Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Christian Huitema <huitema@bellcore.com> Wed, 01 April 1998 12:28 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id HAA23277 for ipsec-outgoing; Wed, 1 Apr 1998 07:28:07 -0500 (EST)
Date: Tue, 31 Mar 1998 23:36:11 -0500
From: Christian Huitema <huitema@bellcore.com>
Message-Id: <980331233611.ZM14627@seawind.bellcore.com>
In-Reply-To: "Steven M. Bellovin" <smb@research.att.com> "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard" (Mar 30, 11:15pm)
References: <199803310715.CAA15246@smb.research.att.com>
X-Mailer: Z-Mail (5.0.0 30July97)
To: "Steven M. Bellovin" <smb@research.att.com>, ablair@erols.com
Subject: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Cc: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>, iesg@ns.ietf.org, ipsec@tis.com, ietf@ns.ietf.org, tcp-over-satellite@achtung.sp.trw.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
On Mar 30, 11:15pm, Steven M. Bellovin wrote: > Subject: Re: Last Call: Security Architecture for the Internet Protocol to > My understanding is that the TCP Over Satellite WG is considering the > use > of spoofing (at least as a research topic). I presume this means that > IPSec and spoofing to improve performance on a long latency satellite > network are incompatible. Is there any way to maintain security and > still do TCP spoofing for satellites (i.e., could you elaborate on the > evil)? > > You're right -- IPsec will not permit window-size spoofing. To understand > why, imagine that an enemy were to play games with window sizes -- > probably sending small ones, but just large enough to avoid tickling the > silly window syndrome code; slamming the window shut (remember that > closed windows are probed very infrequently); opening it wide and then > slamming it shut (against the spec, but is your stack robust enough > to cope?), etc. > > It's an interesting question how to have both good security and how > to play such TCP games. There are other issues between IPsec and > ECN; I spoke at that BoF today. By the way, it should be noted that the only rationale, if any, for TCP spoofing in the satellite relays is the inadequacy of the end-to-end TCP implementation. The specificities of satellites and their interaction with transport protocols have been known for more than 15 years, and the cure is also very well known: use large windows, use selective acknowledgments. The only slightly researchy subject is the possible use of pacing mechanisms to avoid the swings caused by large windows. TCP support both large windows and selective acknowledgements. A user that opts for end to end encryption will still get good performances over satellite links if they also select proper TCP implementations. -- Christian Huitema ---------- See you at INET'98, Geneva 21-24,July 98 http://www.isoc.org/inet98/
- Last Call: Security Architecture for the Internet… The IESG
- Re: Last Call: Security Architecture for the Inte… Greg Minshall
- RE: Last Call: Security Architecture for the Inte… Roy Pereira
- Re: Last Call: Security Architecture for the Inte… dan_nessett
- Re: Last Call: Security Architecture for the Inte… Paul Koning
- RE: Last Call: Security Architecture for the Inte… JGC
- Re: Last Call: Security Architecture for the Inte… Michael C. Richardson
- Re: Last Call: Security Architecture for the Inte… Michael C. Richardson
- RE: Last Call: Security Architecture for the Inte… Peter Ford
- Re: Last Call: Security Architecture for the Inte… Perry E. Metzger
- RE: Last Call: Security Architecture for the Inte… Peter Ford
- Re: Last Call: Security Architecture for the Inte… Perry E. Metzger
- Re: Last Call: Security Architecture for the Inte… Daniel Harkins
- Re: Last Call: Security Architecture for the Inte… Phil Karn
- Re: Last Call: Security Architecture for the Inte… Phil Karn
- Re: Last Call: Security Architecture for the Inte… Phil Karn
- Re: Last Call: Security Architecture for the Inte… Phil Karn
- Re: Last Call: Security Architecture for the Inte… Alexei V. Vopilov
- Re: Last Call: Security Architecture for the Inte… Perry E. Metzger
- Re: Last Call: Security Architecture for the Inte… Adam Shostack
- Re: Last Call: Security Architecture for the Inte… Mike O'Dell
- Re: Last Call: Security Architecture for the Inte… Bob Natale
- RE: Last Call: Security Architecture for the Inte… Patel, Baiju V
- Re: Last Call: Security Architecture for the Inte… Barney Wolff
- Re: Last Call: Security Architecture for the Inte… Dan McDonald
- Re: Last Call: Security Architecture for the Inte… Derrell D. Piper
- Re: Last Call: Security Architecture for the Inte… Steve Bellovin
- RE: Last Call: Security Architecture for the Inte… Peter Ford
- RE: Last Call: Security Architecture for the Inte… Peter Ford
- Re: Last Call: Security Architecture for the Inte… Alexei V. Vopilov
- Re: Last Call: Security Architecture for the Inte… Scott G. Kelly
- RE: Last Call: Security Architecture for the Inte… Robert Moskowitz
- Re: Last Call: Security Architecture for the Inte… Robert Moskowitz
- Re: Last Call: Security Architecture for the Inte… Robert Moskowitz
- RE: Last Call: Security Architecture for the Inte… Alex Alten
- RE: Last Call: Security Architecture for the Inte… Alex Alten
- Re: Last Call: Security Architecture for the Inte… Bronislav Kavsan
- Re: Last Call: Security Architecture for the Inte… Ran Atkinson
- RE: Last Call: Security Architecture for the Inte… Peter Ford
- RE: Last Call: Security Architecture for the Inte… John Ioannidis
- RE: Last Call: Security Architecture for the Inte… Stephen Kent
- Re: Last Call: Security Architecture for the Inte… Robert Moskowitz
- RE: Last Call: Security Architecture for the Inte… Robert Moskowitz
- [Fwd: Last Call: Security Architecture for the In… Scott G. Kelly
- Re: Last Call: Security Architecture for the Inte… Scott G. Kelly
- Re: Last Call: Security Architecture for the Inte… Scott G. Kelly
- Re: Last Call: Security Architecture for the Inte… Michael C. Richardson
- Re: Last Call: Security Architecture for the Inte… Bronislav Kavsan
- Re: Last Call: Security Architecture for the Inte… Bill Sommerfeld
- Re: Last Call: Security Architecture for the Inte… Steven M. Bellovin
- Re: Last Call: Security Architecture for the Inte… Alan Blair
- Re: Last Call: Security Architecture for the Inte… Michael Richardson
- Re: Last Call: Security Architecture for the Inte… Christian Huitema
- Re: Last Call: Security Architecture for the Inte… Eric Travis
- Re: Last Call: Security Architecture for the Inte… Phil Karn
- Re: Last Call: Security Architecture for the Inte… Christian Huitema
- Re: Last Call: Security Architecture for the Inte… Phil Karn
- RE: Last Call: Security Architecture for the Inte… Spencer Dawkins
- Re: Last Call: Security Architecture for the Inte… M.C.Nelson
- Re: Last Call: Security Architecture for the Inte… Scott G. Kelly
- Re: Last Call: Security Architecture for the Inte… Steve Bellovin
- Re: Last Call: Security Architecture for the Inte… Lewis McCarthy
- Re: Last Call: Security Architecture for the Inte… Perry E. Metzger
- Re: Last Call: Security Architecture for the Inte… M.C.Nelson
- Re: Last Call: Security Architecture for the Inte… M.C.Nelson
- Re: Last Call: Security Architecture for the Inte… M.C.Nelson
- Re: Last Call: Security Architecture for the Inte… M.C.Nelson
- Re: Last Call: Security Architecture for the Inte… Ran Canetti
- Re: Last Call: Security Architecture for the Inte… Tero Kivinen
- Re: Last Call: Security Architecture for the Inte… Steve Bellovin
- Re: Last Call: Security Architecture for the Inte… Tero Kivinen
- Re: Last Call: Security Architecture for the Inte… Howard Weiss
- Re: Last Call: Security Architecture for the Inte… Lewis McCarthy
- Re: Last Call: Security Architecture for the Inte… Ran Canetti
- Re: Last Call: Security Architecture for the Inte… M.C.Nelson
- Re: Last Call: Security Architecture for the Inte… Tero Kivinen
- Re: Last Call: Security Architecture for the Inte… Ran Canetti