[Gen-art] Gen-ART review for draft-ietf-ipsecme-esp-null-heuristics-06.txt (was: Re: Gen-ART review for draft-ietf-ipsecme-esp-null-heuristics-05.txt)
"Spencer Dawkins" <spencer@wonderhamster.org> Fri, 26 February 2010 12:42 UTC
Return-Path: <spencer@wonderhamster.org>
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0095828C1CA for <gen-art@core3.amsl.com>; Fri, 26 Feb 2010 04:42:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.485
X-Spam-Level:
X-Spam-Status: No, score=-2.485 tagged_above=-999 required=5 tests=[AWL=0.113, BAYES_00=-2.599, STOX_REPLY_TYPE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zw115gg4hKj2 for <gen-art@core3.amsl.com>; Fri, 26 Feb 2010 04:42:01 -0800 (PST)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by core3.amsl.com (Postfix) with ESMTP id D556628C1B4 for <gen-art@ietf.org>; Fri, 26 Feb 2010 04:42:00 -0800 (PST)
Received: from S73602b (cpe-76-182-230-135.tx.res.rr.com [76.182.230.135]) by mrelay.perfora.net (node=mrus2) with ESMTP (Nemesis) id 0LcjQV-1NIZMK05hf-00k9bJ; Fri, 26 Feb 2010 07:44:07 -0500
Message-ID: <D7E21970E6F54938922EAE6D35A4D595@china.huawei.com>
From: Spencer Dawkins <spencer@wonderhamster.org>
To: Tero Kivinen <kivinen@iki.fi>
References: <7B2204AACA664DA2988E253FE2FCF568@china.huawei.com><19323.49404.562705.833947@fireball.kivinen.iki.fi><F482F25C6B0B49159A83DBDB0D0045AB@china.huawei.com> <19335.47671.472054.767654@fireball.kivinen.iki.fi>
Date: Fri, 26 Feb 2010 06:43:58 -0600
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5843
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Provags-ID: V01U2FsdGVkX181bPuOhaL226xL0G3z4FQrkv7mBe9sGiZX56c CFZ6cXYSs6XsTonIBbRAEVtsxo9pk27COC9z+ezKkVAd/QSB2i ymhm0SyCvlPv2TrI1QjazFVFsY7JtvMF37styaSLSk=
Cc: General Area Review Team <gen-art@ietf.org>, draft-ietf-ipsecme-esp-null-heuristics@tools.ietf.org
Subject: [Gen-art] Gen-ART review for draft-ietf-ipsecme-esp-null-heuristics-06.txt (was: Re: Gen-ART review for draft-ietf-ipsecme-esp-null-heuristics-05.txt)
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2010 12:42:02 -0000
Hi, Tero,
Thank you for fixing my suggested text ("writing text is hard" :-)
Russ,
-06 addresses all of my review comments from -05. It's ready for
publication as an Informational RFC, from a Gen-ART perspective. I did spot
one "This heuristics" in new text that should be "This heuristic", but
that's an RFC
Editor note, not a draft respin.
Thanks,
Spencer
> Spencer Dawkins writes:
>> I don't feel strongly about this, but do suggest s/uses the same
>> policy/uses
>> the same policy, and that changes to that single policy can be
>> coordinated
>> throughout the administrative domain/, to capture what you said in your
>> response, which I found helpful.
>
> Changed that sentence as you suggested and the full sentence is now:
>
> Also, such a solution might require some kind of centralized
> policy management to make sure everybody in an administrative
> domain uses the same policy, and that changes to that single
> policy can be coordinated throughout the administrative
> domain.
>
>> I saw that this isn't a 2119 document, but it's hard for people who are
>> familiar with 2119 language to ignore the words when they are in lower
>> case
>> :D
>>
>> I really liked the explanation you gave in your response here. I suggest
>> picking one of "can/will/should", probably "can", and including your
>> response in the document.
>>
>> The resulting text (with some additional edits) might look something like
>> "As ESP-NULL heuristics need to know the same protocols as a deep
>> inspection
>> device, an ESP-NULL instance of an unknown protocol can be handled the
>> same
>> way as a cleartext instance of the same unknown protocol.
>
> Changed to the text you suggested.
>
>> OK, that's the part that was missing for me. I would suggest "the packet
>> has
>> already transited a NAT box which changed the IP addresses but assumed
>> any
>> ESP payload was encryped and did not recalculate the transport checksums
>> with the new IP addresses. Thus"
>
> Made the changes you requested, but used "fix" instead "recalculate"
> as most of the nats do not recalculate checksum, but do incremental
> update on it. The whole text section is now:
>
> The most obvious field, TCP checksum, might not be usable, as it
> is possible that the packet has already transited a NAT box
> which changed the IP addresses but assumed any ESP payload was
> encrypted and did not fix the transport checksums with the new
> IP addresses. Thus the IP numbers used in the checksum are
> wrong, thus the checksum is wrong.
>
>> This explanation is helpful. I'd suggest adding "This hueristic is most
>> helpful when only one packet is outstanding. For example, if a TCP SYN
>> packet is lost, the next packet would always be a retransmission of the
>> SYN
>> packet".
>
> Changed (with minor edits) as you suggested. The full text is now:
>
> One good method of detection is if a packet is dropped then the
> next packet will most likely be a retransmission of the previous
> packet. Thus if two packets are received with the same source,
> and destination port numbers, and where sequence numbers are
> either same or right after each other, then it's likely a TCP
> packet has been correctly detected. This heuristics is most
> helpful when only one packet is outstanding. For example, if a
> TCP SYN packet is lost (or dropped because of policy), the next
> packet would always be a retransmission of the same TCP SYN
> packet.
>
>> Your explanation was very helpful. I'd suggest
>>
>> "Forcing use of ESP-NULL everywhere inside the enterprise, so that
>> accounting, logging, network monitoring, and intrusion detection all
>> work,
>> increases the risk of sending confidential information where
>> eavesdroppers
>> can see it"
>
> Changed to use your text.
>
> I updated the draft and submitted 06 version which includes these
> changes.
> --
> kivinen@iki.fi
- [Gen-art] Gen-ART review for draft-ietf-ipsecme-e… Spencer Dawkins
- Re: [Gen-art] Gen-ART review fordraft-ietf-ipsecm… Spencer Dawkins
- [Gen-art] Gen-ART review for draft-ietf-ipsecme-e… Tero Kivinen
- Re: [Gen-art] Gen-ART review for draft-ietf-ipsec… Spencer Dawkins
- Re: [Gen-art] Gen-ART review for draft-ietf-ipsec… Dan McDonald
- Re: [Gen-art] Gen-ART review for draft-ietf-ipsec… Tero Kivinen
- [Gen-art] Gen-ART review for draft-ietf-ipsecme-e… Spencer Dawkins