Re: [Taps] [Last-Call] Opsdir telechat review of draft-ietf-taps-transport-security-11
Susan Hares <shares@ndzh.com> Thu, 16 April 2020 17:19 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: taps@ietfa.amsl.com
Delivered-To: taps@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59FDE3A0799; Thu, 16 Apr 2020 10:19:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.948
X-Spam-Level:
X-Spam-Status: No, score=0.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1adxoHIHg_Kc; Thu, 16 Apr 2020 10:19:26 -0700 (PDT)
Received: from hickoryhill-consulting.com (50-245-122-100-static.hfc.comcastbusiness.net [50.245.122.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDF3F3A077C; Thu, 16 Apr 2020 10:19:25 -0700 (PDT)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=166.170.25.188;
From: Susan Hares <shares@ndzh.com>
To: 'Joseph Touch' <touch@strayalpha.com>
Cc: last-call@ietf.org, ops-dir@ietf.org, draft-ietf-taps-transport-security.all@ietf.org, taps@ietf.org
References: <158703333468.25896.8984664151253035199@ietfa.amsl.com> <87F84D2D-ED5D-445A-ABA3-416AD0F3F9BD@strayalpha.com> <009001d6140f$d6346030$829d2090$@ndzh.com> <A730A85D-CBD9-42A0-860E-FDD6AA2212DD@strayalpha.com>
In-Reply-To: <A730A85D-CBD9-42A0-860E-FDD6AA2212DD@strayalpha.com>
Date: Thu, 16 Apr 2020 13:19:10 -0400
Message-ID: <000001d61413$252f7690$6f8e63b0$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQCxyBZWHy51XSpfJdx0FkoOJmBzXgIi2NOyAi72vOsBl8uUNqqVSADg
Content-Language: en-us
X-Antivirus: AVG (VPS 200415-0, 04/15/2020), Outbound message
X-Antivirus-Status: Not-Tested
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/taps/i8zuofcgp7uHfc54NcHvV-fhwLc>
Subject: Re: [Taps] [Last-Call] Opsdir telechat review of draft-ietf-taps-transport-security-11
X-BeenThere: taps@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IETF Transport Services \(TAPS\) Working Group" <taps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/taps>, <mailto:taps-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/taps/>
List-Post: <mailto:taps@ietf.org>
List-Help: <mailto:taps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/taps>, <mailto:taps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Apr 2020 17:19:28 -0000
+1 --- unfortunately for the social engineering on TCP-MD5
Freeloading does not having impeding crisis
requiring BGP peer to have social distance from non-secure peer.
(smile)
Sue
-----Original Message-----
From: Joseph Touch [mailto:touch@strayalpha.com]
Sent: Thursday, April 16, 2020 1:11 PM
To: Susan Hares
Cc: last-call@ietf.org; ops-dir@ietf.org; draft-ietf-taps-transport-security.all@ietf.org; taps@ietf.org
Subject: Re: [Last-Call] [Taps] Opsdir telechat review of draft-ietf-taps-transport-security-11
> On Apr 16, 2020, at 9:55 AM, Susan Hares <shares@ndzh.com> wrote:
>
> Joe:
>
> I have come to the same conclusion that an open-source TCP-AO is the
> next step for TCP-AO.
>
> I still hoping for some fairy dust ... to fix the BGP TCP security problem.
> If you have any ... let me know
We have a fix for the security problem. What we lack is a fix for the freeloader problem.
Other than declaring TCP MD5 a hazard and actively abandoning it, there’s too much of a fallback.
One step might be for the IETF to prohibit support for TCP MD5 in all new work - e.g., there’s pending work in TCPM to develop a YANG model that includes MD5 “for legacy support”, but that only serves to feed the problem.
But a new solution isn’t going to make freeloading easier.
Joe
- [Taps] Opsdir telechat review of draft-ietf-taps-… Susan Hares via Datatracker
- Re: [Taps] Opsdir telechat review of draft-ietf-t… Joseph Touch
- Re: [Taps] Opsdir telechat review of draft-ietf-t… Scharf, Michael
- Re: [Taps] Opsdir telechat review of draft-ietf-t… Susan Hares
- Re: [Taps] [Last-Call] Opsdir telechat review of … Joseph Touch
- Re: [Taps] [Last-Call] Opsdir telechat review of … Susan Hares