[secdir] draft-ietf-tcpm-tcpsecure

Sandra Murphy <sandy@sparta.com> Mon, 08 June 2009 14:01 UTC

Return-Path: <Sandra.Murphy@cobham.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 551493A6ADC; Mon, 8 Jun 2009 07:01:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0borT5feR8dx; Mon, 8 Jun 2009 07:01:06 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by core3.amsl.com (Postfix) with ESMTP id 6C0643A6848; Mon, 8 Jun 2009 07:01:06 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id n58E19MV012948; Mon, 8 Jun 2009 09:01:09 -0500
Received: from nemo.columbia.ads.sparta.com (nemo.columbia.sparta.com [157.185.80.75]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id n58DxIFf026269; Mon, 8 Jun 2009 09:01:08 -0500
Received: from SANDYM-LT.columbia.ads.sparta.com ([10.71.1.67]) by nemo.columbia.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Mon, 8 Jun 2009 09:59:09 -0400
Date: Mon, 08 Jun 2009 09:59:04 -0400
From: Sandra Murphy <sandy@sparta.com>
To: ananth@cisco.com, mdalal@cisco.com
Message-ID: <Pine.WNT.4.64.0906080948290.6048@SANDYM-LT.columbia.ads.sparta.com>
X-X-Sender: sandy@nemo.columbia.sparta.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-OriginalArrivalTime: 08 Jun 2009 13:59:09.0749 (UTC) FILETIME=[4BB5BE50:01C9E841]
Cc: iesg@ietf.org, secdir@ietf.org
Subject: [secdir] draft-ietf-tcpm-tcpsecure
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2009 14:01:07 -0000

I've been on the road, so this is just a quick note to say that I still 
have questions, with a promise of more full answer when I get back to the 
office tomorrow.  All the following done really from memory from a 
re-review yesterday.  Just  so you know I haven't forgotten you.

About quoting text:

The example you point to of what each mitigation says is a good case. 
(what is "rg"?)

You posit a case 1 and case 2.  This is a summary of what 793 says, not a 
quote.  793 spreads the discussion over 2 pages.  your case 1 is 
represented in a parenthetical remark in an "otherwise" clause - hard to 
find.  And you have a typo in the inequality.  And the case 2 in 793 is 
broken out over three different groupings of states.  Do you mean the new 
ACK to be generated in all three state groups?

About the stingency.

If UNA is 1000, Max.snd.wnd is 50, and the ack is 975, then in 793, the 
ack is < UNA and so "it is ignored", in your draft the ack is > 
UNA-max.snd.wnd so it is acceptable.

So your draft accepts more ACKs that 793.

Have I lost my ability to tell > from <?  Do you regard accepting more 
ACKS as "more stringent"?

About the guidance to implementors.

It still looks to me like this guidance is only useful to implementors who 
are implementing both the OS TCP stack *AND* the application.  I.E., 
freebsd won't know whether this to follow the guidance or not but 
cisco/juniper/etc will.

What is the "AS"?

About grammar checks:

And you did not miss email, I lost my marked up copy, so I've  gone 
through for the grammar check again (don't think I found all that many 
nits) and will send to you.

--Sandy