[tcpm] public-private keys for TCP-AO

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Tue, 30 October 2018 00:45 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E504131001 for <tcpm@ietfa.amsl.com>; Mon, 29 Oct 2018 17:45:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.97
X-Spam-Level:
X-Spam-Status: No, score=-14.97 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EB2pGV_bIuwF for <tcpm@ietfa.amsl.com>; Mon, 29 Oct 2018 17:45:11 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51D7F12426A for <tcpm@ietf.org>; Mon, 29 Oct 2018 17:45:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4747; q=dns/txt; s=iport; t=1540860311; x=1542069911; h=from:to:subject:date:message-id:mime-version; bh=66TL2KHR9cLcMDGZOKa4+fbIUfF5u9xHx9c6O1L12yA=; b=ciTCZ0GCpQvHftoTVlXnF2+cRDCjIw8Jsrd0sKHMv7OTUy1EdsBRFLCP /ApHr6u0T/6nwht08iuiGbQvG/Y0VfEGbYdYR5+63xiEj8bonF7mD77Do v7/WcTs/GcJ2ppdN0qkHRw3T91hplvsCO4BMy7vDMf4mtnEBPAlv3j2iY 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A/AACcqNdb/5RdJa1kHAEBAQQBAQc?= =?us-ascii?q?EAQGBUgYBAQsBgQ13Zn8ymByTYoVLgXoLAQGIGyE1DA0BAwEBAgEBAm0dC4V?= =?us-ascii?q?uXgGBACYBBBuDGoEdZKsxiiKLSR4XgUE/hHyKAAKOSoYiiUlUCQKQeiCQR5Z?= =?us-ascii?q?1AhEUgSYfAzOBVXAVgyiCJAEXjhqMdYEfAQE?=
X-IronPort-AV: E=Sophos;i="5.54,442,1534809600"; d="scan'208,217";a="471104265"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Oct 2018 00:45:10 +0000
Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id w9U0jAj6017516 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <tcpm@ietf.org>; Tue, 30 Oct 2018 00:45:10 GMT
Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 29 Oct 2018 19:45:09 -0500
Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1395.000; Mon, 29 Oct 2018 19:45:09 -0500
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: "tcpm@ietf.org" <tcpm@ietf.org>
Thread-Topic: public-private keys for TCP-AO
Thread-Index: AdRv51Oca8SVyggpTLame1T3B/a0kQ==
Date: Tue, 30 Oct 2018 00:45:09 +0000
Message-ID: <95f4b81948844b2799ecca33450bdde1@XCH-ALN-014.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.154.161.174]
Content-Type: multipart/alternative; boundary="_000_95f4b81948844b2799ecca33450bdde1XCHALN014ciscocom_"
MIME-Version: 1.0
X-Outbound-SMTP-Client: 173.36.7.23, xch-aln-013.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/uCqwZEKL916CUEm4YCGd91IjmYo>
Subject: [tcpm] public-private keys for TCP-AO
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Oct 2018 00:45:13 -0000

Why was there not a public-private key algorithm specified for TCP-AO? Or did I miss it?
For example ECC.
An MKT can specify a private key for the sender and a public key for the receivers.
To use, the sender will hash the data, encrypt the hash and put the result into the MAC field.
The receiver would decrypt the MAC field, then hash the data and verify the hash against the decrypted MAC.
This way, the private key never needs to be exposed to anyone, simplifying key management.
Is there any objection to getting this done?

Regards,
Jakob.