Some questions about SPTPS

Etienne Dechamps etienne at edechamps.fr
Wed Jul 16 11:52:08 CEST 2014


I've been using SPTPS (a.k.a ExperimentalProtocol) for a while now, but 
I've only recently started looking into the details of the protocol 
itself. I have some questions about the design:

- I am not sure what the thread model for SPTPS is when compared with 
the legacy protocol. SPTPS is vastly more complex than the legacy 
protocol (it adds a whole new handshake mechanism), and it's not clear 
to me why it needs to be that complicated. According to the Security 
page, the weakness of the legacy protocol are "Predictable IV" and 
"Truncated MAC". I'm guessing SPTPS is not designed solely to address 
these (relatively simple) issues.

- The way SPTPS is currently implemented in tinc, sending packets over 
TCP is extremely inefficient because instead of using PACKET messages 
like the legacy protocol does, it encapsulates the packet in a REQ_KEY 
message (for backwards compatibility reasons, I guess). The problem is, 
the packet contents are encoded using... base64. Now, I know that TCP 
over TCP is not supposed to be very efficient in the first place, but a 
40% encoding overhead seems excessive to say the least. More generally, 
it's not clear to me why SPTPS even needs to be used to send packets 
over metaconnections which are supposed to be trusted. Another 
performance issue with SPTPS over TCP is that it requires an handshake 
(which adds to initial communication latency), while the legacy PACKET 
mechanism doesn't.

Thanks for taking the time to answer these questions.

-- 
Etienne Dechamps


More information about the tinc mailing list