Re: [secdir] secdir review of draft-ietf-tcpm-tcpmss-04

"Klaas Wierenga (kwiereng)" <kwiereng@cisco.com> Wed, 30 May 2012 17:39 UTC

Return-Path: <kwiereng@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 322F521F85B9; Wed, 30 May 2012 10:39:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.78
X-Spam-Level:
X-Spam-Status: No, score=-6.78 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8, RCVD_NUMERIC_HELO=2.067, SARE_SUB_6CONS_WORD=0.356]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zt7ga4P0v0KO; Wed, 30 May 2012 10:39:55 -0700 (PDT)
Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by ietfa.amsl.com (Postfix) with ESMTP id C300021F85B5; Wed, 30 May 2012 10:39:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=kwiereng@cisco.com; l=4493; q=dns/txt; s=iport; t=1338399594; x=1339609194; h=subject:references:content-transfer-encoding:from: in-reply-to:message-id:date:to:cc:mime-version; bh=NciYSdpQfPVnzBhO6erIc2DMJpEux+p5zB26PhCENxo=; b=aLkIh9qa96ET3jc0uLWGbK2/3GWa///M27QFc7mDfjfC0UP3tvSD/LA5 ykldc1HpGGQu9rMx3oNQbtGh/Ni/42cn9ADs9ycSNLYvG1OVmOcgLaz6Q OTvmQXjnP7lcxkjvjD/+HMxG1fjW9wSjp1aBjSI57xZasc7xQoOHMmt9m w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlsHAHRaxk+Q/khL/2dsb2JhbABEtA8CgQeCFwEBAQMBEgEnPwULAgEIGC5XAQEEEyKHZAWZHKABiwUVhE1gA5UYgQ+MfieBP4JigVUI
X-IronPort-AV: E=Sophos;i="4.75,685,1330905600"; d="scan'208";a="73825742"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-2.cisco.com with ESMTP; 30 May 2012 17:39:53 +0000
Received: from xbh-ams-201.cisco.com (xbh-ams-201.cisco.com [144.254.75.7]) by ams-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id q4UHdrNb031489; Wed, 30 May 2012 17:39:53 GMT
Received: from xmb-ams-101.cisco.com ([144.254.74.76]) by xbh-ams-201.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 30 May 2012 19:39:53 +0200
Received: from 144.254.74.76 ([144.254.74.76]) by XMB-AMS-101.cisco.com ([144.254.74.76]) with Microsoft Exchange Server HTTP-DAV ; Wed, 30 May 2012 17:39:52 +0000
References: <4FC63731.7060409@cisco.com> <58B9B09F-ECA8-457E-B22C-34CE7A69CCFA@quantum.com>
Content-Transfer-Encoding: quoted-printable
From: "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>
Thread-Topic: secdir review of draft-ietf-tcpm-tcpmss-04
Thread-Index: Ac0+izgwu9n5fU9KTAyL2JPMWZ7pwA==
Content-Type: text/plain; charset="us-ascii"
In-Reply-To: <58B9B09F-ECA8-457E-B22C-34CE7A69CCFA@quantum.com>
Message-ID: <B00101B3-C986-4283-87D4-EA125860F1C6@cisco.com>
Date: Wed, 30 May 2012 19:39:51 +0200
To: "David Borman" <David.Borman@quantum.com>
MIME-Version: 1.0 (1.0)
X-OriginalArrivalTime: 30 May 2012 17:39:53.0735 (UTC) FILETIME=[38C3E170:01CD3E8B]
Cc: draft-ietf-tcpm-tcpmss.all@tools.ietf.org, The IESG <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-tcpm-tcpmss-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2012 17:39:56 -0000

Hi David,


On 30 mei 2012, at 19:29, "David Borman" <David.Borman@quantum.com>; wrote:

> Klass,
> 
> Thanks for the review.
> 
> On May 30, 2012, at 10:05 AM, Klaas Wierenga wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> Hi,
>> 
>> I have reviewed this document as part of the security directorate's
>> ongoing effort to review all IETF documents being processed by the
>> IESG.  These comments were written primarily for the benefit of the
>> security area directors.  Document editors and WG chairs should treat
>> these comments just like any other last call comments.
>> 
>> General comments:
>> ==================
>> 
>> This is a short, clear and to the point draft. I have only a few
>> general comments
>> 
>> 1 (introduction)
>> - ----------------
>> 
>> - - Please expand MSS on first use
> 
> Agreed.
> 
>> 
>> - - "(see appendix A)" and "but there still seems to be some confusion"
>> 
>> This sounds pretty vague to me. I thought Appendix A would be a
>> verbatim copy of the text from 1122, but it is much more, and I
>> appreciated the discussion. I propose to make that explicit:
>> 
>> "RFC1122 clarified the MSS option, but confusion remains as discussed
>> in Appendix A"
> 
> I've changed it to:
>   RFC 1122 [RFC1122] clarified the MSS
>   option, which is discussed in Appendix A, but there still seems to be
>   some confusion.


Ah, I thought you had listed all confusion in appendix A. Since that does not seem to be the case, can you say anything about the nature of the remaining confusion?

>> 
>> Security Considerations:
>> ========================
>> I don't really think what you have written down here qualifies as
>> security considerations. It sort of hints to a denial-of-service, but
>> I don't see any evil, just an operational problem.
> 
> Another review said more or less the same thing..

Great minds..... ;-)

> 
>> What I wonder about
>> (but I am not knowledgable to judge) is whether wrong MSS size
>> settings could be exploited for for example buffer overflow attacks.
> 
> There shouldn't be any problem.  The MSS is just an upper bound
> for the size of packets that can be reassembled by the receiving
> hosts; in theory most IPv4 hosts should be using 65535 because they
> don't have a fixed limit, and then just let Path MTU discovery sort
> it out.  In practice, though, the MSS is used as an upper bound for what
> size of packet can be received without the need for fragmentation,
> avoiding PMTU from probing for larger sizes that will never succeed.
> 
> I don't have a strong opinion about the current content of the
> Security Considerations section.  My leaning is to just leave it
> as is, but I'd be fine with moving the content up to section 5.4
> as an "Additional Consideration", and then have section 6, "Security
> Considerations" just have a comment that there are no security
> considerations, if folks generally feel that would be better.

I don't feel comfortable with a security consideration that isn't, so I would lean towards your alternative proposal.

Thanks for the fast response!

Klaas

> 
>        -David Borman
> 
>> 
>> 
>> Cheers,
>> 
>> Klaas
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>> 
>> iEYEARECAAYFAk/GNzAACgkQH2Wy/p4XeFJQrACdEZggKbo9y+3p3W35N7FBzpho
>> izcAoIl1J9o04ymIXyYmEZP+IiHRH18I
>> =aIb0
>> -----END PGP SIGNATURE-----
> 
> ----------------------------------------------------------------------
> The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through anti virus and spam software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt.