Re: [secdir] draft-ietf-tcpm-tcpsecure
"Anantha Ramaiah (ananth)" <ananth@cisco.com> Sun, 13 September 2009 11:37 UTC
Return-Path: <ananth@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9B3983A67A1; Sun, 13 Sep 2009 04:37:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.479
X-Spam-Level:
X-Spam-Status: No, score=-6.479 tagged_above=-999 required=5 tests=[AWL=0.120, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sHo5CC5DmQZp; Sun, 13 Sep 2009 04:37:36 -0700 (PDT)
Received: from sj-iport-1.cisco.com (sj-iport-1.cisco.com [171.71.176.70]) by core3.amsl.com (Postfix) with ESMTP id ADCF43A684A; Sun, 13 Sep 2009 04:37:36 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApoEAP91rEqrR7MV/2dsb2JhbADBHohMAY4ZBYQY
X-IronPort-AV: E=Sophos;i="4.44,378,1249257600"; d="scan'208";a="241051473"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-1.cisco.com with ESMTP; 13 Sep 2009 11:38:18 +0000
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n8DBcI6a008538; Sun, 13 Sep 2009 04:38:18 -0700
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id n8DBcI5i024910; Sun, 13 Sep 2009 11:38:18 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 13 Sep 2009 04:38:18 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 13 Sep 2009 04:38:17 -0700
Message-ID: <0C53DCFB700D144284A584F54711EC5807FF0261@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <Pine.WNT.4.64.0906080948290.6048@SANDYM-LT.columbia.ads.sparta.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: draft-ietf-tcpm-tcpsecure
Thread-Index: AcnoQZQAkY7GfiSvTvqgEDwTP3OoExMIAoJw
References: <Pine.WNT.4.64.0906080948290.6048@SANDYM-LT.columbia.ads.sparta.com>
From: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
To: Sandra Murphy <sandy@sparta.com>, "Mitesh Dalal (mdalal)" <mdalal@cisco.com>
X-OriginalArrivalTime: 13 Sep 2009 11:38:18.0566 (UTC) FILETIME=[B07B4E60:01CA3466]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2905; t=1252841898; x=1253705898; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth@cisco.com; z=From:=20=22Anantha=20Ramaiah=20(ananth)=22=20<ananth@cisco .com> |Subject:=20RE=3A=20draft-ietf-tcpm-tcpsecure |Sender:=20; bh=YPXRKq7iyfBihkkSyYCmpepiGPJCqJlQRHhZjzXkZfo=; b=GTOLIFthPJpG6k9yI4dmiGFLZ+ITU8a3nLpy7mXWUc4H/wmlndytK4ziFV W7dOk687KJp495rsAggcL1jOzJDUzC453GQp35sArsfW1JxsoUzSLuuxa2VJ gU3hhCcSgwPJIkF+pHpj3XJjsM0sGxixQKTH0rCI7jyqd7bNS5FQ4=;
Authentication-Results: sj-dkim-1; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Cc: iesg@ietf.org, Lars Eggert <lars.eggert@nokia.com>, secdir@ietf.org
Subject: Re: [secdir] draft-ietf-tcpm-tcpsecure
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Sep 2009 11:37:37 -0000
I figured out the reply to this email doidn't make it ( I was editing the draft based on the feedback received) > -----Original Message----- > From: Sandra Murphy [mailto:sandy@sparta.com] > Sent: Monday, June 08, 2009 6:59 AM > To: Anantha Ramaiah (ananth); Mitesh Dalal (mdalal) > Cc: iesg@ietf.org; secdir@ietf.org > Subject: draft-ietf-tcpm-tcpsecure > > I've been on the road, so this is just a quick note to say > that I still have questions, with a promise of more full > answer when I get back to the office tomorrow. All the > following done really from memory from a re-review yesterday. > Just so you know I haven't forgotten you. > > About quoting text: > > The example you point to of what each mitigation says is a good case. > (what is "rg"?) > > You posit a case 1 and case 2. This is a summary of what 793 > says, not a quote. 793 spreads the discussion over 2 pages. > your case 1 is represented in a parenthetical remark in an > "otherwise" clause - hard to find. And you have a typo in > the inequality. And the case 2 in 793 is broken out over > three different groupings of states. Do you mean the new ACK > to be generated in all three state groups? Are you talking about RST/SYN mitigations ? If so the current text is clear. The challenge ACK will be generated, pl note that the document quotes the processing rules of the incoming segment and talks what mods are suggested. > > About the stingency. > > If UNA is 1000, Max.snd.wnd is 50, and the ack is 975, then > in 793, the ack is < UNA and so "it is ignored", in your > draft the ack is > UNA-max.snd.wnd so it is acceptable. Ok, I have added more text to clarify this point. "Ignored" means the ACK value is ignored and the segment is processed as per the other rules, hence ignored implies "accepted" and not dropped. > > So your draft accepts more ACKs that 793. > > Have I lost my ability to tell > from <? Do you regard > accepting more ACKS as "more stringent"? No, I think it is a mis-interpreation of ignored. > > About the guidance to implementors. > > It still looks to me like this guidance is only useful to > implementors who are implementing both the OS TCP stack *AND* > the application. I.E., freebsd won't know whether this to > follow the guidance or not but cisco/juniper/etc will. Not sure why such an inference is made. > > What is the "AS"? Applicability statement (but I couldn't find the AS reference in the draft, it is spelled out in full) ? -Anantha > > About grammar checks: > > And you did not miss email, I lost my marked up copy, so I've > gone through for the grammar check again (don't think I > found all that many > nits) and will send to you. > > --Sandy > > >
- [secdir] draft-ietf-tcpm-tcpsecure Sandra Murphy
- Re: [secdir] draft-ietf-tcpm-tcpsecure Lars Eggert
- Re: [secdir] draft-ietf-tcpm-tcpsecure Lars Eggert
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)
- Re: [secdir] draft-ietf-tcpm-tcpsecure Nicolas Williams
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)
- Re: [secdir] draft-ietf-tcpm-tcpsecure Nicolas Williams
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)
- Re: [secdir] draft-ietf-tcpm-tcpsecure Lars Eggert
- Re: [secdir] draft-ietf-tcpm-tcpsecure Nicolas Williams
- Re: [secdir] draft-ietf-tcpm-tcpsecure Paul Hoffman
- Re: [secdir] draft-ietf-tcpm-tcpsecure Lars Eggert
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)
- Re: [secdir] draft-ietf-tcpm-tcpsecure Sandra Murphy
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)
- Re: [secdir] draft-ietf-tcpm-tcpsecure Anantha Ramaiah (ananth)