Re: [tcpm] Roman Danyliw's No Objection on draft-ietf-tcpm-ao-test-vectors-08: (with COMMENT)
"touch@strayalpha.com" <touch@strayalpha.com> Wed, 02 March 2022 23:06 UTC
Return-Path: <touch@strayalpha.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id C82DC3A0D28;
Wed, 2 Mar 2022 15:06:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.328
X-Spam-Level:
X-Spam-Status: No, score=-1.328 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, T_SCC_BODY_TEXT_LINE=-0.01,
URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 5zpu90BNQzn5; Wed, 2 Mar 2022 15:06:39 -0800 (PST)
Received: from server217-1.web-hosting.com (server217-1.web-hosting.com
[198.54.114.226])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id B021A3A0D27;
Wed, 2 Mar 2022 15:06:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To:
From:Subject:Mime-Version:Content-Type:Sender:Reply-To:
Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=7sikqGaJGTeAHbstjrrq6NIZWRlr9I/uqRiPSlUpv7Y=; b=WOJ7ZmwiTokZo6y0kNaRtByspC
gxeoltmfmxHM7yWpW7v4fQ14JvZ4u9FB8vCB45xncf7EcFMfKauIQqjTfPnLse2by3P572doqg+H6
dd+ZoQMWaupucGOVHAj2ymcy/1AdillftSK3TM8W+bpKwNL+nV6I+aeMJFy29c0+l7TfEJ0RsvdDZ
3RkCjZROluux6/ZUbagt5jtGb5u6R+6yX+2PKWOgTxK3w6GU0KO578jSPL8n4ByqmpwVOrjzEqCav
ynQQYIF7ZJTMHVxF2rPnYtR6CnAiiqh28T0WNbqn13hSF1ORLroij0podslAov0U+ZfB/uS8+zsqE
iEFcUbYw==;
Received: from cpe-172-114-237-88.socal.res.rr.com ([172.114.237.88]:62455
helo=smtpclient.apple)
by server217.web-hosting.com with esmtpsa (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2)
(envelope-from <touch@strayalpha.com>)
id 1nPY3F-00G5zr-9I; Wed, 02 Mar 2022 18:06:38 -0500
Content-Type: multipart/alternative;
boundary="Apple-Mail=_BB7FAB7D-BD29-46D3-B1CC-8E5454CCB0CC"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <164624617425.17940.4257598685672395625@ietfa.amsl.com>
Date: Wed, 2 Mar 2022 15:06:31 -0800
Cc: The IESG <iesg@ietf.org>, draft-ietf-tcpm-ao-test-vectors@ietf.org,
tcpm-chairs@ietf.org, tcpm@ietf.org, michael.scharf@hs-esslingen.de
Message-Id: <B2284857-0A00-454F-A3F5-A2E234FAED11@strayalpha.com>
References: <164624617425.17940.4257598685672395625@ietfa.amsl.com>
To: Roman Danyliw <rdd@cert.org>
X-Mailer: Apple Mail (2.3693.60.0.1.1)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id:
touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/rEzDZQXs6jI3_rCzpqrPhBuLW5M>
Subject: Re: [tcpm] Roman Danyliw's No Objection on
draft-ietf-tcpm-ao-test-vectors-08: (with COMMENT)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>,
<mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>,
<mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2022 23:06:44 -0000
Hi, Roman, Thanks for your review. Comments below. Joe — Dr. Joe Touch, temporal epistemologist www.strayalpha.com > On Mar 2, 2022, at 10:36 AM, Roman Danyliw via Datatracker <noreply@ietf.org> wrote: > > Roman Danyliw has entered the following ballot position for > draft-ietf-tcpm-ao-test-vectors-08: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-tcpm-ao-test-vectors/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you for making this document to help validate implementations. > > Thank you to Christian Huitema for the SECDIR review. > > I didn’t not validate all of the examples. > > ** Section 3.1.5. Since ISNs are part of the context needed to make the > traffic key (per Section 5.2 of RFC5925), should some statement be made about > their values in these example packets? Yes - thanks for catching that; v09 will address this issue and correct the text in the known issues area (which is confusing on this point). > ** Given the observed implementation errors noted in Section 8, consider > including a single detailed example per algorithm of how the appropriate > traffic key and MAC would be computed in an appendix. For example, considering > Section 4.1.1, such a detailed example showing how to compute the traffic key > could be: Thanks - that’s a great suggestion. I’ll add that too. > > (fixed format font required to read it) > > ==[ snip ]== > Master_key: "testvector" (74 65 73 74 76 65 63 74 6F 72) > KDF_Alg: KDF_HMAC_SHA1 > IPv4/TCP Packet: > > 45 e0 00 4c dd 0f 40 00 ff 06 bf 6b 0a 0b 0c 0d > ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5a 00 00 00 00 > e0 02 ff ff ca c4 00 00 02 04 05 b4 01 03 03 08 > 04 02 08 0a 00 15 5a b7 00 00 00 00 1d 10 3d 54 > 2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7 > > Source IP (sip): 10.11.12.13 (0A 0B 0C 0D) > Destination IP (dip): 172.27.28.29 (AC 1B 1C 1D) > Source Port (sport): 59863 (E9 D7) > Destination Port (dport): 179 (00 B3) > Source ISN (sisn): FB FB AB 5A > Destination ISN (disn): 00 00 00 00 > > Send_SYN_traffic_key > = KDF_alg(master_key, input) > = HMAC-SHA1(master_key, i || Label || Context || Output_Length) > > i = 1 (01) > Label= TCP-AO (54 43 50 2D 41 4F) > Context = sip || dip || sport || dport || sisn || disn > = 0A 0B 0C 0D AC 1B 1C 1D E9 D7 00 B3 FB FB AB 5A 00 00 00 00 > Output_Length = 160 bits (00 A0) > > Send_SYN_traffic_key > = HMAC-SHA1 ( 74 65 73 74 76 65 63 74 6F 72, > 01 54 43 50 2D 41 4F 0A 0B 0C 0D AC 1B 1C 1D E9 D7 > 00 B3 FB FB AB 5A 00 00 00 00 00 A0 ) > = 6d 63 ef 1b 02 fe 15 09 d4 b1 40 27 07 fd 7b 04 16 ab b7 4f > ==[ snip ]== > > >
- [tcpm] Roman Danyliw's No Objection on draft-ietf… Roman Danyliw via Datatracker
- Re: [tcpm] Roman Danyliw's No Objection on draft-… touch@strayalpha.com
- Re: [tcpm] Roman Danyliw's No Objection on draft-… touch@strayalpha.com