Re: [tcpm] TCP-AO review comments.

Lars Eggert <> Wed, 06 August 2008 11:47 UTC

Return-Path: <>
Received: from [] (localhost []) by (Postfix) with ESMTP id 553AB3A6C42; Wed, 6 Aug 2008 04:47:47 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id D435F3A6C42 for <>; Wed, 6 Aug 2008 04:47:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.515
X-Spam-Status: No, score=-6.515 tagged_above=-999 required=5 tests=[AWL=0.084, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eKYeXWAdUOe6 for <>; Wed, 6 Aug 2008 04:47:46 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 02F503A6C0F for <>; Wed, 6 Aug 2008 04:47:45 -0700 (PDT)
Received: from ( []) by (Switch-3.2.6/Switch-3.2.6) with ESMTP id m76Bl14a002687; Wed, 6 Aug 2008 06:47:46 -0500
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.3959); Wed, 6 Aug 2008 14:47:42 +0300
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.3959); Wed, 6 Aug 2008 14:47:37 +0300
Received: from [] ([]) by over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Wed, 6 Aug 2008 14:47:37 +0300
Message-Id: <>
From: Lars Eggert <>
To: ext Joe Touch <>
In-Reply-To: <>
Mime-Version: 1.0 (Apple Message framework v926)
Date: Wed, 06 Aug 2008 14:47:31 +0300
References: <> <>
X-Mailer: Apple Mail (2.926)
X-OriginalArrivalTime: 06 Aug 2008 11:47:37.0349 (UTC) FILETIME=[39119350:01C8F7BA]
X-Nokia-AV: Clean
Cc:, "Anantha Ramaiah (ananth)" <>
Subject: Re: [tcpm] TCP-AO review comments.
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"

On 2008-8-2, at 2:16, ext Joe Touch wrote:
> |    I have problem with the term "obsoletes 2385" [ I did bring  
> this up
> | before] It is going to be a long time before deployments move over  
> to
> | the new TCP auth option.
> Practically, "obsoletes" doesn't obsolete anything. It does indicate
> that the IETF wants a protocol to be replaced by something else. That
> doesn't mean the older one can't be used for legacy support, e.g.,
> AFAICT - and that clearly should apply here. If the IESG thinks that
> this is consistent with "Obsoltes", would that be OK?

We need to distinguish between one RFC obsoleting another RFC, and  
moving an RFC to "historic". Unfortunately, neither is very clearly  

Here's my current thinking: Obsoleting is typically used when one RFC  
is a drop-in replacement for another RFC. For example, bug-fix  
revisions of an RFC typically obsolete the previous RFC, as do minor  
backwards-compatible implementations. That isn't quite the case for AO  
and TCP-MD5. AO is a replacement for TCP-MD5, but it isn't a simple  
revision or extension of TCP-MD5, it's a new mechanism to provide  
similar functionality in a (slightly) different way.

So, my current thinking is that AO should maybe move TCP-MD5 to  
"historic". That would indicate that new implementations shouldn't  
implement TCP-MD5 and existing ones are encouraged to move away from  
it. But this isn't a clear -cut case. Comments?

tcpm mailing list