IETF Logo Mail Archive

Re: [tcpm] tcpsecure: how strong to recommend?

Joe Touch <touch@ISI.EDU> Wed, 26 September 2007 18:45 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iabsu-0001pe-VN; Wed, 26 Sep 2007 14:45:20 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iabss-0001Wg-Rq for tcpm@ietf.org; Wed, 26 Sep 2007 14:45:19 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Iabsm-00043V-Dd for tcpm@ietf.org; Wed, 26 Sep 2007 14:45:18 -0400
Received: from [75.214.61.9] (9.sub-75-214-61.myvzw.com [75.214.61.9]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id l8QIijuh003273; Wed, 26 Sep 2007 11:44:46 -0700 (PDT)
Message-ID: <46FAA88C.9040602@isi.edu>
Date: Wed, 26 Sep 2007 11:44:28 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
Subject: Re: [tcpm] tcpsecure: how strong to recommend?
References: <0C53DCFB700D144284A584F54711EC5804052217@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <0C53DCFB700D144284A584F54711EC5804052217@xmb-sjc-21c.amer.cisco.com>
X-Enigmail-Version: 0.95.3
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
Cc: tcpm@ietf.org, Tim Shepard <shep@alum.mit.edu>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0778149368=="
Errors-To: tcpm-bounces@ietf.org


Anantha Ramaiah (ananth) wrote:
...
> If we have to fix multiple layers, lets fix it, I have no problems. You
> can do all at once or piecemeal, as simple as that. It doesn't matter
> whether spoofing is standalone or not, it is about how well you can make
> your TCP stack respond to such malicious attacks, if you care to do so.

TCP is not a secure protocol. It's not intended for protection from
malicious attacks per se; 'fixing' it is to assert your solution on
everyone, as below.

>>> - TCP secure, TCP MD5, TCP advanced security algorithms, 
>> IPsec are all 
>>> different tools with varying degrees of complexity and 
>> usage. A user 
>>> can chose to use one of them depending on his/her requirements. 
>>> Telling people to only use IPsec is akin to saying "always fly in 
>>> business class". Yes I have used this analogy before, but 
>> this is one 
>>> whih popped up in mind after today's coffee :-)
>> If we agree that users should be able to choose the solution 
>> that fits, let's go with MAYs all around.
> 
> I know you want all MAY's in place. Some others (includes me) are not
> yet convinced that why SHOULD doesn't provide the same assurance.
> 
>> Otherwise, aren't you dictating your solution as fitting 
>> everyone's needs?
> 
> I am not "dictating" anything here. I am just supporting the reason why
> I feel it should be SHOULD's :-) 

SHOULD dictates that everyone's TCP ought to have this included except
for specific good reason. MAY allows them to make the choice themselves.

Joe


_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email