RE: [tcpm] tcpsecure: how strong to recommend?

"Agarwal, Anil" <Anil.Agarwal@viasat.com> Tue, 25 September 2007 12:02 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ia97Q-0004bU-BH; Tue, 25 Sep 2007 08:02:24 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ia97O-0004Ok-Uu for tcpm@ietf.org; Tue, 25 Sep 2007 08:02:22 -0400
Received: from harrier.viasat.com ([12.198.241.131] helo=VGAEXCH02.hq.corp.viasat.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Ia97D-0003Jy-NK for tcpm@ietf.org; Tue, 25 Sep 2007 08:02:17 -0400
Received: from VGAEXCH01.hq.corp.viasat.com ([172.31.1.20]) by VGAEXCH02.hq.corp.viasat.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 25 Sep 2007 08:02:14 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: [tcpm] tcpsecure: how strong to recommend?
Date: Tue, 25 Sep 2007 08:02:14 -0400
Message-ID: <0B0A20D0B3ECD742AA2514C8DDA3B065426EC2@VGAEXCH01.hq.corp.viasat.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] tcpsecure: how strong to recommend?
Thread-Index: Acf++62fVs7XjLaqTyaTX6n/3LHiXwAbe4z0
References: <20070924174444.F2C662A7182@lawyers.icir.org> <46F83B6D.6000301@isi.edu>
From: "Agarwal, Anil" <Anil.Agarwal@viasat.com>
To: "Joe Touch" <touch@ISI.EDU>, <mallman@icir.org>
X-OriginalArrivalTime: 25 Sep 2007 12:02:14.0738 (UTC) FILETIME=[E97F8320:01C7FF6B]
X-Spam-Score: 1.8 (+)
X-Scan-Signature: ee80a2074afbfe28d15369f4e74e579d
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1426883102=="
Errors-To: tcpm-bounces@ietf.org

Mark, Joe et al,
 
My inclination is to suggest -
   "all SHOULDs"
 
A second choice would be -
    "two SHOULDs and a MAY"
 
As far as I can see, the proposed mechanisms bring value to users and to the Internet at large, 
are relatively simple and backward compatible and do not (seem to) break anything. 
I would be hesitant leaving them as "MAY"; vendors should be strongly encouraged 
to implement security mechanisms.
 
Regards,
Anil
 
Anil Agarwal
ViaSat Inc.
Germantown, MD

________________________________

From: Joe Touch [mailto:touch@ISI.EDU]
Sent: Mon 9/24/2007 6:34 PM
To: mallman@icir.org
Cc: tcpm@ietf.org
Subject: Re: [tcpm] tcpsecure: how strong to recommend?



I'd encourage others to weigh in on this. I'm uncomfortable with our
making recommendations to change TCP's fundamental behavior as a SHOULD
on the basis of a handful of representatives.

Joe

Mark Allman wrote:
> 
> Folks-
>
> The seeming last issue with the tcpsecure document is how strong to
> recommend the various mitigations.  To review, there are three
> mitigations for RST, SYN and data injection attacks.  The question is
> whether to say that a TCP (1) MAY use all these mitigations, (2) SHOULD
> use all these mitigations or (3) SHOULD use the mitigations for the RST
> & SYN attacks and MAY use the data injection mitigation.  Clearly there
> are other permutations (and one could also bring MUST and MUST NOT into
> the conversation), however these three options have been voiced.  If you
> have some other permutation then voice it.
>
> In the meeting in Chicago we took a "visual hum" and the tally looks
> like this:
>
>       all SHOULDs: 4
>       all MAYs: 3
>       two SHOULDs and a MAY: 8
>
> So, our inclination is to go with option (3) from my list above.  If you
> think this is the wrong way to go please yell---especially if you are
> not reflected in the 15 folks who took part in the visual hum.
>
> Thanks,
> allman
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www1.ietf.org/mailman/listinfo/tcpm



_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm