IETF Logo Mail Archive

Re: Comments on draft-ietf-rtgwg-rfc3682bis-05.txt: single-hop/multi-hop

Pekka Savola <pekkas@netcore.fi> Thu, 14 July 2005 06:14 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DswzN-00009S-RZ; Thu, 14 Jul 2005 02:14:29 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DswzM-00009M-34 for rtgwg@megatron.ietf.org; Thu, 14 Jul 2005 02:14:28 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA29927 for <rtgwg@ietf.org>; Thu, 14 Jul 2005 02:14:26 -0400 (EDT)
Received: from netcore.fi ([193.94.160.1]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1DsxRt-0001BC-Cu for rtgwg@ietf.org; Thu, 14 Jul 2005 02:43:59 -0400
Received: from localhost (pekkas@localhost) by netcore.fi (8.11.6/8.11.6) with ESMTP id j6E6D0s22367; Thu, 14 Jul 2005 09:13:00 +0300
Date: Thu, 14 Jul 2005 09:12:59 +0300
From: Pekka Savola <pekkas@netcore.fi>
To: akatlas@alum.mit.edu
In-Reply-To: <6280db520507130100427d3b8b@mail.gmail.com>
Message-ID: <Pine.LNX.4.61.0507140909220.21842@netcore.fi>
References: <5.1.0.14.2.20050525172745.01fd6d38@10.2.0.68> <5.1.0.14.2.20050527225742.01e27fd8@10.2.0.68> <20050531202320.GA20028@1-4-5.net> <1426892170.20050712161249@psg.com> <6280db520507130100427d3b8b@mail.gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 73734d43604d52d23b3eba644a169745
Cc: Alex Zinin <zinin@psg.com>, David Meyer <dmm@1-4-5.net>, vijay@umbc.edu, heas@shrubbery.net, rtgwg@ietf.org
Subject: Re: Comments on draft-ietf-rtgwg-rfc3682bis-05.txt: single-hop/multi-hop
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: rtgwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
Sender: rtgwg-bounces@ietf.org
Errors-To: rtgwg-bounces@ietf.org

On Wed, 13 Jul 2005, Alia Atlas wrote:
> Sounds good.  The only point with the MAY for the multi-hop is to
> require that the packets are sent with the TTL=255 even if the
> recipient is multiple hops away and the receiver doesn't support the
> multi-hop.

As I said in the past, I believe all this stuff about TrustRadius 
should go in an appendix, so that the main spec could be much simpler 
(e.g., related to fragments and text).

Then we could describe "a generalized GTSM" in the appendix.  The 
section would describe the differences to:
  - applicability
  - the GTSM rules themselves (instead of checking for "255" ...)
  - security considerations
  - (possibly) fragment processing
  - something else?

What I see now is that we're complicating the main spec with a 
generalization that I'm not sure people have implemented or are all 
that interested about.  The main spec is IMHO standards track maturity 
but the generalization still seems experimental to me.

> On 7/12/05, Alex Zinin <zinin@psg.com> wrote:
>> Folks-
>>
>>  On this issue (see quotes below), how about we say in the doc:
>>
>>   Implementations MUST support the single-hop (TrustRadius = 0) mode, and
>>   MAY support the multi-hop (TrustRadius > 0) one.
>>
>> --
>> Alex
>>
>>>>>> I think it may be useful to describe that it is possible to support only
>>>>>> the single-hop GTSM - which gives the most security benefit,
>>>>>> anyway.  That seems to me to be much simpler to implement with the
>>>>>> currently existing ACLs.
>>>>>
>>>>> Personally, I don't care for non-single-hop GTSM at all (and I think it
>>>>> would probably be dangerous and requires an applicability statement.
>>
>>>       Its there already:
>>
>>>         When a multi-hop protocol session is required, we set
>>>         the expected TTL value to be 255 - TrustRadius. This
>>>         approach provides a qualitatively lower degree of
>>>         security for the protocol implementing GTSM (i.e., a
>>>         DoS attack could theoretically be launched by
>>>         compromising some box in the path). However, GTSM will
>>>         still catch the vast majority of observed DDoS attacks
>>>         (launched from outside the network) against a given
>>>         protocol. Note that since the number of hops can change
>>>         rapidly in real network situations, it is considered
>>>         that GTSM may not be able to handle this scenario
>>>         adequately and an implementation MAY provide OPTIONAL
>>>         support.
>>
>>>>> If it would be feasible, I'd move single-hop GTSM to standards track while
>>>>> keeping multihop at experimental.
>>>>
>>>> I agree.  I believe the multi-hop has a less clear benefit & more holes.
>>>> At the least, it would be good to more clearly describe the added
>>>> complexity and risks (or lesser benefit) for the multi-hop and possibly
>>>> make those MAY instead of SHOULD.
>>
>>>       I have no problem with this. Multi-hop GTSM has (clearly)
>>>       "less well defined" behavior and security properites.
>>
>>
>>
>> _______________________________________________
>> Rtgwg mailing list
>> Rtgwg@ietf.org
>> https://www1.ietf.org/mailman/listinfo/rtgwg
>>
>
> _______________________________________________
> Rtgwg mailing list
> Rtgwg@ietf.org
> https://www1.ietf.org/mailman/listinfo/rtgwg
>

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

_______________________________________________
Rtgwg mailing list
Rtgwg@ietf.org
https://www1.ietf.org/mailman/listinfo/rtgwg

v2.23.0 | Report a Bug | By Email