Re: [tcpm] tcp-security: Request for feedback on the outline of the document
Alfred Hönes <ah@tr-sys.de> Wed, 26 August 2009 22:38 UTC
Return-Path: <A.Hoenes@tr-sys.de>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DD25A3A63CB for <tcpm@core3.amsl.com>; Wed, 26 Aug 2009 15:38:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.74
X-Spam-Level: **
X-Spam-Status: No, score=2.74 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AnSCafeMEZ7l for <tcpm@core3.amsl.com>; Wed, 26 Aug 2009 15:38:47 -0700 (PDT)
Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by core3.amsl.com (Postfix) with ESMTP id B47D53A6AB0 for <tcpm@ietf.org>; Wed, 26 Aug 2009 15:38:45 -0700 (PDT)
Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA260446292; Thu, 27 Aug 2009 00:38:12 +0200
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id AAA06336; Thu, 27 Aug 2009 00:38:11 +0200 (MESZ)
From: Alfred Hönes <ah@tr-sys.de>
Message-Id: <200908262238.AAA06336@TR-Sys.de>
To: tcpm@ietf.org
Date: Thu, 27 Aug 2009 00:38:10 +0200
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
Content-Type: text/plain; charset="hp-roman8"
Content-Transfer-Encoding: 7bit
Subject: Re: [tcpm] tcp-security: Request for feedback on the outline of the document
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2009 22:38:47 -0000
Folks, I strongly disagree with Joe's proposal. For detailed rationale see below. Furthermore, the envisioned procedure for the treatment of the document is perceiced as discriminating; it gives much more influence to WG participants with an always open time budget, who can continually follow the discussion and participate quickly, and it makes contributing by folks like me (who have a 'bursty' primary business and can only spend cycles for IETF purposes irregularly) rather difficult and/or inefficient. Starting this important work, with very short timelines, during the major summer vacation period is even more unfortunate. The apparent outcome I observe is that very few but very active voices already have started majorizing the discussion, and that I have not heard voices of implementers recently. Regarding document structure: The various past reviewers of the original document had appreciated the focus on implementer's point of view, which is closely related to the document structure, and among those reviewers were quite a couple of implementers. For instance, when implementing checks on a protocol field, a comprehensive discussion of the properties of that field is needed, with a summary of known attacks using that field, and a presentation of restrictions and extensibility properties of such field, in order to allow the reader to easily make an educated decision on what checks to implement and what possible other related hardening measures/knobs for his/her implementation are needed. Scattering that information throughout the document will make the utility of the document highly questionable. BTW: I could not even see where the fundamental basic discussion of protocol field properties might be located in the stucture Joe proposed. IMO, far-reaching structural changes should only be applied with strong support from the TCP implementers' community. As a mathematician, I have a strong preference for a bottom-up document structure, starting with the definitions and proceeding to the properties and gradually more complex conclusions; in the context of protocol design and implementation, that means a good document (after a short overview) should start with the basic data structures and protocol fields. The worst documents I ever had to read and understand were those that gave the basics last (e.g., many OSPF documents, defining the PDU fields and formats in Appendices -- ugly!) Fernando's outline roughly follows that natural bottom-up paradigm, starting with the PDUs and the field properties, specific attacks related to each single field, and general considerations regarding particular groups of fields -- that's what will go into header files (in 'C' implementations) and low-level code; then the original outline proceeds to major procedures to be implemented (connection setup and teardown, data buffer and data segment management, congestion control, 'abstract' / socket API -- modules that typically will have identifiable components in an implementation and which hence are worth a high-level block of discussion in a document useful for implementers; the final chapters discuss more general topics spanning multiple of the previous topics, and the final chapters regarding ICMP and the interface to IP help to align with related protocol components -- you know, strict layer separation isn't a property of TCP/IP! There are indeed details to be discussed, e.g., whether the section on TCP Options better be a subsection of the preceding section. IMO, that's not a good idea; the basic TCP Header is mandatory and (almost) static, it won't change -- even in the long term future evolution of TCP --, whereas TCP Options are a truly optional ensemble subject to yes/no implementation decisions; option design is an ongoing effort making it worth to separate TCP Options off the basic TCP Header for the exposition, allowing to discuss general topics specific to these circumstances there. However, I suggest to re-organize the subsections on the src/dst port fields: A general discussion of port numbers, including server ports vs. (ephemeral) client ports, and the case (and pros/cons) of (symmetric) peer-to-peer applications operation with fixed port numbers on both sides should precede the discussion of the src and dst prot number fields, because the logical properties of the port numbers (as mentioned above) are not bound to their per-packet role as src/dst. In any case, the document structure should be such that important details can be located in the Table of Contents. The RFC Editor usually limits the ToC to a certain nesting level (based on style and available tools); therefore, nesting sections too deeply should be avoided in favor of more primary sections. Kind regards, Alfred. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+
- [tcpm] tcp-security: Request for feedback on the … Fernando Gont
- Re: [tcpm] tcp-security: Request for feedback on … Joe Touch
- Re: [tcpm] tcp-security: Request for feedback on … Eddy, Wesley M. (GRC-MS00)[Verizon]
- Re: [tcpm] tcp-security: Request for feedback on … Fernando Gont
- Re: [tcpm] tcp-security: Request for feedback on … Joe Touch
- Re: [tcpm] tcp-security: Request for feedback on … Fernando Gont
- Re: [tcpm] tcp-security: Request for feedback on … Joe Touch
- Re: [tcpm] tcp-security: Request for feedback on … Fernando Gont
- Re: [tcpm] tcp-security: Request for feedback on … toby.moncaster
- Re: [tcpm] tcp-security: Request for feedback on … Alfred Hönes
- Re: [tcpm] tcp-security: Request for feedback on … Fernando Gont
- Re: [tcpm] tcp-security: Request for feedback on … Joe Touch
- Re: [tcpm] tcp-security: Request for feedback on … Fernando Gont
- Re: [tcpm] tcp-security: Request for feedback on … Joe Touch
- Re: [tcpm] tcp-security: Request for feedback on … Fernando Gont
- Re: [tcpm] tcp-security: Request for feedback on … Joe Touch
- Re: [tcpm] tcp-security: Request for feedback on … Fernando Gont
- Re: [tcpm] tcp-security: Request for feedback on … toby.moncaster
- Re: [tcpm] tcp-security: Request for feedback on … Eddy, Wesley M. (GRC-MS00)[Verizon]
- Re: [tcpm] tcp-security: Request for feedback on … Fernando Gont
- Re: [tcpm] tcp-security: Request for feedback on … Joe Touch
- Re: [tcpm] tcp-security: Request for feedback on … Fernando Gont
- Re: [tcpm] tcp-security: Request for feedback on … Lars Eggert
- Re: [tcpm] tcp-security: Request for feedback on … Joe Touch
- Re: [tcpm] tcp-security: Request for feedback on … Fernando Gont