IETF Logo Mail Archive

Re: [tcpm] tcpsecure: how strong to recommend?

Joe Touch <touch@ISI.EDU> Wed, 26 September 2007 23:57 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IagkY-0000DP-HF; Wed, 26 Sep 2007 19:57:02 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IagkX-0000DD-2U for tcpm@ietf.org; Wed, 26 Sep 2007 19:57:01 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IagkW-0003kv-KW for tcpm@ietf.org; Wed, 26 Sep 2007 19:57:00 -0400
Received: from [192.168.1.39] (pool-71-106-89-188.lsanca.dsl-w.verizon.net [71.106.89.188]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id l8QNuWZm009857; Wed, 26 Sep 2007 16:56:32 -0700 (PDT)
Message-ID: <46FAF1A8.3050600@isi.edu>
Date: Wed, 26 Sep 2007 16:56:24 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
Subject: Re: [tcpm] tcpsecure: how strong to recommend?
References: <0C53DCFB700D144284A584F54711EC580405246A@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <0C53DCFB700D144284A584F54711EC580405246A@xmb-sjc-21c.amer.cisco.com>
X-Enigmail-Version: 0.95.3
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
Cc: tcpm@ietf.org, Tim Shepard <shep@alum.mit.edu>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1878873360=="
Errors-To: tcpm-bounces@ietf.org


Anantha Ramaiah (ananth) wrote:
...
>> 	b) chatter during valid RSTs
> 
> You mean an extra RTO? Ok, fair enough. But, benefits outweigh
> drawbacks, I would think.

FWIW, I mean *responding* to a RST.

>> 	c) IPR encumberance
> 
> AFAIK, this is not an issue as this was beaten to death before.

It will remain the context under which a decision is made until IPR is
removed. Each party weighing in needs to decide how that impacts their
decision - and whether they want to impose it as a requirement on the
community.

>> ...
>>>> There's no MUST in that logic, any more than 'you MUST deploy 
>>>> IPsec/BTNS/TCP-MD5++'.
>>> I am assuming it is a conditional MUST like "if you need 
>> security then 
>>> use TCP MD5", correct? Is "conditional MUST = SHOULD" ?
>> It is a conditional SHOULD, i.e., a SHOULD with a caveat. 
>> From the RFC2119-level, IMO that's a MAY with explanation.
> 
> Curious : Are you ok tagging the TCP secure mitigations with a
> "conditional SHOULD" or "SHOULD with caveat" or "an applicability
> statement with a SHOULD"? I am assuming that these are equivalent to MAY
> with explanation? 

I'm saying that MAY with explanation is sufficient. There's no point in
a SHOULD unless you want to have the WG make a recommendation for
others. Even with context, this still amounts to forcing a solution. If
it's really all that useful and people aren't worried about the
complexity or IPR, they'll implement it. Let them decide.

Joe


_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email