Re: [tcpm] tcpsecure recommendations

"Anantha Ramaiah (ananth)" <ananth@cisco.com> Mon, 11 February 2008 02:22 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: ietfarch-tcpm-archive@core3.amsl.com
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8BB903A69CF; Sun, 10 Feb 2008 18:22:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.55
X-Spam-Level:
X-Spam-Status: No, score=-2.55 tagged_above=-999 required=5 tests=[AWL=-2.113, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t-hSI+eJkSHZ; Sun, 10 Feb 2008 18:22:53 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A7E523A69AB; Sun, 10 Feb 2008 18:22:53 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF1853A69AB for <tcpm@core3.amsl.com>; Sun, 10 Feb 2008 18:22:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FShV1JSx0iEQ for <tcpm@core3.amsl.com>; Sun, 10 Feb 2008 18:22:51 -0800 (PST)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id DD5193A6982 for <tcpm@ietf.org>; Sun, 10 Feb 2008 18:22:51 -0800 (PST)
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 10 Feb 2008 18:24:18 -0800
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id m1B2OI4n009342; Sun, 10 Feb 2008 18:24:18 -0800
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id m1B2OHEL015033; Mon, 11 Feb 2008 02:24:18 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 10 Feb 2008 18:24:16 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Sun, 10 Feb 2008 18:24:00 -0800
Message-ID: <0C53DCFB700D144284A584F54711EC5804AC0A08@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <47AFA15A.1070006@isi.edu>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] tcpsecure recommendations
Thread-Index: AchsS4pLLrBiLUvRQcmT51MBJe7V3wAAKcNQ
References: <20080206174017.6977C36516E@lawyers.icir.org><47AB293D.8040605@isi.edu><0C53DCFB700D144284A584F54711EC5804AC099C@xmb-sjc-21c.amer.cisco.com><47AF380D.7030400@isi.edu><0C53DCFB700D144284A584F54711EC5804AC09CF@xmb-sjc-21c.amer.cisco.com> <47AF81B2.5030408@isi.edu> <0C53DCFB700D144284A584F54711EC5804AC09E9@xmb-sjc-21c.amer.cisco.com> <47AFA15A.1070006@isi.edu>
From: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
To: "Joe Touch" <touch@ISI.EDU>
X-OriginalArrivalTime: 11 Feb 2008 02:24:16.0257 (UTC) FILETIME=[32EE7F10:01C86C55]
Authentication-Results: sj-dkim-4; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Cc: tcpm@ietf.org, mallman@icir.org
Subject: Re: [tcpm] tcpsecure recommendations
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

> Anantha Ramaiah (ananth) wrote:
> ...
> |> If preventing anything that could cause a malicious teardown is 
> |> critical, then use of strict authentication is required.
> |> Implications to the contrary endorse the use of this "protocol 
> |> robustness" mechanism for true security (a misconception that the 
> |> title doesn't help abate).
> |
> | Agreed but again the above statement doesn't help in debate 
> which we 
> | are having, ie., the strength of the data mitigation. All 
> so far I can 
> | gather is that : somehow you are saying data mitigation is tied to 
> | "data plane" and the rest are tied to control plane and 
> hence in one 
> | case is a SHOULD and the other a MAY. Sounds very dubious to me.
> 
> My comments are not intended to convince you to agree with 
> me. I have made my decision, and explained it, IMO.

Well, I was seeking clarification on the reasoning which you gave for
your choice! IMO, esp. after the AS is in place, it doesn't make sense
to color each individual mitigation differently.

-Anantha
_______________________________________________
tcpm mailing list
tcpm@ietf.org
http://www.ietf.org/mailman/listinfo/tcpm