Re: [secdir] Collision on changes for draft-ietf-soc-overload-control-14
Spencer Dawkins <spencerdawkins.ietf@gmail.com> Wed, 19 February 2014 16:23 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F94A1A021B; Wed, 19 Feb 2014 08:23:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eHyFQ5NqrcxM; Wed, 19 Feb 2014 08:23:58 -0800 (PST)
Received: from mail-oa0-x236.google.com (mail-oa0-x236.google.com [IPv6:2607:f8b0:4003:c02::236]) by ietfa.amsl.com (Postfix) with ESMTP id D1A9F1A01F0; Wed, 19 Feb 2014 08:23:57 -0800 (PST)
Received: by mail-oa0-f54.google.com with SMTP id g12so263269oah.13 for <multiple recipients>; Wed, 19 Feb 2014 08:23:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=pAki5qusyKJppQbmecsHuvXDbwQ3bPDTDR2JHEj5Hsw=; b=I0+OYdZ61gBLYFO0UvVir7pAfU0hxwLV3biy/3dww42A9fSkVwDMBksg4jds0gYBTA xgqMf+eldWVObrkNamro81NiMUAEALAxbnxMen2o6HmFjvssGLI8ZlR6UK4BvpNylTgH /NUKDW3Gh1Q4OaE2vXjVZZjnWSu6dsdPL+OtcaqZtPpgzg/n8fv+I0unYFr1Ysvar8OI YJi/76fl2SUWUECOMuxTzrsAhOlkQgUVYnyUqs+vkHD1ixtCBUNp50VU/3qwVFiTS26W viEXd8/Qfs9wuhZg+pGKxI16LlGGs0LWagfc3OB0Q53q+k73qpPoe/JRLbjF8rWqgZe8 8lbw==
X-Received: by 10.60.102.243 with SMTP id fr19mr21411078oeb.13.1392827034505; Wed, 19 Feb 2014 08:23:54 -0800 (PST)
Received: from [192.168.0.13] (cpe-76-187-7-89.tx.res.rr.com. [76.187.7.89]) by mx.google.com with ESMTPSA id z5sm1880067obg.13.2014.02.19.08.23.52 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 19 Feb 2014 08:23:53 -0800 (PST)
Message-ID: <5304DA97.3000900@gmail.com>
Date: Wed, 19 Feb 2014 10:23:51 -0600
From: Spencer Dawkins <spencerdawkins.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: "Vijay K. Gurbani" <vkg@bell-labs.com>, "jsalowey@cisco.com" <jsalowey@cisco.com>
References: <5303B709.20407@bell-labs.com> <5303D6BF.6070901@gmail.com> <5304D989.80902@bell-labs.com>
In-Reply-To: <5304D989.80902@bell-labs.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/jIW5qZ9uFzl_6red1G4VtfSiPdo
X-Mailman-Approved-At: Wed, 19 Feb 2014 09:26:35 -0800
Cc: "draft-ietf-soc-overload-control@tools.ietf.org" <draft-ietf-soc-overload-control@tools.ietf.org>, "soc-chairs@tools.ietf.org" <soc-chairs@tools.ietf.org>, IESG IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Collision on changes for draft-ietf-soc-overload-control-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Feb 2014 16:23:59 -0000
On 02/19/2014 10:19 AM, Vijay K. Gurbani wrote: > On 02/18/2014 03:55 PM, Spencer Dawkins wrote: > [...] >> This is working for me, but the version you and Joe crafted had "make it >> *more* difficult". >> >> I'm hoping not to say anything like "TCP is a great security strategy"; >> "more difficult" is more like "TCP is a better security strategy than >> UDP, but ...". >> >> Could you help me understand where that word went? > > Spencer: I had excised that word in a pique of editorial discretion > since I thought it was not qualifying anything substantive. Clearly, > you thought otherwise, and that is perfectly fine. I will reintroduce > it as follows (plus some minor edits to improve readability): > > Attacks that indicate false overload control are best mitigated by > using TLS in conjunction with applying BCP 38 [RFC2827]. Attacks > that are mounted to suppress genuine overload conditions can be > similarly avoided by using TLS on the connection. Generally, TCP or > Websockets [RFC6455] in conjunction with BCP 38 makes it more > difficult for an attacker to insert or modify messages, but may still > prove inadequate against an adversary that controls links L1 and > L2. TLS provides the best protection from an attacker with access > to the network links. > > Thanks! > > - vijay Works for me! Spencer
- [secdir] Collision on changes for draft-ietf-soc-… Vijay K. Gurbani
- Re: [secdir] Collision on changes for draft-ietf-… Vijay K. Gurbani
- Re: [secdir] Collision on changes for draft-ietf-… Spencer Dawkins
- Re: [secdir] Collision on changes for draft-ietf-… Spencer Dawkins