Re: Fwd: Security Assessment of the Transmission Control Protocol (TCP)

TSG <tglassey@earthlink.net> Sat, 14 February 2009 15:27 UTC

Return-Path: <tglassey@earthlink.net>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 14C2F3A68A5; Sat, 14 Feb 2009 07:27:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.709
X-Spam-Level:
X-Spam-Status: No, score=-2.709 tagged_above=-999 required=5 tests=[AWL=-0.110, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rV88o5PctSIZ; Sat, 14 Feb 2009 07:27:09 -0800 (PST)
Received: from elasmtp-masked.atl.sa.earthlink.net (elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]) by core3.amsl.com (Postfix) with ESMTP id 1A39A3A69C7; Sat, 14 Feb 2009 07:27:09 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=q4gQa5r99g9C82/f4KTbobk9+RoMDFNJpx2DUu4aUuC7/QPuQMGQBpzaB0qcTEwr; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP;
Received: from [67.180.133.66] (helo=[192.168.1.101]) by elasmtp-masked.atl.sa.earthlink.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from <tglassey@earthlink.net>) id 1LYMQ0-0003Mu-UJ; Sat, 14 Feb 2009 10:27:01 -0500
Message-ID: <4996E2C3.3030604@earthlink.net>
Date: Sat, 14 Feb 2009 07:26:59 -0800
From: TSG <tglassey@earthlink.net>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: Joel Jaeggli <joelja@bogus.com>
Subject: Re: Fwd: Security Assessment of the Transmission Control Protocol (TCP)
References: <4994A4EB.5030607@gmail.com> <0B030ADA-F621-4FDF-9CAF-23A27C16E26B@multicasttech.com> <49961BDB.9030905@network-heretics.com> <49963A14.1090106@bogus.com>
In-Reply-To: <49963A14.1090106@bogus.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: 01b7a7e171bdf5911aa676d7e74259b7b3291a7d08dfec79b41deb07ca714905d2542f5e68a41e16350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 67.180.133.66
Cc: opsec wg mailing list <opsec@ietf.org>, Keith Moore <moore@network-heretics.com>, IETF discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Feb 2009 15:27:10 -0000

Joel Jaeggli wrote:
> Keith Moore wrote:
>   
>> Marshall Eubanks wrote:
>>     
>>> If I am reading this correctly the UK Centre for the Protection of
>>> National Infrastructure
>>> wants the IETF (or some other body) to produce a "companion document to
>>> the IETF specifications that discusses the security aspects and
>>> implications of the protocols, identifies the existing vulnerabilities,
>>> discusses the possible countermeasures, and analyses their respective
>>> effectiveness."
>>>       
>> It's difficult to imagine that these things could be adequately captured
>> in a static document, for TCP or any other protocol, because new threats
>> and countermeasures continue to be identified decades after the base
>> protocol is well-settled.  Maybe something like an expanded version of
>> the RFC Editor's errata pages would be more appropriate?
>>     
>
> One might imagine an informational document which was routinely
> obsoleted by future iterations. 

Unfortunately this isnt new information - the liabilities of IP have 
been well identified and understood for years like the BGP4 flap as well.

What the IETF still seems to fail to grasp is that it is responsible for 
its actions so its not taking security and the ability to produce 
reliable evidence of anything over a network transport are key factors 
and need to be built into any IETF endorsement that is issued in the 
form of a standard or standards-track effort.

I also would suggest that the IETF be willing to support other protocols 
besides IP based - hell XNS was way more secure than IP is by its very 
design.

Its not that TCP/IP is bad - its just that it wasnt designed as an 
evidentiary-grade data transport and that is nowadays a real issue.
>   

> Keeping it tractable is a product of
> necessarily limiting the scope.
>   
I dont think so.  Building an analysis scope which is defined to meet 
the evidence needs today would address this requirement and only need to 
be updated periodically to meet those changing evidence models.
>> _______________________________________________
>> Ietf mailing list
>> Ietf@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf
>>
>>     
>
>
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>
>