Re: [tcpm] tcp-security: Request for feedback on the outline of the document

Joe Touch <touch@ISI.EDU> Thu, 20 August 2009 18:19 UTC

Return-Path: <touch@ISI.EDU>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DBA933A69B3 for <tcpm@core3.amsl.com>; Thu, 20 Aug 2009 11:19:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Level:
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[AWL=-0.952, BAYES_00=-2.599, LONGWORDS=1.803]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1HjYwxip7MXW for <tcpm@core3.amsl.com>; Thu, 20 Aug 2009 11:19:57 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 40AFF3A6781 for <tcpm@ietf.org>; Thu, 20 Aug 2009 11:19:24 -0700 (PDT)
Received: from [192.168.1.46] (pool-71-106-88-10.lsanca.dsl-w.verizon.net [71.106.88.10]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id n7KIJAsp008620; Thu, 20 Aug 2009 11:19:12 -0700 (PDT)
Message-ID: <4A8D939E.9050008@isi.edu>
Date: Thu, 20 Aug 2009 11:19:10 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
References: <4A8CBF98.1070809@gont.com.ar>
In-Reply-To: <4A8CBF98.1070809@gont.com.ar>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: "tcpm-chairs@tools.ietf.org" <tcpm-chairs@tools.ietf.org>, "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpm] tcp-security: Request for feedback on the outline of the document
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Aug 2009 18:19:57 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Fernando Gont wrote:
> Folks,
> 
> As mentioned by David Borman, draft-gont-tcp-security has been adopted
> as a wg item. It has been resubmitted as draft-ietf-tcpm-tcp-security, now.
> 
> I'd like to receive feedback on the outline of the document, i.e.,
> whether you like the outline as-is or you think it should be modified.

I'll start with the observation that the WG approved an outline as the
WG starting point. The current doc has a few sections that are not an
outline; they should be omitted until we agree as a WG on their content.
This includes:
	1.1
	2.
	3.
	3.1
	3.1.1
	3.6.7

An exception would be only Sec 1.2, which is scoping the doc, and
providing a list of RFCs that might be relevant.

It seems useful to step back to the highest level of the outline.
Excepting required sections, they are:
	
	1 intro
	2 scope
	3 header fields
	4 common options
	5 connection establishment
	6 connection termination
	7 buffer management
	8 reassembly
	9 cong control
	10 API
	11 blind in-window attacks
	12 info leaking
	13 covert channels
	14 port scanning
	15 ICMP
	16 IP

It's not clear why 4 isn't part of 3, why 5 and 6 are separate, etc.
Overall, it'd be useful to have a more conventional structure:

	1 intro
		including scope
	2 background - to introduce terminology
		a) breakdown of TCP into:
			control
			data
			performance
			implementation
		b) threat model
		briefly explain attacks:
		- on-path vs. off-path
		- control vs. data vs. performance
		- injection vs. DOS

Then it'd be useful to break down TCP into its component parts, as
introduced in 2a:

	3 control attacks
		header fields
		option fields
		connection establishment
		connection termination
		port scanning

	4 data attacks
		injection
		info leaking

	5 performance
		cong control / ACK attacks
		reassy attacks

	6 implementation issues
		performance, e.g., SYN cookies, buffer mgt.
		API, IP interface issues

	7 security considerations
		this can be used as a catchall for items that don't
		fit as directly above and aren't specific to TCP,
		e.g., covert channel issues, info leaking etc.

IMO, this presents the info in a way that is still organized for
implementers, but structures it in a way that the info can be more
easily located when needed.

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqNk54ACgkQE5f5cImnZrtnwQCcDzubosjOVH9JZtQUSmMeD0g7
GhoAn1276imjsf0rlK1hQCMDgqLbzu6v
=SZPc
-----END PGP SIGNATURE-----