Re: [secdir] secdir review of draft-ietf-tcpm-tcpmss-04

David Borman <David.Borman@quantum.com> Wed, 30 May 2012 18:20 UTC

Return-Path: <prvs=24978c23fc=david.borman@quantum.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D58521F861F; Wed, 30 May 2012 11:20:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.909
X-Spam-Level:
X-Spam-Status: No, score=-2.909 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-1, SARE_SUB_6CONS_WORD=0.356]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zt3pnKKrE2Ov; Wed, 30 May 2012 11:20:14 -0700 (PDT)
Received: from mx0b-000ceb01.pphosted.com (mx0b-000ceb01.pphosted.com [67.231.152.126]) by ietfa.amsl.com (Postfix) with ESMTP id A925521F8618; Wed, 30 May 2012 11:20:14 -0700 (PDT)
Received: from pps.filterd (m0001151 [127.0.0.1]) by mx0b-000ceb01.pphosted.com (8.14.4/8.14.4) with SMTP id q4UIJbJT006352; Wed, 30 May 2012 11:20:13 -0700
Received: from ppoxedge2.quantum.com ([146.174.252.28]) by mx0b-000ceb01.pphosted.com with ESMTP id 155qaq84ds-2 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 30 May 2012 11:20:13 -0700
Received: from PPOMSG2.QUANTUM.com (10.50.35.27) by PPOXEDGE2.quantum.com (146.174.252.28) with Microsoft SMTP Server (TLS) id 14.1.355.2; Wed, 30 May 2012 11:19:56 -0700
Received: from PPOMSG1.QUANTUM.com ([fe80::6081:f8af:54f6:10cc]) by PPOMSG2.QUANTUM.com ([fe80::e4fd:df34:99ee:ac5e%20]) with mapi id 14.01.0355.002; Wed, 30 May 2012 12:20:11 -0600
From: David Borman <David.Borman@quantum.com>
To: "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>
Thread-Topic: secdir review of draft-ietf-tcpm-tcpmss-04
Thread-Index: AQHNPnXIPFIPS9owW0+7AUuNti9CaZbi+xyAgAAC+4CAAAs/AA==
Date: Wed, 30 May 2012 18:20:10 +0000
Message-ID: <EF0B56D9-99F2-49D0-AE22-457E6E1A7944@quantum.com>
References: <4FC63731.7060409@cisco.com> <58B9B09F-ECA8-457E-B22C-34CE7A69CCFA@quantum.com> <B00101B3-C986-4283-87D4-EA125860F1C6@cisco.com>
In-Reply-To: <B00101B3-C986-4283-87D4-EA125860F1C6@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.110.1]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <6E9D78E21E818F418CB9839BC024DA74@QUANTUM.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.6.7580, 1.0.260, 0.0.0000 definitions=2012-05-30_02:2012-05-21, 2012-05-30, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=1 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1203120001 definitions=main-1205300204
X-Mailman-Approved-At: Wed, 30 May 2012 15:19:14 -0700
Cc: "<draft-ietf-tcpm-tcpmss.all@tools.ietf.org>" <draft-ietf-tcpm-tcpmss.all@tools.ietf.org>, The IESG <iesg@ietf.org>, "<secdir@ietf.org>" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-tcpm-tcpmss-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2012 18:20:15 -0000

Klaas,

On May 30, 2012, at 12:39 PM, Klaas Wierenga (kwiereng) wrote:
> On 30 mei 2012, at 19:29, "David Borman" <David.Borman@quantum.com>; wrote:
>> On May 30, 2012, at 10:05 AM, Klaas Wierenga wrote:
...
>>> - - "(see appendix A)" and "but there still seems to be some confusion"
>>> 
>>> This sounds pretty vague to me. I thought Appendix A would be a
>>> verbatim copy of the text from 1122, but it is much more, and I
>>> appreciated the discussion. I propose to make that explicit:
>>> 
>>> "RFC1122 clarified the MSS option, but confusion remains as discussed
>>> in Appendix A"
>> 
>> I've changed it to:
>>  RFC 1122 [RFC1122] clarified the MSS
>>  option, which is discussed in Appendix A, but there still seems to be
>>  some confusion.
> 
> 
> Ah, I thought you had listed all confusion in appendix A. Since that does not seem to be the case, can you say anything about the nature of the remaining confusion?

How about:
 	RFC 1122 [RFC1122] clarified the MSS option, which is discussed in
	Appendix A, but because it didn't explicitly state how options
	should be handled, there still seems to be some confusion.

>>> Security Considerations:
>>> ========================
>>> I don't really think what you have written down here qualifies as
>>> security considerations. It sort of hints to a denial-of-service, but
>>> I don't see any evil, just an operational problem.
>> 
>> Another review said more or less the same thing..
> 
> Great minds..... ;-)
> 
>> 
>>> What I wonder about
>>> (but I am not knowledgable to judge) is whether wrong MSS size
>>> settings could be exploited for for example buffer overflow attacks.
>> 
>> There shouldn't be any problem.  The MSS is just an upper bound
>> for the size of packets that can be reassembled by the receiving
>> hosts; in theory most IPv4 hosts should be using 65535 because they
>> don't have a fixed limit, and then just let Path MTU discovery sort
>> it out.  In practice, though, the MSS is used as an upper bound for what
>> size of packet can be received without the need for fragmentation,
>> avoiding PMTU from probing for larger sizes that will never succeed.
>> 
>> I don't have a strong opinion about the current content of the
>> Security Considerations section.  My leaning is to just leave it
>> as is, but I'd be fine with moving the content up to section 5.4
>> as an "Additional Consideration", and then have section 6, "Security
>> Considerations" just have a comment that there are no security
>> considerations, if folks generally feel that would be better.
> 
> I don't feel comfortable with a security consideration that isn't, so I would lean towards your alternative proposal.

Ok, I'll move the content to section 5, and leave "Security Considerations"
empty, unless someone else objects to making that change.

			-David Borman

----------------------------------------------------------------------
The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through anti virus and spam software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt.