[p2p-hackers] amicima's MFP - preannouncement

[Alex Pankratov]

Matthew Kaufman wrote:

> Alex Pankratov:
> 
>>Matthew,
>>
>>I can't seem to find the mentioning of replay protection in 
>>your protocol. Also encrypted packets don't seem to carry any 
>>sort of HMAC, which is also a bit odd. Perhaps these details 
>>are just missing from the spec, in which case it might make 
>>sense to produce a separate security-oriented description of 
>>the protocol.
>>
>>Alex
> 
> 
> The packet-level protocol spec is admittedly short on information about how
> exactly to use the protocol (and a followup document is being edited and
> will be up soon). However if you examine the brief description of the
> startup sequence, you get some hints as to how this works.
> 
[snip]

Matthew,

Thanks for a detailed reply. I guess my main concern with security
portion of your protocol is that it does not follow certain design
properties found in nearly all commonly used transport protocols
like SSL/TLS, SSH2, ESP as well as a handful of others like IKE,
JFK, etc.

Few I can think of off hand are -

* the use of MACs. Relying on validity marker in plaintext payload
to detect corrupted packets is expensive computationally-wise in a
worst case scenario, while HMAC-based authentication costs pennies.
It also 'not good' from cryptographical perspective, but I cannot
comment on that (note though how SSH was switched to using MACs in
v2). Besides MACs are also required for implementing -

* replay protection, which involves tagging packets with unique
sequence numbers after the encryption but before the authentication.
This way replayed or duplicate packets can be discarded without
wasting any time on decryption or authentication at all.

* session key being derived in 'symmetrical way', when both parties
contribute to the key in equal degree.

Basically security component of your protocol looks very different
from existing mature protocols. And I would suspect that this will
not facilitate adoption of MFP .. at least not in its secured form.

Alex