Re: [tcpm] Comments on draft-ietf-tcpm-icmp-attacks-04.txt
Fernando Gont <fernando@gont.com.ar> Thu, 27 November 2008 05:25 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8AC393A6820; Wed, 26 Nov 2008 21:25:54 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 88BDD3A6820 for <tcpm@core3.amsl.com>; Wed, 26 Nov 2008 21:25:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.479
X-Spam-Level:
X-Spam-Status: No, score=-0.479 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RCVD_IN_DNSWL_LOW=-1, RDNS_NONE=0.1, SARE_RECV_SPEEDY_AR=0.808]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1uNghiwEYKDx for <tcpm@core3.amsl.com>; Wed, 26 Nov 2008 21:25:52 -0800 (PST)
Received: from smtp1.xmundo.net (unknown [201.216.232.80]) by core3.amsl.com (Postfix) with ESMTP id 4EB2A3A6806 for <tcpm@ietf.org>; Wed, 26 Nov 2008 21:25:51 -0800 (PST)
Received: from venus.xmundo.net (venus.xmundo.net [201.216.232.56]) by smtp1.xmundo.net (Postfix) with ESMTP id 44A3A6B6655; Thu, 27 Nov 2008 02:25:55 -0300 (ART)
Received: from notebook.gont.com.ar (201-254-58-247.speedy.com.ar [201.254.58.247] (may be forged)) (authenticated bits=0) by venus.xmundo.net (8.14.1/8.14.1) with ESMTP id mAR5PWGK018547; Thu, 27 Nov 2008 03:25:33 -0200
Message-Id: <200811270525.mAR5PWGK018547@venus.xmundo.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Thu, 27 Nov 2008 02:19:07 -0300
To: gorry@erg.abdn.ac.uk, tcpm@ietf.org
From: Fernando Gont <fernando@gont.com.ar>
In-Reply-To: <492D2726.3060505@erg.abdn.ac.uk>
References: <492D2726.3060505@erg.abdn.ac.uk>
Mime-Version: 1.0
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (venus.xmundo.net [201.216.232.56]); Thu, 27 Nov 2008 02:25:54 -0300 (ART)
Cc: fernando@gont.com.ar
Subject: Re: [tcpm] Comments on draft-ietf-tcpm-icmp-attacks-04.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
Hello, Gorry, Thanks so much for your thorough and timely review. You'll find my comments in-line.... >* It was interesting to read the issues presented in the I-D. The >I-D is mainly documentation of algorithms and current practice. If >published, this seems like an informational document - I can not >determine whether this is needed, and whether the material could >already be covered by other documentation. It is not covered by other documentation. For instance, this Internet-Draft is the document that has been referenced in a number of vulnerability advisories published on these issues (e.g. by CERT/CC and UK NISCC), and has also been referenced by a number of vulnerability advisories published by vendors when they addressed these issues. >* One section of the document (6) describes issues with >Source-Quench, however this is not a credible issue - it has long >been known that Source-Quench is not of value. I think this section >could safely be omitted, reduced or combined with earlier sections >to provide more rationale for the main part of the I-D. I'm not sure what you mean. It may have been known that SQ was not of value... yet all implementations were responding to SQ as specified by the IETF. And it was in response to this I-D that many implementations removed support for SQ (e.g., I did the corresponding patch for OpenBSD). >* The main part of the document is about PMTUD vulnerabilities to >ICMP attacks and some deployed countermeasures. In my opinion, this >discussion should be set against the framework defined by the IETF >standards-track "Packetization Layer Path MTU Discovery", RFC 4821, >March 2007. This is not currently mentioned, which I find very >confusing. I'd suggest that if the document is to be published as a >useful output of the transport area it must compare the non-ICMP >methods to those in RFC 4821. I belive that RFC 4821 does not necessarily obsolete traditional PMTUD. They may be orthogonal. That is, as stated in RFC 4821, you could implement PLPMTUD just for black-hole detection. I agree that additional discussion of PLPMTUD might be included, though. >* Appendix A concludes with an interpretation of the meaning of >several RFCs. If this is the result of an IETF WG consensus call, >this needs to be made clear and more effort needs to be made to >determine the correct advice. If this is the editor's own view, then >it should be omitted from a working group draft. This text was included in the document even before it was accepted as a wg document. (BTW, I do not recall when or why I moved that text out of the main body of the doc to an appendix). I don't seem to recall people arguing again this particular text. However, I'm open to remove this text if the wg feels this is a show-stopper. >* Finally, I do not see a detailed discussion of ICMP issues in >general as the title suggests, but more of a focus on PMTUD attacks. >A change to the title and abstract would help attract the right >people to read this and better reflect the actual content. The document discusses ICMP attacks against TCP. There are basically three of them: connection.reset (hard errors), throughput reduction (Source Quench), and the PMTUD ones. It's not that it focuses on the PMTUD ones, but rather that the full counter-measure for the PMTUD attack is more complex, so it requires more analysys, test-case scenarios, etc. That's it. >I will separately send some comments on the document itself to the >list, but have decided to postpone the final stage of the review >until I hear more about the relationship to PLPMTUD, since this may >require some reworking of the document. It may be that there has >been discussion on this topic before, if so please let me know. Please let me know if the above answer your questions.... Thanks so much for your review! Kind regards, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] Comments on draft-ietf-tcpm-icmp-attacks-0… Gorry Fairhurst
- Re: [tcpm] Comments on draft-ietf-tcpm-icmp-attac… Fernando Gont
- Re: [tcpm] Comments on draft-ietf-tcpm-icmp-attac… Gorry Fairhurst
- Re: [tcpm] Comments on draft-ietf-tcpm-icmp-attac… Fernando Gont