IETF Logo Mail Archive

Re: [tcpm] tcpsecure: how strong to recommend?

Lars Eggert <lars.eggert@nokia.com> Tue, 25 September 2007 13:54 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IaAs7-0002Pk-EX; Tue, 25 Sep 2007 09:54:43 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IaAs5-0002Oi-Ja for tcpm@ietf.org; Tue, 25 Sep 2007 09:54:41 -0400
Received: from smtp.nokia.com ([131.228.20.171] helo=mgw-ext12.nokia.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IaAs4-0000At-U2 for tcpm@ietf.org; Tue, 25 Sep 2007 09:54:41 -0400
Received: from esebh107.NOE.Nokia.com (esebh107.ntc.nokia.com [172.21.143.143]) by mgw-ext12.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l8PDsACV020054; Tue, 25 Sep 2007 16:54:33 +0300
Received: from esebh103.NOE.Nokia.com ([172.21.143.33]) by esebh107.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 25 Sep 2007 16:54:26 +0300
Received: from mgw-int01.ntc.nokia.com ([172.21.143.96]) by esebh103.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Tue, 25 Sep 2007 16:54:25 +0300
Received: from [172.21.36.228] (esdhcp036228.research.nokia.com [172.21.36.228]) by mgw-int01.ntc.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l8PDsOjv003693; Tue, 25 Sep 2007 16:54:24 +0300
In-Reply-To: <46F83B6D.6000301@isi.edu>
References: <20070924174444.F2C662A7182@lawyers.icir.org> <46F83B6D.6000301@isi.edu>
Mime-Version: 1.0 (Apple Message framework v752.3)
Message-Id: <44F9F627-9A49-4A63-9F38-0006F1FE2BDF@nokia.com>
From: Lars Eggert <lars.eggert@nokia.com>
Subject: Re: [tcpm] tcpsecure: how strong to recommend?
Date: Tue, 25 Sep 2007 16:54:11 +0300
To: ext Joe Touch <touch@ISI.EDU>
X-Mailer: Apple Mail (2.752.3)
X-OriginalArrivalTime: 25 Sep 2007 13:54:25.0442 (UTC) FILETIME=[954F7020:01C7FF7B]
X-Nokia-AV: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a1852b4f554b02e7e4548cc7928acc1f
Cc: tcpm@ietf.org, mallman@icir.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0123920771=="
Errors-To: tcpm-bounces@ietf.org

Hi,

On 2007-9-25, at 1:34, ext Joe Touch wrote:
> I'd encourage others to weigh in on this. I'm uncomfortable with our
> making recommendations to change TCP's fundamental behavior as a  
> SHOULD
> on the basis of a handful of representatives.

this brings up an important point we need to clarify. The tcpsecure  
document contains a technical specification for multiple TCP  
mechanisms to protect against certain attacks.

However, RFC 2026 recommends that technical specifications should  
also come with a statement of applicability, i.e., something that  
says when the technical specification should or should not be used.  
Many documents don't have this, and often that isn't an issue. The  
tcpsecure document is missing this piece, too, but in this case I  
believe this is causing some confusion.

For some folks, this lack of a clear applicability statement means  
that the tcpsecure mechanisms become part of the "must-implement" set  
of TCP. To other folks, the MUST/SHOULD/MAY in the current document  
*are* a kind of applicability statement.

I think it would be helpful if we would tease apart applicability  
statement and technical specification. What were missing is consensus  
on the applicability of the proposed set of mechanisms. During the  
discussion around this document, I've heard basically two choices  
being expressed:

(1) all TCP stacks should implement tcpsecure

(2) only TCP stacks that expect to support a significant number of  
connections for which the described attacks are possible should  
implement tcpsecure

This is important to scope the discussion we're currently having on  
SHOULD vs. MAY.

If the applicability is (1), a SHOULD with its should-have-a-really- 
good-reason-to-ignore semantics is a pretty strong statement that  
affects all stacks.

Whereas if the applicability is (2) or something else that is more  
restricted than (1), a SHOULD is essentially without effect for  
stacks that don't consider themselves to fall under the conditions  
stated.

Lars

PS: Here is the relevant section from RFC2026:

3.1  Technical Specification (TS)

    A Technical Specification is any description of a protocol, service,
    procedure, convention, or format.  It may completely describe all of
    the relevant aspects of its subject, or it may leave one or more
    parameters or options unspecified.  A TS may be completely self-
    contained, or it may incorporate material from other specifications
    by reference to other documents (which might or might not be  
Internet
    Standards).

    A TS shall include a statement of its scope and the general intent
    for its use (domain of applicability).  Thus, a TS that is  
inherently
    specific to a particular context shall contain a statement to that
    effect.  However, a TS does not specify requirements for its use
    within the Internet;  these requirements, which depend on the
    particular context in which the TS is incorporated by different
    system configurations, are defined by an Applicability Statement.


_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email