Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 [This time for sure]

To: Joe Touch <touch at ISI.EDU>, Eric Rescorla <ekr at rtfm.com>
Subject: Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 [This time for sure]
From: "Eddy, Wesley M. (GRC-RCN0)[Verizon]" <wesley.m.eddy at nasa.gov>
Date: Mon, 23 Mar 2009 09:57:03 -0500
Accept-language: en-US
Acceptlanguage: en-US
Cc: "tcpm at ietf.org" <tcpm at ietf.org>
Delivered-to: tcpm at core3.amsl.com
In-reply-to: <49C79ECF.2010501 at isi.edu>
List-archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-help: <mailto:tcpm-request@ietf.org?subject=help>
List-id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-post: <mailto:tcpm@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
References: <d3aa5d00903230443s6d57cef4t4e30ef2aa68216e at mail.gmail.com> <49C79ECF.2010501 at isi.edu>
Thread-index: AcmrxR8VeDUBz+PvRP2NuB8UukhA4gAAd2uA
Thread-topic: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 [This time for sure]

>-----Original Message-----
>From: tcpm-bounces at ietf.org [mailto:tcpm-bounces at ietf.org] On 
>Behalf Of Joe Touch
>Sent: Monday, March 23, 2009 10:38 AM
>
> ...
>
>>>
>>> Whenever the keyID appears in a segment (sent or received), 
>that tuple
>>> is used to validate the contents. As per the most recent 
>coordination,
>>> keyIDs are bidirectional, so there is no send or receive difference.
>> 
>> It was not my understanding that we agreed that key-ids were 
>bidirectional.
>> Rather, I believe we agreed that MKTs were bidirectional and that
>> there was a separate key-id in each direction, to address Russ's
>> concern.
>
>Russ can clarify. First, let's clarify some terms:
>
>key-id = a digit in [0..255] that, together with a connection's socket
>pair (as per RFC793, i.e., srcIP, dstIP, srcport, dstport) indicates a
>single MKT.
>
>key-id field = the value in the TCP-AO option
>
>key-id fields are unidirectional - they indicate the key-id used to
>authenticate that TCP segment
>
>key-ids are bidirectional - they indicate (with the socket pair) a MKT
>that can be used in either direction
>
>However, there is no utility in referring to the same MKT with 
>different
>key-id values for the different directions of a single connection.
>


This set of definitions makes sense to me, and I think it clarifies
what we mean by bidirectional versus unidirectional, which was what
seemed to be a major point of disconnect in conversation.  Eric or
Russ, do you agree?


---------------------------
Wes Eddy
Network & Systems Architect
Verizon FNS / NASA GRC
Office: (216) 433-6682
---------------------------

References:
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 [This time for sure]
  - From: Eric Rescorla
- Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 [This time for sure]
  - From: Joe Touch

Prev by Date: Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 [This time for sure]
Next by Date: [tcpm] Review of draft-lebovitz-ietf-tcpm-tcp-ao-crypto-00
Previous by thread: Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 [This time for sure]
Next by thread: [tcpm] On TCP Urgent processing
Index(es):
- Date
- Thread

Re: [tcpm] Review of draft-ietf-tcpm-tcp-auth-opt-04 [This time for sure]

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.