IETF Logo Mail Archive

[hybi] Straw-poll on Masking options

Salvatore Loreto <salvatore.loreto@ericsson.com> Wed, 12 January 2011 19:58 UTC

Return-Path: <salvatore.loreto@ericsson.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ED6A03A69A4 for <hybi@core3.amsl.com>; Wed, 12 Jan 2011 11:58:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.537
X-Spam-Level:
X-Spam-Status: No, score=-106.537 tagged_above=-999 required=5 tests=[AWL=0.062, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C-E1HxY6j5g5 for <hybi@core3.amsl.com>; Wed, 12 Jan 2011 11:58:17 -0800 (PST)
Received: from mailgw10.se.ericsson.net (mailgw10.se.ericsson.net [193.180.251.61]) by core3.amsl.com (Postfix) with ESMTP id 549263A6A8B for <hybi@ietf.org>; Wed, 12 Jan 2011 11:58:17 -0800 (PST)
X-AuditID: c1b4fb3d-b7b89ae0000036a3-f2-4d2e0864aaf1
Received: from esessmw0197.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw10.se.ericsson.net (Symantec Mail Security) with SMTP id F4.7F.13987.4680E2D4; Wed, 12 Jan 2011 21:00:36 +0100 (CET)
Received: from mail.lmf.ericsson.se (153.88.115.8) by esessmw0197.eemea.ericsson.se (153.88.115.88) with Microsoft SMTP Server id 8.2.234.1; Wed, 12 Jan 2011 21:00:36 +0100
Received: from nomadiclab.lmf.ericsson.se (nomadiclab.lmf.ericsson.se [131.160.33.3]) by mail.lmf.ericsson.se (Postfix) with ESMTP id 4933C2533; Wed, 12 Jan 2011 22:00:36 +0200 (EET)
Received: from nomadiclab.lmf.ericsson.se (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id 1300C50573; Wed, 12 Jan 2011 22:00:36 +0200 (EET)
Received: from Salvatore-Loretos-MacBook-Pro.local (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id 7D1E350127; Wed, 12 Jan 2011 22:00:35 +0200 (EET)
Message-ID: <4D2E0863.2040804@ericsson.com>
Date: Wed, 12 Jan 2011 21:00:35 +0100
From: Salvatore Loreto <salvatore.loreto@ericsson.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: "hybi@ietf.org" <hybi@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
X-Brightmail-Tracker: AAAAAA==
Cc: Joe Hildebrand <Joe.Hildebrand@webex.com>
Subject: [hybi] Straw-poll on Masking options
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jan 2011 19:58:19 -0000

Hi all,


Masking from the client to the server
has reached strong consensus within this wg as a mechanism to reduce 
security risks.

However there is disagreement on the actual method for masking.
The technical differences, pro and cons, advantages and disadvantages,
as well as the legal implications of each method have already been 
deeply discussed.

In order to settle the question of masking and find a way forward that 
has a wide acceptance,
Joe and I, as HyBi chairs, want to check where the consensus is
on the following relevant options that have been discussed (and 
summarized at
some point in the mailing list by Eric Rescorla)


1. a fixed mask carried entirely in the packet.

2. A longish repeated mask computed from the packet. For concreteness,
    suppose HMAC-SHA1(<uuid>, <server-conn-key> || <client-conn-key> || 
<packet-key>), but
    obviously there's flexibility here.

3. A fully generated mask (if so specify also what you would like to use 
e.g. AES-CTR or HMAC-SHA).


Please indicate your preference(s) or the one can meet your bar for "I 
could live with that";
In the case you have more then one, please put the choices in a 
preference order.

This poll will run until January 18th.

cheers
/Sal

-- 
Salvatore Loreto
www.sloreto.com

v2.23.0 | Report a Bug | By Email