Joe Touch <[email protected]> writes: > This appears to presume that tcp-eno is used only to negotiate tcptls. > > Given tcp-eno cannot be used for TCP-AO, what's the point of having a > protocol to negotiate only one of three security mechanisms?
What are the three? I think Mirja's proposal is that TCP-ENO could negotiate between tcpcrypt and user-level TLS. So that's two out of the two protocols under current consideration. AO is an authentication option rather than an encryption spec. AO-encrypt in ENC-BTNS mode probably doesn't meet the security requirements of ENO (the 16-byte ECDH limit could be problematic at a time when even 32-byte curves are starting to be deprecated, at least for top secret data). That said, if you actually wanted AO-encrypt to work work with ENO, we could make it happen. That would require changes to your draft, of course. Specifically, you'd want to embed the ECDH nonces in a variable-length ENO option rather than an AO option, and start using AO only after the initial handshake. You'd also have to up the key size, probably to 32 bytes. Personally, I would not at all mind seeing such a protocol specified. However, I got into trouble earlier for even mentioning consuming so much SYN option space, so the initiative on this would have to come from you. If you need small, specific changes to ENO, though, we'd be glad to try to accommodate you. David _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
