[tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-10.txt

"Anantha Ramaiah (ananth)" <ananth@cisco.com> Mon, 14 July 2008 06:04 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [] (localhost []) by core3.amsl.com (Postfix) with ESMTP id ABC433A6A82; Sun, 13 Jul 2008 23:04:50 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 75F5F3A6A46 for <tcpm@core3.amsl.com>; Sun, 13 Jul 2008 23:04:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.199
X-Spam-Status: No, score=-6.199 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id Cz3bqsNDQBmG for <tcpm@core3.amsl.com>; Sun, 13 Jul 2008 23:04:48 -0700 (PDT)
Received: from sj-iport-1.cisco.com (sj-iport-1.cisco.com []) by core3.amsl.com (Postfix) with ESMTP id 726D33A6A73 for <tcpm@ietf.org>; Sun, 13 Jul 2008 23:04:48 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.30,357,1212364800"; d="url'?scan'208";a="52469408"
Received: from sj-dkim-3.cisco.com ([]) by sj-iport-1.cisco.com with ESMTP; 14 Jul 2008 06:05:13 +0000
Received: from sj-core-3.cisco.com (sj-core-3.cisco.com []) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id m6E65D7N027447; Sun, 13 Jul 2008 23:05:13 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com []) by sj-core-3.cisco.com (8.13.8/8.13.8) with ESMTP id m6E65DOf000302; Mon, 14 Jul 2008 06:05:13 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 13 Jul 2008 23:05:13 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C8E577.946011EA"
Date: Sun, 13 Jul 2008 23:04:09 -0700
Message-ID: <0C53DCFB700D144284A584F54711EC58057555B0@xmb-sjc-21c.amer.cisco.com>
Thread-Topic: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-10.txt
Thread-Index: AcjhlfHU62R2P/2zQpyxAtM9tRKa6QDro4lg
From: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
To: tcpm@ietf.org
X-OriginalArrivalTime: 14 Jul 2008 06:05:13.0610 (UTC) FILETIME=[948B86A0:01C8E577]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=4672; t=1216015513; x=1216879513; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth@cisco.com; z=From:=20=22Anantha=20Ramaiah=20(ananth)=22=20<ananth@cisco .com> |Subject:=20=20[tcpm]=20I-D=20Action=3Adraft-ietf-tcpm-tcps ecure-10.txt |Sender:=20; bh=w4jmTSfaHYZgjSNgCo8JkdnfTYXI/6kYAwkjHKpW38A=; b=rN8w+mK1E94st+gTCDelnAgxYz8BNBZeoIrmksFVuRjF0IeF3P4xa7IwzS 423Jhpkzgmm0t+sUa7kahBUmvPZo56AngjotEHiPDuGJSESD1Y0BS0H2gcDK rNcWJGqs1/;
Authentication-Results: sj-dkim-3; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
Cc: David Borman <david.borman@windriver.com>
Subject: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-10.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org


The new version of the tcpsecure (version 10) incorporates the following

#1 - the last pending issue before WGLC viz., the strength of
mitigations, where there was a "very thin consensus" for tagging the
RST, SYN and Data mitigations as SHOULD/SHOULD/MAY respectively. (It was
previously tagged as SHOULD/SHOULD/SHOULD). The document is modified

#2 - Andre Oppermann brought about some important errors in the
document. They are :- 

a) In the SYN mitigation (sec 4.2) there was a typo when quoting RFC 793
i.e. instead of saying  [RCV.NXT =< SEG.SEQ < RCV.NXT+RCV.WND], it was
misquoted as [RCV.NXT =< SEG.SEQ =< RCV.NXT+RCV.WND]
b) In the Data mitigation section, the text was wrong. I.e. it
previously said :  Data that doesn't satisfy the new check MUST be
discarded silently, it should have been "data that doesn't satisfy the
new check MUST be discarded and an ACK sent (as per the RFC 793)

The document is corrected accordingly.

#3 - A reference to ICMP attacks document, which Fernando brought about.
Ted Faber/Joe Touch suggested the text which I have incorporated in the
security considerations.

#4 - Alfred Hoenes editorial comments on version 9.

I have added a section called "strength of mitigations". The rationale
for adding this section is that, to clear up the reasoning, for tagging
the mitigations strengths as S/S/M esp. after the "Applicability
statement" is in place. Digging through the responses (textual and
verbal) I don't see a strong technical reasoning for choosing the Data
mitigation as MAY. I request the WG members who voted for MAY to speak
up their technical reasoning. Pl remember that this reasoning is highly
desirable since in future many people may ask the same question and
hence it is prudent to come with a better technical explanation.

-----Original Message-----
From: tcpm-bounces@ietf.org [mailto:tcpm-bounces@ietf.org] On Behalf Of
Sent: Wednesday, July 09, 2008 12:30 AM
To: i-d-announce@ietf.org
Cc: tcpm@ietf.org
Subject: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-10.txt

A New Internet-Draft is available from the on-line Internet-Drafts
This draft is a work item of the TCP Maintenance and Minor Extensions
Working Group of the IETF.

	Title           : Improving TCP's Robustness to Blind In-Window
	Author(s)       : A. Ramaiah, et al.
	Filename        : draft-ietf-tcpm-tcpsecure-10.txt
	Pages           : 27
	Date            : 2008-07-09

TCP has historically been considered protected against spoofed off- path
packet injection attacks by relying on the fact that it is difficult to
guess the 4-tuple (the source and destination IP addresses and the
source and destination ports) in combination with the 32 bit sequence
number(s).  A combination of increasing window sizes and applications
using longer term connections (e.g.  H-323 or Border Gateway Protocol
[RFC4271]) have left modern TCP implementations more vulnerable to these
types of spoofed packet injection attacks.

Many of these long term TCP applications tend to have predictable IP
addresses and ports which makes it far easier for the 4-tuple to be
guessed.  Having guessed the 4-tuple correctly, an attacker can inject a
RST, SYN or DATA segment into a TCP connection by systematically
guessing the sequence number of the spoofed segment to be in the current
receive window.  This can cause the connection to either abort or
possibly cause data corruption.  This document specifies small
modifications to the way TCP handles inbound segments that can reduce
the chances of a successful attack.

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
tcpm mailing list