On 10/29/2015 1:53 PM, David Mazieres wrote: > Joe Touch <[email protected]> writes: > >> This appears to presume that tcp-eno is used only to negotiate tcptls. >> >> Given tcp-eno cannot be used for TCP-AO, what's the point of having a >> protocol to negotiate only one of three security mechanisms? > > What are the three? I think Mirja's proposal is that TCP-ENO could > negotiate between tcpcrypt and user-level TLS.
It didn't appear that way from the post; it said to use tcpcrypt opporunistically and use ENO only to negotiate the parameters for TLS (I had thought that referred to Eric's TCP-TLS. > AO is an authentication option rather than an encryption spec. > AO-encrypt in ENC-BTNS mode probably doesn't meet the security > requirements of ENO (the 16-byte ECDH limit could be problematic at a > time when even 32-byte curves are starting to be deprecated, at least > for top secret data). > > That said, if you actually wanted AO-encrypt to work work with ENO, we > could make it happen. That could never protect the SYN itself, which is something TCP-AO-ENC was intended to do. The AO variants protect the TCP header, which TCPINC decided not to do. That's still (IMO) going to be important. I.e., I see ENO as severely limited in this regard, and that needs to be noted in the ENO doc. Joe _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
