Re: [secdir] Collision on changes for draft-ietf-soc-overload-control-14

Spencer Dawkins <spencerdawkins.ietf@gmail.com> Wed, 19 February 2014 16:23 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F94A1A021B; Wed, 19 Feb 2014 08:23:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eHyFQ5NqrcxM; Wed, 19 Feb 2014 08:23:58 -0800 (PST)
Received: from mail-oa0-x236.google.com (mail-oa0-x236.google.com [IPv6:2607:f8b0:4003:c02::236]) by ietfa.amsl.com (Postfix) with ESMTP id D1A9F1A01F0; Wed, 19 Feb 2014 08:23:57 -0800 (PST)
Received: by mail-oa0-f54.google.com with SMTP id g12so263269oah.13 for <multiple recipients>; Wed, 19 Feb 2014 08:23:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=pAki5qusyKJppQbmecsHuvXDbwQ3bPDTDR2JHEj5Hsw=; b=I0+OYdZ61gBLYFO0UvVir7pAfU0hxwLV3biy/3dww42A9fSkVwDMBksg4jds0gYBTA xgqMf+eldWVObrkNamro81NiMUAEALAxbnxMen2o6HmFjvssGLI8ZlR6UK4BvpNylTgH /NUKDW3Gh1Q4OaE2vXjVZZjnWSu6dsdPL+OtcaqZtPpgzg/n8fv+I0unYFr1Ysvar8OI YJi/76fl2SUWUECOMuxTzrsAhOlkQgUVYnyUqs+vkHD1ixtCBUNp50VU/3qwVFiTS26W viEXd8/Qfs9wuhZg+pGKxI16LlGGs0LWagfc3OB0Q53q+k73qpPoe/JRLbjF8rWqgZe8 8lbw==
X-Received: by 10.60.102.243 with SMTP id fr19mr21411078oeb.13.1392827034505; Wed, 19 Feb 2014 08:23:54 -0800 (PST)
Received: from [192.168.0.13] (cpe-76-187-7-89.tx.res.rr.com. [76.187.7.89]) by mx.google.com with ESMTPSA id z5sm1880067obg.13.2014.02.19.08.23.52 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 19 Feb 2014 08:23:53 -0800 (PST)
Message-ID: <5304DA97.3000900@gmail.com>
Date: Wed, 19 Feb 2014 10:23:51 -0600
From: Spencer Dawkins <spencerdawkins.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: "Vijay K. Gurbani" <vkg@bell-labs.com>, "jsalowey@cisco.com" <jsalowey@cisco.com>
References: <5303B709.20407@bell-labs.com> <5303D6BF.6070901@gmail.com> <5304D989.80902@bell-labs.com>
In-Reply-To: <5304D989.80902@bell-labs.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/jIW5qZ9uFzl_6red1G4VtfSiPdo
X-Mailman-Approved-At: Wed, 19 Feb 2014 09:26:35 -0800
Cc: "draft-ietf-soc-overload-control@tools.ietf.org" <draft-ietf-soc-overload-control@tools.ietf.org>, "soc-chairs@tools.ietf.org" <soc-chairs@tools.ietf.org>, IESG IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Collision on changes for draft-ietf-soc-overload-control-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Feb 2014 16:23:59 -0000

On 02/19/2014 10:19 AM, Vijay K. Gurbani wrote:
> On 02/18/2014 03:55 PM, Spencer Dawkins wrote:
> [...]
>> This is working for me, but the version you and Joe crafted had "make it
>> *more* difficult".
>>
>> I'm hoping not to say anything like "TCP is a great security strategy";
>> "more difficult" is more like "TCP is a better security strategy than
>> UDP, but ...".
>>
>> Could you help me understand where that word went?
>
> Spencer: I had excised that word in a pique of editorial discretion
> since I thought it was not qualifying anything substantive. Clearly,
> you thought otherwise, and that is perfectly fine.  I will reintroduce
> it as follows (plus some minor edits to improve readability):
>
>    Attacks that indicate false overload control are best mitigated by
>    using TLS in conjunction with applying BCP 38 [RFC2827]. Attacks
>    that are mounted to suppress genuine overload conditions can be
>    similarly avoided by using TLS on the connection.  Generally, TCP or
>    Websockets [RFC6455] in conjunction with BCP 38 makes it more
>    difficult for an attacker to insert or modify messages, but may still
>    prove inadequate against an adversary that controls links L1 and
>    L2.  TLS provides the best protection from an attacker with access
>    to the network links.
>
> Thanks!
>
> - vijay

Works for me!

Spencer