Re: [tcpm] tcp-security: Request for feedback on the outline of the document

Joe Touch <touch@ISI.EDU> Thu, 20 August 2009 18:19 UTC

Return-Path: <touch@ISI.EDU>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DBA933A69B3 for <>; Thu, 20 Aug 2009 11:19:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[AWL=-0.952, BAYES_00=-2.599, LONGWORDS=1.803]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1HjYwxip7MXW for <>; Thu, 20 Aug 2009 11:19:57 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 40AFF3A6781 for <>; Thu, 20 Aug 2009 11:19:24 -0700 (PDT)
Received: from [] ( []) by (8.13.8/8.13.8) with ESMTP id n7KIJAsp008620; Thu, 20 Aug 2009 11:19:12 -0700 (PDT)
Message-ID: <>
Date: Thu, 20 Aug 2009 11:19:10 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird (Windows/20090605)
MIME-Version: 1.0
To: Fernando Gont <>
References: <>
In-Reply-To: <>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
Cc: "" <>, "" <>
Subject: Re: [tcpm] tcp-security: Request for feedback on the outline of the document
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 20 Aug 2009 18:19:57 -0000

Hash: SHA1

Fernando Gont wrote:
> Folks,
> As mentioned by David Borman, draft-gont-tcp-security has been adopted
> as a wg item. It has been resubmitted as draft-ietf-tcpm-tcp-security, now.
> I'd like to receive feedback on the outline of the document, i.e.,
> whether you like the outline as-is or you think it should be modified.

I'll start with the observation that the WG approved an outline as the
WG starting point. The current doc has a few sections that are not an
outline; they should be omitted until we agree as a WG on their content.
This includes:

An exception would be only Sec 1.2, which is scoping the doc, and
providing a list of RFCs that might be relevant.

It seems useful to step back to the highest level of the outline.
Excepting required sections, they are:
	1 intro
	2 scope
	3 header fields
	4 common options
	5 connection establishment
	6 connection termination
	7 buffer management
	8 reassembly
	9 cong control
	10 API
	11 blind in-window attacks
	12 info leaking
	13 covert channels
	14 port scanning
	15 ICMP
	16 IP

It's not clear why 4 isn't part of 3, why 5 and 6 are separate, etc.
Overall, it'd be useful to have a more conventional structure:

	1 intro
		including scope
	2 background - to introduce terminology
		a) breakdown of TCP into:
		b) threat model
		briefly explain attacks:
		- on-path vs. off-path
		- control vs. data vs. performance
		- injection vs. DOS

Then it'd be useful to break down TCP into its component parts, as
introduced in 2a:

	3 control attacks
		header fields
		option fields
		connection establishment
		connection termination
		port scanning

	4 data attacks
		info leaking

	5 performance
		cong control / ACK attacks
		reassy attacks

	6 implementation issues
		performance, e.g., SYN cookies, buffer mgt.
		API, IP interface issues

	7 security considerations
		this can be used as a catchall for items that don't
		fit as directly above and aren't specific to TCP,
		e.g., covert channel issues, info leaking etc.

IMO, this presents the info in a way that is still organized for
implementers, but structures it in a way that the info can be more
easily located when needed.

Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -