RE: [tcpm] tcpsecure: how strong to recommend?
"Agarwal, Anil" <Anil.Agarwal@viasat.com> Tue, 25 September 2007 12:02 UTC
Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ia97Q-0004bU-BH; Tue, 25 Sep 2007 08:02:24 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ia97O-0004Ok-Uu for tcpm@ietf.org; Tue, 25 Sep 2007 08:02:22 -0400
Received: from harrier.viasat.com ([12.198.241.131] helo=VGAEXCH02.hq.corp.viasat.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Ia97D-0003Jy-NK for tcpm@ietf.org; Tue, 25 Sep 2007 08:02:17 -0400
Received: from VGAEXCH01.hq.corp.viasat.com ([172.31.1.20]) by VGAEXCH02.hq.corp.viasat.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 25 Sep 2007 08:02:14 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: [tcpm] tcpsecure: how strong to recommend?
Date: Tue, 25 Sep 2007 08:02:14 -0400
Message-ID: <0B0A20D0B3ECD742AA2514C8DDA3B065426EC2@VGAEXCH01.hq.corp.viasat.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] tcpsecure: how strong to recommend?
Thread-Index: Acf++62fVs7XjLaqTyaTX6n/3LHiXwAbe4z0
References: <20070924174444.F2C662A7182@lawyers.icir.org> <46F83B6D.6000301@isi.edu>
From: "Agarwal, Anil" <Anil.Agarwal@viasat.com>
To: Joe Touch <touch@ISI.EDU>, mallman@icir.org
X-OriginalArrivalTime: 25 Sep 2007 12:02:14.0738 (UTC) FILETIME=[E97F8320:01C7FF6B]
X-Spam-Score: 1.8 (+)
X-Scan-Signature: ee80a2074afbfe28d15369f4e74e579d
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1426883102=="
Errors-To: tcpm-bounces@ietf.org
Mark, Joe et al,
My inclination is to suggest -
"all SHOULDs"
A second choice would be -
"two SHOULDs and a MAY"
As far as I can see, the proposed mechanisms bring value to users and to the Internet at large,
are relatively simple and backward compatible and do not (seem to) break anything.
I would be hesitant leaving them as "MAY"; vendors should be strongly encouraged
to implement security mechanisms.
Regards,
Anil
Anil Agarwal
ViaSat Inc.
Germantown, MD
________________________________
From: Joe Touch [mailto:touch@ISI.EDU]
Sent: Mon 9/24/2007 6:34 PM
To: mallman@icir.org
Cc: tcpm@ietf.org
Subject: Re: [tcpm] tcpsecure: how strong to recommend?
I'd encourage others to weigh in on this. I'm uncomfortable with our
making recommendations to change TCP's fundamental behavior as a SHOULD
on the basis of a handful of representatives.
Joe
Mark Allman wrote:
>
> Folks-
>
> The seeming last issue with the tcpsecure document is how strong to
> recommend the various mitigations. To review, there are three
> mitigations for RST, SYN and data injection attacks. The question is
> whether to say that a TCP (1) MAY use all these mitigations, (2) SHOULD
> use all these mitigations or (3) SHOULD use the mitigations for the RST
> & SYN attacks and MAY use the data injection mitigation. Clearly there
> are other permutations (and one could also bring MUST and MUST NOT into
> the conversation), however these three options have been voiced. If you
> have some other permutation then voice it.
>
> In the meeting in Chicago we took a "visual hum" and the tally looks
> like this:
>
> all SHOULDs: 4
> all MAYs: 3
> two SHOULDs and a MAY: 8
>
> So, our inclination is to go with option (3) from my list above. If you
> think this is the wrong way to go please yell---especially if you are
> not reflected in the 15 folks who took part in the visual hum.
>
> Thanks,
> allman
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www1.ietf.org/mailman/listinfo/tcpm
_______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Fernando Gont
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Pekka Savola
- RE: [tcpm] tcpsecure: how strong to recommend? Agarwal, Anil
- Re: [tcpm] tcpsecure: how strong to recommend? Wesley Eddy
- Re: [tcpm] tcpsecure: how strong to recommend? David Borman
- Re: [tcpm] tcpsecure: how strong to recommend? Lars Eggert
- RE: [tcpm] tcpsecure: how strong to recommend? Agarwal, Anil
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Tom Petch
- RE: [tcpm] tcpsecure: how strong to recommend? Mitesh Dalal (mdalal)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Tim Shepard
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Tim Shepard
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- RE: [tcpm] tcpsecure: how strong to recommend? toby.moncaster
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- [tcpm] BTNS usage for BGP Pekka Savola
- [tcpm] Re: BTNS usage for BGP Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Mitesh Dalal (mdalal)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Edward A. Gardner
- RE: [tcpm] tcpsecure: how strong to recommend? Mitesh Dalal (mdalal)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Lars Eggert
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? touch
- Re: [tcpm] tcpsecure: how strong to recommend? touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch