Re: [tcpm] TCP-AO: Text for New_Key Process

At Mon, 02 Feb 2009 21:07:28 -0800,
Joe Touch wrote:
> 
> 
> 
> Eric Rescorla wrote:
> ...
> >>> Well, I don't really favor they ke flag approach, but it occurs to
> >>> me that this is easily fixed by replacing the key flag with a 
> >>> "ready to use" byte. Recall that the length of the MAC is tied
> >>> to the key so if you know the key-id you know the length of the
> >>> MAC. This makes the Length byte partly redundant. Accordingly,
> >>> you could have the following format:
> >>>
> >>>  - Kind (1)
> >>>  - Length (1)
> >>>  - Key-ID (1)
> >>>  - Ready-keys [variable]
> >>>  - MAC
> >> That is variable length, even when the active key has not changed; that means
> >> conditional parsing is required, which is cumbersome.
> > 
> > s/cumbersome/trivial/
> 
> Well, if trivial means the following, sure:
> 
> 1) get the keyID
> 2) go to the TSAD to get the MAC length
> 3) pass the KeyID and the MAC pointer = (option start + length - 
> mac_length) to the verification alg

Well, Joe, since you brought it up, this whole architecture
you've invented for the internal structure (TSAD, etc.) is the
source of the clumsiness, not the need for variable parsing.
I've written quite a few crypto stacks, including ones with
MAC length dependent parsing (SSL has it) and if things are
done properly, this isn't clumsy at all.

So, no, I'm not particularly receptive to arguments about simplicity
that derive from the TSAD architecture, since, as I've said
several times now, I'd remove it entirely.

-Ekr

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm