Re: [secdir] draft-ietf-tcpm-tcpsecure

Lars Eggert <lars.eggert@nokia.com> Thu, 09 July 2009 07:06 UTC

Return-Path: <lars.eggert@nokia.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1EC653A68B5; Thu, 9 Jul 2009 00:06:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.496
X-Spam-Level:
X-Spam-Status: No, score=-2.496 tagged_above=-999 required=5 tests=[AWL=0.103, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q7tFYNlPYdnF; Thu, 9 Jul 2009 00:06:48 -0700 (PDT)
Received: from mail.fit.nokia.com (mail.fit.nokia.com [195.148.124.195]) by core3.amsl.com (Postfix) with ESMTP id DCE773A67DD; Thu, 9 Jul 2009 00:06:47 -0700 (PDT)
Received: from [192.168.0.197] (funet-wlan.fit.nokia.com [195.148.124.254]) (authenticated bits=0) by mail.fit.nokia.com (8.14.3/8.14.3) with ESMTP id n69772o9021500 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 9 Jul 2009 10:07:02 +0300 (EEST) (envelope-from lars.eggert@nokia.com)
Message-Id: <03C04ACE-5773-4260-AABD-E799E614C469@nokia.com>
From: Lars Eggert <lars.eggert@nokia.com>
To: Sandra Murphy <sandy@sparta.com>
In-Reply-To: <Pine.WNT.4.64.0906080948290.6048@SANDYM-LT.columbia.ads.sparta.com>
Content-Type: multipart/signed; boundary="Apple-Mail-21-380561542"; micalg="sha1"; protocol="application/pkcs7-signature"
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Thu, 09 Jul 2009 10:06:57 +0300
References: <Pine.WNT.4.64.0906080948290.6048@SANDYM-LT.columbia.ads.sparta.com>
X-Mailer: Apple Mail (2.935.3)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.2 (mail.fit.nokia.com [195.148.124.194]); Thu, 09 Jul 2009 10:07:03 +0300 (EEST)
Cc: "mdalal@cisco.com" <mdalal@cisco.com>, "ananth@cisco.com" <ananth@cisco.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] draft-ietf-tcpm-tcpsecure
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2009 07:06:49 -0000

Hi, Sandy,

On 2009-6-8, at 16:59, Sandra Murphy wrote:
> I've been on the road, so this is just a quick note to say that I  
> still
> have questions, with a promise of more full answer when I get back  
> to the
> office tomorrow.

the authors are still waiting to hear your additional questions.  
Please let me know when we can expect them, so I know when I can  
expect a revision from the authors.

Thanks,
Lars

>  All the following done really from memory from a
> re-review yesterday.  Just  so you know I haven't forgotten you.
>
> About quoting text:
>
> The example you point to of what each mitigation says is a good case.
> (what is "rg"?)
>
> You posit a case 1 and case 2.  This is a summary of what 793 says,  
> not a
> quote.  793 spreads the discussion over 2 pages.  your case 1 is
> represented in a parenthetical remark in an "otherwise" clause -  
> hard to
> find.  And you have a typo in the inequality.  And the case 2 in 793  
> is
> broken out over three different groupings of states.  Do you mean  
> the new
> ACK to be generated in all three state groups?
>
> About the stingency.
>
> If UNA is 1000, Max.snd.wnd is 50, and the ack is 975, then in 793,  
> the
> ack is < UNA and so "it is ignored", in your draft the ack is >
> UNA-max.snd.wnd so it is acceptable.
>
> So your draft accepts more ACKs that 793.
>
> Have I lost my ability to tell > from <?  Do you regard accepting more
> ACKS as "more stringent"?
>
> About the guidance to implementors.
>
> It still looks to me like this guidance is only useful to  
> implementors who
> are implementing both the OS TCP stack *AND* the application.  I.E.,
> freebsd won't know whether this to follow the guidance or not but
> cisco/juniper/etc will.
>
> What is the "AS"?
>
> About grammar checks:
>
> And you did not miss email, I lost my marked up copy, so I've  gone
> through for the grammar check again (don't think I found all that many
> nits) and will send to you.
>
> --Sandy
>
>