Re: [tcpm] TCP Auth experimental Linux patches
"Adam Langley" <agl@imperialviolet.org> Mon, 28 July 2008 16:19 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5317428C1FE; Mon, 28 Jul 2008 09:19:18 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1F6AE28C1FE for <tcpm@core3.amsl.com>; Mon, 28 Jul 2008 09:19:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R15L3+0qVhi2 for <tcpm@core3.amsl.com>; Mon, 28 Jul 2008 09:19:11 -0700 (PDT)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.233]) by core3.amsl.com (Postfix) with ESMTP id 84F5728C1ED for <tcpm@ietf.org>; Mon, 28 Jul 2008 09:19:11 -0700 (PDT)
Received: by rv-out-0506.google.com with SMTP id b25so3723071rvf.49 for <tcpm@ietf.org>; Mon, 28 Jul 2008 09:19:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=hw+Rxdz7VfiguFJ+1MUPKq1SwGeAgyOCR92/753xq9k=; b=BnjaBy497lL/VMeURIdlwq8oOtW1F62C+GzGY1N6t45sX8powebz6ZsERyRaW8YpCn ZRRJ3UVLLys/pvY3WkK+ub80SQx4zoH8nZgz1nKeJrg+W9KKH3m7nBgU3R0BpviDhwNZ nrQpUlkntZV9I+OkqG/SKGWfNlquuFeoqFB50=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=eLyJw7u7peSyOaLGAOcYBMYQDP7UWiARSrgxLZQkxeRXA3MFFv4YKAoaRfBorvWigh 2wMK9WuFc2l61bW9baKJoyacf5ETUPTRrfh1jQHGx4csbPT29vdqfiaWTKA6AoDb6HZT w/c/eDf3R8UrYVulgc5olEZJKQYPNZUdHuPRE=
Received: by 10.140.136.5 with SMTP id j5mr2464889rvd.27.1217261960847; Mon, 28 Jul 2008 09:19:20 -0700 (PDT)
Received: by 10.141.186.3 with HTTP; Mon, 28 Jul 2008 09:19:20 -0700 (PDT)
Message-ID: <396556a20807280919u5ddb2c5o820f9743344f3093@mail.gmail.com>
Date: Mon, 28 Jul 2008 09:19:20 -0700
From: Adam Langley <agl@imperialviolet.org>
To: LANGE Andrew <Andrew.Lange@alcatel-lucent.com>
In-Reply-To: <66F9363AB70F764C96547BD8A0A3679E154B7C@USDALSMBS05.ad3.ad.alcatel.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <396556a20807181432s2bc50f84kf932b9804c6abf24@mail.gmail.com> <396556a20807181440i438f2696yced3e0c7d713bd1f@mail.gmail.com> <66F9363AB70F764C96547BD8A0A3679E154B7C@USDALSMBS05.ad3.ad.alcatel.com>
X-Google-Sender-Auth: a630eea6c4b4007b
Cc: tcpm@ietf.org
Subject: Re: [tcpm] TCP Auth experimental Linux patches
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
On Mon, Jul 28, 2008 at 5:56 AM, LANGE Andrew <Andrew.Lange@alcatel-lucent.com> wrote: > I think it's fantastic that you're working on an implementation of extended > tcp auth. However, I fear your efforts may be misdirected. The reason is > that the settled-down spec in draft-bonica, not the one in the tcpm working > group draft. Draft-bonica is implemented, deployed and interops between > Alcatel, Cisco and Juniper routers. Implementing draft-bonica, and testing > against the router implementations would be the right direction to pursue. The draft-bonica is, indeed *very* similar to TCP-AO (the same cryptographic weaknesses and all, sadly). In fact, I believe that it would be about an extra dozen lines of code to add support for it. Since you claim that it has some deployment, that would certainly seem to be worthwhile to do. The patch has seen some work since I first posted it and the userspace interface is now described in [1]. It would be most helpful if you could review that. I believe that the only difference is that I have the MAC function as a property of a keyset, not a key. If you are intending on key rotation also changing the MAC function then that would have to change. Cheers, [1] http://marc.info/?l=linux-netdev&m=121702166623000&w=2 AGL -- Adam Langley agl@imperialviolet.org http://www.imperialviolet.org _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] TCP Auth experimental Linux patches Adam Langley
- Re: [tcpm] TCP Auth experimental Linux patches Adam Langley
- Re: [tcpm] TCP Auth experimental Linux patches LANGE Andrew
- Re: [tcpm] TCP Auth experimental Linux patches Adam Langley