Re: [tcpm] TCPM and draft-ietf-tcpm-icmp-attacks

"Smith, Donald" <Donald.Smith@qwest.com> Fri, 19 February 2010 23:40 UTC

Return-Path: <Donald.Smith@qwest.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9191B3A7B89 for <tcpm@core3.amsl.com>; Fri, 19 Feb 2010 15:40:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.067
X-Spam-Level:
X-Spam-Status: No, score=-2.067 tagged_above=-999 required=5 tests=[AWL=0.532, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ffqi91iVG+NR for <tcpm@core3.amsl.com>; Fri, 19 Feb 2010 15:40:31 -0800 (PST)
Received: from suomp64i.qwest.com (suomp64i.qwest.com [155.70.16.237]) by core3.amsl.com (Postfix) with ESMTP id A94043A7A59 for <tcpm@ietf.org>; Fri, 19 Feb 2010 15:40:31 -0800 (PST)
Received: from suomp61i.qintra.com (suomp61i.qintra.com [151.117.69.28]) by suomp64i.qwest.com (8.14.4/8.14.4) with ESMTP id o1JNgFJl012159 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 19 Feb 2010 17:42:16 -0600 (CST)
Received: from qtdenexhtm20.AD.QINTRA.COM (localhost [127.0.0.1]) by suomp61i.qintra.com (8.14.4/8.14.4) with ESMTP id o1JNg9nf028024; Fri, 19 Feb 2010 17:42:10 -0600 (CST)
Received: from qtdenexmbm24.AD.QINTRA.COM ([151.119.91.226]) by qtdenexhtm20.AD.QINTRA.COM ([151.119.91.229]) with mapi; Fri, 19 Feb 2010 16:42:09 -0700
From: "Smith, Donald" <Donald.Smith@qwest.com>
To: Joe Touch <touch@ISI.EDU>, Fernando Gont <fernando@gont.com.ar>
Date: Fri, 19 Feb 2010 16:42:08 -0700
Thread-Topic: [tcpm] TCPM and draft-ietf-tcpm-icmp-attacks
Thread-Index: Acqxun2uqt9+W7kuTEi0QoLz0oLGmwAAW4bd
Message-ID: <B01905DA0C7CDC478F42870679DF0F100797030A40@qtdenexmbm24.AD.QINTRA.COM>
References: <20100218175622.61BB028C2E3@core3.amsl.com> <2002D196-D83C-4B44-870C-8E9A94D2D640@nokia.com> <4B7D8B9F.1010608@piuha.net> <4B7D8F55.90406@piuha.net> <4B7ED18B.8070304@isi.edu> <4B7F0F37.7010502@gont.com.ar> <4B7F1258.5060301@isi.edu> <4B7F1628.6030205@gont.com.ar> <4B7F1888.5080907@isi.edu> <4B7F1B65.5080507@gont.com.ar>, <4B7F1D49.10804@isi.edu>
In-Reply-To: <4B7F1D49.10804@isi.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpm] TCPM and draft-ietf-tcpm-icmp-attacks
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2010 23:40:32 -0000

Top posting, I too support this as an Informational RFC HOWEVER I would have rather supported it as a standard.
So supporting this as an informational RFC does NOT mean Ran or anyone else would not have supported it as a standard which seems to be the conclusion Joe is making.



(coffee != sleep) & (!coffee == sleep)
 Donald.Smith@qwest.com
________________________________________
From: tcpm-bounces@ietf.org [tcpm-bounces@ietf.org] On Behalf Of Joe Touch [touch@ISI.EDU]
Sent: Friday, February 19, 2010 4:22 PM
To: Fernando Gont
Cc: tcpm@ietf.org
Subject: Re: [tcpm] TCPM and draft-ietf-tcpm-icmp-attacks

Fernando Gont wrote:
> Joe Touch wrote:
>
>>>>>> I agree with Wes that the role of ICMP in the Internet needs to be
>>>>>> re-examined, and some changes made. However, I also believe that many of
>>>>>> the current TCPM "rush to react" changes (including tcpsecure, some of
>>>>>> the ICMP checks, some parts of the TCP cookie transactions proposal) are
>>>>>> a poor substitute for the use of true security (IPsec, TCP-AO),
>>>>> They are not a substitute. And the recent support by Ran Atkinson
>>>>> (co-author of previous versions of the IPsec std) should be a good hint.
>>>>> See: http://www.ietf.org/mail-archive/web/ietf/current/msg60159.html
>>>> Note that he supports this as offered - Informational.
>>> That's incorrect. Go ask Ran Atkinson.
>> From the URL *you* provided:
>>
>> "I have reviewed this document and I support publishing it as
>> an Informational RFC."
>
> Again, go and ask Ran about this I-D. Please.
>
> BTW, Ran said: "F. Gont has done a tremendous public service in putting
> together this (and predecessor) documents with risk analyses for various
> widely deployed protocols."

The entire quote has both parts, and directly cites Informational.

I have reviewed this document and I support publishing it as
an Informational RFC.  F. Gont has done a tremendous public
service in putting together this (and predecessor) documents
with risk analyses for various widely deployed protocols.

> And you have trashed each of the documents he's referring to (including
> icmp-attacks, draft-ietf-tcpm-tcp-security, etc.).

I have criticized these documents for proposing changes to standards; I
do not have an issue with merely documenting those changes.

Joe

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.