Some questions about SPTPS

Guus Sliepen guus at tinc-vpn.org
Thu Jul 17 10:35:21 CEST 2014


On Wed, Jul 16, 2014 at 10:52:08AM +0100, Etienne Dechamps wrote:

> I've been using SPTPS (a.k.a ExperimentalProtocol) for a while now, but I've
> only recently started looking into the details of the protocol itself. I
> have some questions about the design:
> 
> - I am not sure what the thread model for SPTPS is when compared with the
> legacy protocol. SPTPS is vastly more complex than the legacy protocol (it
> adds a whole new handshake mechanism), and it's not clear to me why it needs
> to be that complicated. According to the Security page, the weakness of the
> legacy protocol are "Predictable IV" and "Truncated MAC". I'm guessing SPTPS
> is not designed solely to address these (relatively simple) issues.

SPTPS itself is actually not much more complicated than the legacy
protocol. It indeed fixes the weaknesses in the legacy protocol, and
it's actually based on TLS 1.2 but with cipher suite negotiation and
public key exchange removed, instead using a fixed cipher suite with the
PFS property, and always assuming both sides have each other's public
key. The goal is to implement the best current practices.

> - The way SPTPS is currently implemented in tinc, sending packets over TCP
> is extremely inefficient because instead of using PACKET messages like the
> legacy protocol does, it encapsulates the packet in a REQ_KEY message (for
> backwards compatibility reasons, I guess). The problem is, the packet
> contents are encoded using... base64. Now, I know that TCP over TCP is not
> supposed to be very efficient in the first place, but a 40% encoding
> overhead seems excessive to say the least. More generally, it's not clear to
> me why SPTPS even needs to be used to send packets over metaconnections
> which are supposed to be trusted.

It's only using those REQ_KEY messages when communicating via
intermediate nodes. The reason is that this allows for networks with
both 1.0.x and 1.1 nodes. Now, it's true that it still uses the REQ_KEY
messages when the intermediate nodes are version 1.1, but that is
something to be fixed before 1.1.0 is released.

> Another performance issue with SPTPS over TCP is that it requires an
> handshake (which adds to initial communication latency), while the
> legacy PACKET mechanism doesn't.

A big difference is that in the legacy protocol, the PACKET messages are
encrypted hop-by-hop, while with SPTPS the packets are encrypted
end-to-end. That requires the extra handshake.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140717/0e09ecfe/attachment.sig>


More information about the tinc mailing list