Re: [IPsec] [Last-Call] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06
"touch@strayalpha.com" <touch@strayalpha.com> Mon, 30 May 2022 19:56 UTC
Return-Path: <touch@strayalpha.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0F48C15C0A4; Mon, 30 May 2022 12:56:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.324
X-Spam-Level:
X-Spam-Status: No, score=-1.324 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BaRu6I41IJqk; Mon, 30 May 2022 12:56:52 -0700 (PDT)
Received: from server217-1.web-hosting.com (server217-1.web-hosting.com [198.54.114.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEB80C15AAE5; Mon, 30 May 2022 12:56:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=DCTx/rfTZ21mrEXBFXRJFuGZG3an9pCd70VPjNOOkw4=; b=tHiImduzQa2BwQ1kRmS53hL9TL eAtQ8DDCItaHycxZ/z1gn6SXgdVgOrOecjFg7wTMRPhYdhqv//fJ0OJ436Ie4YRLa7s3/IqngEzzT 2T6fiIAoxeqoOq1BrIJ3QjSKPuyFVoCF/wtYbtLPjE8tSz3ROX+oJw8lhqkrGfrPJVZWjOfYZJdKl kT5PEUhxGGlQ5zxktUG3lqCbklK+rHb7jvwOC0GsMaReRi1BaJNA/Aheyhh1Lao59u0FEmontklYW h4u7qjkSOoa96+OxBh9P+zTU1uj+Sn2CP5WSPhfVoVQN5LxqZDHW9Xf8osPaLtgw3Psk8YOEplCc7 ChFV/aHw==;
Received: from cpe-172-114-237-88.socal.res.rr.com ([172.114.237.88]:60084 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <touch@strayalpha.com>) id 1nvlVO-00084z-9Z; Mon, 30 May 2022 15:56:50 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_762B3770-367D-421B-A6F6-2C2622129564"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <25237.6715.619617.181961@fireball.acr.fi>
Date: Mon, 30 May 2022 12:56:43 -0700
Cc: Valery Smyslov <svan@elvis.ru>, Christian Huitema <huitema@huitema.net>, secdir@ietf.org, draft-ietf-ipsecme-rfc8229bis.all@ietf.org, ipsec@ietf.org, last-call@ietf.org
Message-Id: <80DC0FE1-6C58-4E0A-A9C4-795469B520B5@strayalpha.com>
References: <165377251630.6282.16767658545384357479@ietfa.amsl.com> <077301d8741b$c0fe9b40$42fbd1c0$@elvis.ru> <25237.6715.619617.181961@fireball.acr.fi>
To: Tero Kivinen <kivinen@iki.fi>
X-Mailer: Apple Mail (2.3696.100.31)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/kWCfo6F2JAsD5V2xplbVh0yIgoc>
Subject: Re: [IPsec] [Last-Call] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 May 2022 19:56:56 -0000
On May 30, 2022, at 12:25 PM, Tero Kivinen <kivinen@iki.fi> wrote: > > I think we need to add text explaining how to detect when the TCP > length framing gets messed up by attacks, and how to recover (i.e., > close down the TCP channel and recreate the TCP channel). The impact of RSTs can be limited for this purpose by recommending RFC5961 for these connections. But if even data injection has the same impact, it’d be much better to see if there’s a way to recover “sync” in the byte stream rather than expecting a new connection. Joe
- [IPsec] Secdir last call review of draft-ietf-ips… Christian Huitema via Datatracker
- Re: [IPsec] Secdir last call review of draft-ietf… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… Christian Huitema
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] [Last-Call] Secdir last call review o… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] [Last-Call] Secdir last call review o… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] Secdir last call review of draft-ietf… Tero Kivinen
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] Secdir last call review of draft-ietf… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… Valery Smyslov
- Re: [IPsec] Secdir last call review of draft-ietf… Tero Kivinen
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] Secdir last call review of draft-ietf… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… Christian Huitema
- Re: [IPsec] [Last-Call] Secdir last call review o… Christian Huitema
- Re: [IPsec] Secdir last call review of draft-ietf… Tero Kivinen
- Re: [IPsec] Secdir last call review of draft-ietf… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] [secdir] [Last-Call] Secdir last call… Valery Smyslov
- Re: [IPsec] [secdir] [Last-Call] Secdir last call… Valery Smyslov
- Re: [IPsec] [Last-Call] [secdir] Secdir last call… touch@strayalpha.com
- Re: [IPsec] [secdir] [Last-Call] Secdir last call… touch@strayalpha.com
- Re: [IPsec] [Last-Call] [secdir] Secdir last call… Valery Smyslov
- Re: [IPsec] [secdir] [Last-Call] Secdir last call… Valery Smyslov
- Re: [IPsec] [Last-Call] [secdir] Secdir last call… touch@strayalpha.com
- Re: [IPsec] Secdir last call review of draft-ietf… Tero Kivinen