Re: [tcpm] tcp-auth-opt issue: replay protection
"Adam Langley" <agl@imperialviolet.org> Thu, 31 July 2008 17:10 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D9EBC3A6CD4; Thu, 31 Jul 2008 10:10:14 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C15AB3A6915 for <tcpm@core3.amsl.com>; Thu, 31 Jul 2008 10:10:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VwGUpgt1N61W for <tcpm@core3.amsl.com>; Thu, 31 Jul 2008 10:10:12 -0700 (PDT)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.227]) by core3.amsl.com (Postfix) with ESMTP id 7AD5C3A6D00 for <tcpm@ietf.org>; Thu, 31 Jul 2008 10:10:05 -0700 (PDT)
Received: by rv-out-0506.google.com with SMTP id b25so564943rvf.49 for <tcpm@ietf.org>; Thu, 31 Jul 2008 10:10:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=wOPoXApTGHuPeiKJFtSjHYuFUa8OzXnaytBcPOa9GE0=; b=UgXq7k5SASo2MMZm2qy+KPr4Q3mck5e/GkCYJRSbcQE69BW5TYUWLQhBkLD62sZcJK VBDBjS8W0rvyst5Tgdhhg/SEeaMrfyy5QboUPd630RFdweUPzQY44It4hfZJ540DJcaO 3FwY70hTqTh/7ikUnAa4k9Mx5d1bnJNdW3i64=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=MyYyOmyoiOFcbw3rWpIigI29eYFq+NhP1DqKAicqMhN1fMD4oWNZs0SjGKgcJXheaG s+RVKD3lIA0D2gxxfzfWCe1O/sGQPu/8aafW5Ix91rRUiuhp9K6p3ZDZ52OwG9b9lfER rn889hrlxHfV6IkDuEh5kbA7ZawOr8QQO0Qts=
Received: by 10.141.43.5 with SMTP id v5mr5422435rvj.216.1217524222820; Thu, 31 Jul 2008 10:10:22 -0700 (PDT)
Received: by 10.141.186.3 with HTTP; Thu, 31 Jul 2008 10:10:22 -0700 (PDT)
Message-ID: <396556a20807311010k78c22981xa0eebd1b46e9f619@mail.gmail.com>
Date: Thu, 31 Jul 2008 10:10:22 -0700
From: Adam Langley <agl@imperialviolet.org>
To: Joe Touch <touch@isi.edu>
In-Reply-To: <489175BD.6040201@isi.edu>
MIME-Version: 1.0
Content-Disposition: inline
References: <20080728042451.C7A174B7AD3@kilo.rtfm.com> <488DD77D.9070608@isi.edu> <20080728144721.AC9184B905A@kilo.rtfm.com> <488DE021.7070307@isi.edu> <20080728164013.422D14B9600@kilo.rtfm.com> <F32F8EC5-70C9-4A7B-A2D2-B00CA43AECFA@nokia.com> <20080730213253.B347F4D52E1@kilo.rtfm.com> <4890E9AE.3000607@isi.edu> <20080731001609.6511C4D5E34@kilo.rtfm.com> <489175BD.6040201@isi.edu>
X-Google-Sender-Auth: 143e94cd761a3dad
Cc: tcpm@ietf.org
Subject: Re: [tcpm] tcp-auth-opt issue: replay protection
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
On Thu, Jul 31, 2008 at 1:20 AM, Joe Touch <touch@isi.edu> wrote: > <individual hat on> > My goal was to allow TCP-AO code to be isolated to handling packets just > before exit/entrance to IP. That suggests that all TCP-AO state should > be kept to the TSAD, and not extend the core TCP code unless absolutely > necessary. Speaking for the Linux stack, the current MD5 code filters at the entry to the TCP layer since it needs to be near the options parsing code etc. At that point, we have found a socket and thus have a locked tcp_sock structure. So adding the ESN would involve adding a couple of u32's to the tcp_sock structure (they would store the upper 32-bits of the RX and TX ESNs). > A separate question is whether ESN rollover should use the keyID > mechanism or not. This is related to Eric's points: Personally, my feeling is that it shouldn't. > | So, two salient points: > | 1. When the sequence number is in the region of 0 (more precisely > | while there are unacked segments on both sides of the region), > | then the sides must maintain two keys and arrange to use > | the appropriate one. > > Eric - can you explain "arrange to use the appropriate one"? I believe Eric is discussing the case where the keys change because of a rollover. Since packets may be reordered, a host past to remember both the keys for the previous period and the keys for the current period in case a reordered packet comes in. It's unclear, to me, which key retransmitted packets would use. > | 2. The same key-id is used in the packet regardless of the which > | key is being used to protect the traffic. It refers to the > | static key from which the traffic keys were diversified. > > Eric - can you explain where the multiple keys per keyID are determined? > i.e., are they recomputed per-packet or kept somewhere? It appears that they are computed when a connection becomes ESTABLISHED and rotated once every rollover from then. > <individual hat on> > FWIW, I agree with Eric's example on the wire; the issue is the state > required at the endpoints required to make it happen. > <individual hat off> > > Comments? I would prefer, for simplicities sake, that the MAC simply include an ESN rather than roll the keys over, but not strongly. AGL -- Adam Langley agl@imperialviolet.org http://www.imperialviolet.org _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-01 Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Adam Langley
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Adam Langley
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Adam Langley
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Anantha Ramaiah (ananth)
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Anantha Ramaiah (ananth)
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Anantha Ramaiah (ananth)
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Caitlin Bestler
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Joe Touch
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Lars Eggert
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt… Eric Rescorla
- [tcpm] tcp-auth-opt issue: replay protection Joe Touch
- Re: [tcpm] tcp-auth-opt issue: replay protection Adam Langley
- Re: [tcpm] tcp-auth-opt issue: replay protection Joe Touch
- Re: [tcpm] tcp-auth-opt issue: replay protection Adam Langley
- Re: [tcpm] tcp-auth-opt issue: replay protection Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: replay protection Joe Touch
- Re: [tcpm] tcp-auth-opt issue: replay protection Adam Langley
- Re: [tcpm] tcp-auth-opt issue: replay protection Joe Touch
- Re: [tcpm] tcp-auth-opt issue: replay protection Lars Eggert
- Re: [tcpm] tcp-auth-opt issue: replay protection Eric Rescorla
- Re: [tcpm] tcp-auth-opt issue: replay protection Lars Eggert
- Re: [tcpm] tcp-auth-opt issue: replay protection Anantha Ramaiah (ananth)
- Re: [tcpm] tcp-auth-opt issue: replay protection Joe Touch
- Re: [tcpm] tcp-auth-opt issue: replay protection Eddy, Wesley M. (GRC-RCN0)[VZ]
- Re: [tcpm] tcp-auth-opt issue: replay protection Adam Langley
- Re: [tcpm] tcp-auth-opt issue: replay protection Caitlin Bestler
- Re: [tcpm] tcp-auth-opt issue: replay protection Joe Touch
- Re: [tcpm] tcp-auth-opt issue: replay protection Ron Bonica