Wesley M. (GRC-RCN0)[VZ]
- Re: [tcpm] TCP-AO: Text for New_Key Process Joe Touch
- Re: [tcpm] TCP-AO: Text for New_Key Process Caitlin Bestler
- Re: [tcpm] TCP-AO: Text for New_Key Process Eric Rescorla
- Re: [tcpm] TCP-AO: Text for New_Key Process Eric Rescorla
- Re: [tcpm] TCP-AO: Text for New_Key Process touch
- Re: [tcpm] TCP-AO: Text for New_Key Process Ron Bonica
- Re: [tcpm] TCP-AO: Text for New_Key Process Eric Rescorla
- Re: [tcpm] TCP-AO: Text for New_Key Process Eric Rescorla
- Re: [tcpm] TCP-AO: Text for New_Key Process Joe Touch
- Re: [tcpm] TCP-AO: Text for New_Key Process Joe Touch
- Re: [tcpm] TCP-AO: Text for New_Key Process Eric Rescorla
- Re: [tcpm] TCP-AO: Text for New_Key Process Eric Rescorla
- Re: [tcpm] TCP-AO: Text for New_Key Process Joe Touch
- Re: [tcpm] TCP-AO: Text for New_Key Process Eric Rescorla
- Re: [tcpm] TCP-AO: Text for New_Key Process Joe Touch
- Re: [tcpm] TCP-AO: Text for New_Key Process Eric Rescorla