Re: [secdir] draft-ietf-tcpm-tcpsecure
Nicolas Williams <Nicolas.Williams@sun.com> Fri, 14 August 2009 22:30 UTC
Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F3D2F3A68B0; Fri, 14 Aug 2009 15:30:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.583
X-Spam-Level:
X-Spam-Status: No, score=-5.583 tagged_above=-999 required=5 tests=[AWL=-0.137, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ojnXQ-msBA1T; Fri, 14 Aug 2009 15:30:33 -0700 (PDT)
Received: from sca-ea-mail-4.sun.com (sca-ea-mail-4.Sun.COM [192.18.43.22]) by core3.amsl.com (Postfix) with ESMTP id 448173A6872; Fri, 14 Aug 2009 15:30:33 -0700 (PDT)
Received: from dm-central-02.central.sun.com ([129.147.62.5]) by sca-ea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n7EMUXrN003295; Fri, 14 Aug 2009 22:30:33 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,v2.2) with ESMTP id n7EMUXwi055482; Fri, 14 Aug 2009 16:30:33 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n7EMCNx9001795; Fri, 14 Aug 2009 17:12:23 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n7EMCMq4001794; Fri, 14 Aug 2009 17:12:22 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Fri, 14 Aug 2009 17:12:22 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Sandra Murphy <sandy@sparta.com>
Message-ID: <20090814221222.GH1043@Sun.COM>
References: <Pine.WNT.4.64.0906080948290.6048@SANDYM-LT.columbia.ads.sparta.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <Pine.WNT.4.64.0906080948290.6048@SANDYM-LT.columbia.ads.sparta.com>
User-Agent: Mutt/1.5.7i
Cc: mdalal@cisco.com, ananth@cisco.com, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] draft-ietf-tcpm-tcpsecure
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2009 22:30:34 -0000
The mitigations in this I-D are made SHOULD, SHOULD, and MAY (see section 6, page 15). But that means that a TCP implementation could claim conformance while not implementing any of these mitigations. Therefore they should be, IMO, MUST, MUST and MAY (or SHOULD). Also, ISTM that the corner case described in section 4.2 can be avoided by noting the retransmitted SYN and then sending a SYN+ACK to that, and if an acknowledgement comes back then reset the old connection (and if there's no listener to accept the new one, then reset it too). Nico --
- [secdir] draft-ietf-tcpm-tcpsecure Sandra Murphy
- Re: [secdir] draft-ietf-tcpm-tcpsecure Lars Eggert
- Re: [secdir] draft-ietf-tcpm-tcpsecure Lars Eggert
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)
- Re: [secdir] draft-ietf-tcpm-tcpsecure Nicolas Williams
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)
- Re: [secdir] draft-ietf-tcpm-tcpsecure Nicolas Williams
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)
- Re: [secdir] draft-ietf-tcpm-tcpsecure Lars Eggert
- Re: [secdir] draft-ietf-tcpm-tcpsecure Nicolas Williams
- Re: [secdir] draft-ietf-tcpm-tcpsecure Paul Hoffman
- Re: [secdir] draft-ietf-tcpm-tcpsecure Lars Eggert
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)
- Re: [secdir] draft-ietf-tcpm-tcpsecure Sandra Murphy
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)