IETF Logo Mail Archive

Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat-02

Stefanos Harhalakis <v13@v13.gr> Thu, 27 March 2008 00:42 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: ietfarch-tcpm-archive@core3.amsl.com
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5581F28C7FA; Wed, 26 Mar 2008 17:42:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.494
X-Spam-Level:
X-Spam-Status: No, score=-100.494 tagged_above=-999 required=5 tests=[AWL=-0.057, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id euV63pWVQVem; Wed, 26 Mar 2008 17:42:40 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 71FE43A6BF8; Wed, 26 Mar 2008 17:42:40 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 158EF3A6BF8 for <tcpm@core3.amsl.com>; Wed, 26 Mar 2008 17:42:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Hjp8Gk6DcCC for <tcpm@core3.amsl.com>; Wed, 26 Mar 2008 17:42:34 -0700 (PDT)
Received: from mx-out-03.forthnet.gr (mx-out.forthnet.gr [193.92.150.105]) by core3.amsl.com (Postfix) with ESMTP id F0EBC3A6AB7 for <tcpm@ietf.org>; Wed, 26 Mar 2008 17:42:33 -0700 (PDT)
Received: from mx-av-04.forthnet.gr (mx-av.forthnet.gr [193.92.150.27]) by mx-out-03.forthnet.gr (8.13.8/8.13.8) with ESMTP id m2R0eOaY025919; Thu, 27 Mar 2008 02:40:24 +0200
Received: from MX-IN-01.forthnet.gr (mx-in-01.forthnet.gr [193.92.150.23]) by mx-av-04.forthnet.gr (8.14.1/8.14.1) with ESMTP id m2R0e562027500; Thu, 27 Mar 2008 02:40:05 +0200
Received: from hell.hell.gr (adsl7-208.lsf.forthnet.gr [79.103.134.208]) by MX-IN-01.forthnet.gr (8.14.2/8.14.2) with ESMTP id m2R0dxXR015910; Thu, 27 Mar 2008 02:40:01 +0200
Authentication-Results: MX-IN-01.forthnet.gr smtp.mail=v13@v13.gr; spf=neutral
Authentication-Results: MX-IN-01.forthnet.gr header.from=v13@v13.gr; sender-id=neutral
From: Stefanos Harhalakis <v13@v13.gr>
To: tcpm@ietf.org
Date: Thu, 27 Mar 2008 02:39:50 +0200
User-Agent: KMail/1.9.7
References: <200803260029.33658.v13@v13.gr> <20080326193338.GO24842@cs.umd.edu> <78C9135A3D2ECE4B8162EBDCE82CAD7703442C8F@nekter>
In-Reply-To: <78C9135A3D2ECE4B8162EBDCE82CAD7703442C8F@nekter>
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200803270239.51008.v13@v13.gr>
Cc: Caitlin Bestler <Caitlin.Bestler@neterion.com>
Subject: Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat-02
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

Hello Caitlin, 

On Wednesday 26 March 2008, Caitlin Bestler wrote:
> I'd rephrase that as:
>
> b) people who believe the attack is practical, but that the problem is
> an
>    application layer problem that should be solved at the application
> layer
>  -- and especially not by transport layer solutions that would have a
>     negative impact on honest connections.

I believe that people that find the above logical do not actually understand 
the issue. Let me explain:

First, it is impossible for the application layer to distinguish legitimate 
clients from this kind of misbehaving receivers.

Second, this has to do with exploiting TCP and not a group of applications.

Third, this affects the network and the end-points and not the applications. 
This means that it has to be solved either in the intermediate network 
(routers) or at the end-point operating systems. 

Forth, it is a security issue that (at least) should be mentioned in 
congestion control related RFCs in the security considerations section.

Since this only affects TCP and the network layer has (almost) nothing to do 
with congestion control, this becomes 100% a transport layer TCP issue. 

Perhaps we should just document this in an informational RFC and cooperate 
with or wait for vendors to solve it.
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email