Re: [conex] Stephen Farrell's No Objection on draft-ietf-conex-tcp-modifications-09: (with COMMENT)
Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch> Fri, 09 October 2015 09:44 UTC
Return-Path: <mirja.kuehlewind@tik.ee.ethz.ch>
X-Original-To: conex@ietfa.amsl.com
Delivered-To: conex@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E2761B3238; Fri, 9 Oct 2015 02:44:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.91
X-Spam-Level:
X-Spam-Status: No, score=-3.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BvIVJ5MXtVjE; Fri, 9 Oct 2015 02:44:38 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF0FF1B3235; Fri, 9 Oct 2015 02:44:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id E580FD9305; Fri, 9 Oct 2015 11:44:32 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id HYdZGKvAqKX6; Fri, 9 Oct 2015 11:44:32 +0200 (MEST)
Received: from [82.130.103.143] (nb-10510.ethz.ch [82.130.103.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mirjak) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id 9C8B8D9304; Fri, 9 Oct 2015 11:44:32 +0200 (MEST)
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
References: <20151001115619.27054.3625.idtracker@ietfa.amsl.com>
From: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Message-ID: <56178C5B.1000609@tik.ee.ethz.ch>
Date: Fri, 09 Oct 2015 11:43:55 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <20151001115619.27054.3625.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/conex/_xpIeR2UD3t7ob1SUmwWCRcryes>
Cc: draft-ietf-conex-tcp-modifications.ad@ietf.org, draft-ietf-conex-tcp-modifications@ietf.org, conex-chairs@ietf.org, conex@ietf.org
Subject: Re: [conex] Stephen Farrell's No Objection on draft-ietf-conex-tcp-modifications-09: (with COMMENT)
X-BeenThere: conex@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Congestion Exposure working group discussion list <conex.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/conex>, <mailto:conex-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/conex/>
List-Post: <mailto:conex@ietf.org>
List-Help: <mailto:conex-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/conex>, <mailto:conex-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2015 09:44:40 -0000
Hi Stephan, quick reply to you comment below. The two points below are discussed in draft-ietf-conex-destopt as ConEx is signaled in the IP layer and the attacks would (from my point of view) only interfere with the signaling (and not any additional algorithms that are used in TCP to decide when to set a marking). draft-ietf-conex-destopt even has an own section on "Mitigating flooding attacks by using preferential drop". I guess that's what you've been looking for, right? Further, draft-ietf-conex-destopt says in the security section that IPsec AH can be used to detect changes to ConEx information. Actually it does not say what to do if such changes are detected. I'll check with my co-authors if we can add some more information here. Regarding draft-ietf-conex-tcp-modifications, I've added two sentences at the beginning of the security section to say that these issues are discussed in draft-ietf-conex-destopt. Is that okay for you? Mirja On 01.10.2015 13:56, Stephen Farrell wrote: > Stephen Farrell has entered the following ballot position for > draft-ietf-conex-tcp-modifications-09: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-conex-tcp-modifications/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > Seems like a fine thing to experiment with. I hope the results > are interesting. > > The security considerations really ought take into account or at > least mention potential misbehaviour by middleboxes and also how > conex might be affected by DoS attacks. >
- [conex] Stephen Farrell's No Objection on draft-i… Stephen Farrell
- Re: [conex] Stephen Farrell's No Objection on dra… Mirja Kühlewind
- Re: [conex] Stephen Farrell's No Objection on dra… Stephen Farrell