< draft-krose-mboned-alta-00.txt   draft-krose-mboned-alta-01.txt >
Network Working Group K. Rose Network Working Group K. Rose
Internet-Draft Akamai Technologies, Inc. Internet-Draft J. Holland
Intended status: Experimental July 08, 2019 Intended status: Experimental Akamai Technologies, Inc.
Expires: January 9, 2020 Expires: January 9, 2020 July 08, 2019
Asymmetric Loss-Tolerant Authentication Asymmetric Loss-Tolerant Authentication
draft-krose-mboned-alta-00 draft-krose-mboned-alta-01
Abstract Abstract
Establishing authenticity of a stream of datagrams in the presence of Establishing authenticity of a stream of datagrams in the presence of
multiple receivers is naively achieved through the use of per-packet multiple receivers is naively achieved through the use of per-packet
asymmetric digital signatures, but at high computational cost for asymmetric digital signatures, but at high computational cost for
both senders and receivers. Timed Efficient Stream Loss-Tolerant both senders and receivers. Timed Efficient Stream Loss-Tolerant
Authentication (TESLA) instead employs relatively cheap symmetric Authentication (TESLA) instead employs relatively cheap symmetric
authentication, achieving asymmetry via time-delayed key disclosure, authentication, achieving asymmetry via time-delayed key disclosure,
while adding latency to verification and imposing requirements on while adding latency to verification and imposing requirements on
skipping to change at page 2, line 46 skipping to change at page 2, line 46
6. Operational Considerations . . . . . . . . . . . . . . . . . 9 6. Operational Considerations . . . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9
7.1. Parsing an ill-formed or inconsistent payload . . . . . . 9 7.1. Parsing an ill-formed or inconsistent payload . . . . . . 9
7.2. Index overflow . . . . . . . . . . . . . . . . . . . . . 9 7.2. Index overflow . . . . . . . . . . . . . . . . . . . . . 9
7.3. Truncated MACs . . . . . . . . . . . . . . . . . . . . . 9 7.3. Truncated MACs . . . . . . . . . . . . . . . . . . . . . 9
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
9.1. Normative References . . . . . . . . . . . . . . . . . . 9 9.1. Normative References . . . . . . . . . . . . . . . . . . 9
9.2. Informative References . . . . . . . . . . . . . . . . . 9 9.2. Informative References . . . . . . . . . . . . . . . . . 9
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 10 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 10
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
Authenticity of streaming data may be inexpensively established via Authenticity of streaming data may be inexpensively established via
symmetric message authentication codes (MACs) using keys pre-shared symmetric message authentication codes (MACs) using keys pre-shared
exclusively between two parties, as the receiver knows it did not exclusively between two parties, as the receiver knows it did not
originate the data and that only one other party has access to the originate the data and that only one other party has access to the
key. In the presence of multiple receivers, however, this is not key. In the presence of multiple receivers, however, this is not
possible because all receivers must have access to the same key, possible because all receivers must have access to the same key,
giving any one of them the ability to forge messages. Consequently, giving any one of them the ability to forge messages. Consequently,
skipping to change at page 10, line 22 skipping to change at page 10, line 22
Presence of Random Packet Loss", 2001, Presence of Random Packet Loss", 2001,
<https://crypto.stanford.edu/~pgolle/papers/auth.pdf>. <https://crypto.stanford.edu/~pgolle/papers/auth.pdf>.
ISOC Network and Distributed System Security Symposium ISOC Network and Distributed System Security Symposium
[timeskew] [timeskew]
"FIXME reference for how bad time sync is", n.d.. "FIXME reference for how bad time sync is", n.d..
Acknowledgments Acknowledgments
The author wishes to acknowledge the contributions of his colleague, The author wishes to acknowledge Eric Rescorla, who introduced the
Jake Holland, whose work with interdomain multicast live video author to the paper describing the loss-tolerant symmetric
delivery drove the need for a robust solution to the streaming authentication scheme used as the basis for ALTA.
authentication problem, and Eric Rescorla, who introduced the author
to the paper describing the loss-tolerant symmetric authentication
scheme used as the basis for ALTA.
Author's Address Authors' Addresses
Kyle Rose Kyle Rose
Akamai Technologies, Inc. Akamai Technologies, Inc.
150 Broadway
Cambridge, MA 02144
United States of America
Email: krose@krose.org Email: krose@krose.org
Jake Holland
Akamai Technologies, Inc.
150 Broadway
Cambridge, MA 02144
United States of America
Email: jakeholland.net@gmail.com
 End of changes. 7 change blocks. 
12 lines changed or deleted 12 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/