1 / 10

TCP Auth Option Status

TCP Auth Option Status. Joe Touch, USC/ISI Allison Mankin, JHU Ron Bonica, Juniper. Updates in 02. Obsoletes TCP MD5 Replay protection via ESNs Unique traffic key generation via ISNs NATs not supported (only omit options) KeyID issues (no rotation, move to front) Numerous clarifications.

kameko-stone
Download Presentation

TCP Auth Option Status

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TCP Auth Option Status Joe Touch, USC/ISI Allison Mankin, JHU Ron Bonica, Juniper

  2. Updates in 02 • Obsoletes TCP MD5 • Replay protection via ESNs • Unique traffic key generation via ISNs • NATs not supported (only omit options) • KeyID issues (no rotation, move to front) • Numerous clarifications

  3. Updates Pending • Numerous clarifications • Based on feedback in past 48 hours • Includes cleanup of API to correspond to RFC793-style info. only • Finalize algorithm details • MAC algorithm • PRF algorithm • ISSUE: draft-bellovin-tcpsecure • Is this needed as a separate document? • ISSUE: additional header fields • Should TCP-AO have some of draft-bonica’s fields?

  4. Mac Algorithm Details • How many MTI algs? • 1 – may be sufficient (MUST) • 2 – may be useful for long-lived core spec. (MUST/MUST) • Algorithm • AES-CMAC – mod. fast, may not be ‘available’ • HMAC-SHA1 – fast, ‘available’, potential issues • HMAC-SHA256 – slow, ‘available’ • Length • Truncate to 80 or 96 (72 would allow 2 SACK blocks FWIW) • Italics as recommended by SAAG • No position on MUST/MUST vs. MUST/SHOULD • Added criteria for future MAC algs.

  5. PRF Algorithm Details • Arguments, order to be provided • IKEv2 registry lists PRFs corresponding to most typical HMACs • Corresponding PRF for each MTI HMAC • Do we require HMAC-PRF binding, or just suggest it?

  6. draft-bellovin-tcpsec • Currently summarized in TCP AO Sec. 12 • Draft-bellovin-tcpsec-01 unchanged since July 2007 • Do we need a separate document?

  7. Header Fields • Does the header need bits for the following (from draft-bonica)? • HMAC algorithm • TCP options included/excluded • In-band key change signaling • Reserved for future uses

  8. Header Fields – Pros • Debugging support • Confirms the algorithm and whether options are included via packets on the wire • Key change coordination • Assists with coordinating key changeover • Future expansion • Enables backward-compatible future extensions (sender sets as 0, receiver ignores) • Closer to draft-bonica on the wire • Matches only with substantial changes

  9. Header Fields – Cons • Consumes header space (40 bytes avail.) • Timestamp = 10 bytes, SACK = 10 or 18 bytes • 12-20 bytes available (13-15 needed for 80-96 bit HMAC) • Alg., opt. redundant with endpoint info. • Need to confirm endpoint keys anyway • TCP doesn’t support stateful options after SYNs • KeyID supports changeover, can be user hint to add keys • K.I.S.S. • Revisions limited (backw. compat.), incurs extra checks • TCP-AO incompatible with draft-bonica anyway • Packet processing semantics, PRF, HMAC including ESNs, etc.

  10. Current Goal • Wrap up current issues ASAP

More Related