IETF Logo Mail Archive

Re: [tcpm] WGLC for SYN flooding

Mark Allman <mallman@icir.org> Wed, 18 April 2007 16:26 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HeCyw-00009F-RS; Wed, 18 Apr 2007 12:26:10 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HeCyu-000096-RK for tcpm@ietf.org; Wed, 18 Apr 2007 12:26:08 -0400
Received: from pork.icsi.berkeley.edu ([192.150.186.19]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HeCyu-0003Zk-5J for tcpm@ietf.org; Wed, 18 Apr 2007 12:26:08 -0400
Received: from guns.icir.org (adsl-69-222-35-58.dsl.bcvloh.ameritech.net [69.222.35.58]) by pork.ICSI.Berkeley.EDU (8.12.11.20060308/8.12.11) with ESMTP id l3IGQ6QI006761; Wed, 18 Apr 2007 09:26:07 -0700
Received: from lawyers.icir.org (adsl-69-222-35-58.dsl.bcvloh.ameritech.net [69.222.35.58]) by guns.icir.org (Postfix) with ESMTP id 628099FD373; Wed, 18 Apr 2007 12:26:01 -0400 (EDT)
Received: from lawyers.icir.org (localhost [127.0.0.1]) by lawyers.icir.org (Postfix) with ESMTP id 4C37D1D84C9; Wed, 18 Apr 2007 12:25:38 -0400 (EDT)
To: Ted Faber <faber@ISI.EDU>
From: Mark Allman <mallman@icir.org>
Subject: Re: [tcpm] WGLC for SYN flooding
In-Reply-To: <20070327212827.GE26658@hut.isi.edu>
Organization: ICSI Center for Internet Research (ICIR)
Song-of-the-Day: Werewolves of London
MIME-Version: 1.0
Date: Wed, 18 Apr 2007 12:25:38 -0400
Message-Id: <20070418162538.4C37D1D84C9@lawyers.icir.org>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: a492040269d440726bfd84680622cee7
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: mallman@icir.org
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0001312297=="
Errors-To: tcpm-bounces@ietf.org

> Mark and I would like to start a WG last call on the SYN flooding and
> countermeasures document:
> 
>         Title           : TCP SYN Flooding Attacks and Common Mitigations
>         Author(s)       : W. Eddy
>         Filename        : draft-ietf-tcpm-syn-flood-02.txt
>         Pages           : 23
>         Date            : February 2007
>         http://www.ietf.org/internet-drafts/draft-ietf-tcpm-syn-flood-02.txt

Ted and I believe the WG's consensus is that this document is in good
shape and ready to be published as an informational RFC.  We will be
forwarding it to the ADs with the attached PROTO writeup.  Of course, if
you believe we have mis-judged the consensus of the WG you should yell.

allman




TCP SYN Flooding Attacks and Common Mitigations
draft-ietf-tcpm-syn-flood-02.txt

>>   (1.a)  Who is the Document Shepherd for this document?  Has the
>>          Document Shepherd personally reviewed this version of the
>>          document and, in particular, does he or she believe this
>>          version is ready for forwarding to the IESG for publication?

Mark Allman (TCPM co-chair) is acting as the shepherd for this
document.

I have read this version of the draft and believe it is ready for
publication as an Informational RFC.

>>   (1.b)  Has the document had adequate review both from key WG members
>>          and from key non-WG members?  Does the Document Shepherd have
>>          any concerns about the depth or breadth of the reviews that
>>          have been performed?

The document has been reviewed by many WG members and has enjoyed
much support over the course of its development.  I have no concerns
about the review process.

>>   (1.c)  Does the Document Shepherd have concerns that the document
>>          needs more review from a particular or broader perspective,
>>          e.g., security, operational complexity, someone familiar with
>>          AAA, internationalization or XML?

I have no concerns that the document needs additional review.

>>   (1.d)  Does the Document Shepherd have any specific concerns or
>>          issues with this document that the Responsible Area Director
>>          and/or the IESG should be aware of?  For example, perhaps he
>>          or she is uncomfortable with certain parts of the document, or
>>          has concerns whether there really is a need for it.  In any
>>          event, if the WG has discussed those issues and has indicated
>>          that it still wishes to advance the document, detail those
>>          concerns here.  Has an IPR disclosure related to this document
>>          been filed?  If so, please include a reference to the
>>          disclosure and summarize the WG discussion and conclusion on
>>          this issue.

I have no specific issues that the IESG should be aware of.

No IPR disclosures have been filed relating to this document.

>>   (1.e)  How solid is the WG consensus behind this document?  Does it
>>          represent the strong concurrence of a few individuals, with
>>          others being silent, or does the WG as a whole understand and
>>          agree with it?

I believe the consensus behind this document is quite broad.

>>   (1.f)  Has anyone threatened an appeal or otherwise indicated extreme
>>          discontent?  If so, please summarise the areas of conflict in
>>          separate email messages to the Responsible Area Director.  (It
>>          should be in a separate email because this questionnaire is
>>          entered into the ID Tracker.)

I am not aware of any threatened appeals or any discontent with this
document in any way.  (In fact, all the recent work has been fairly
editorial in nature.)

>>   (1.g)  Has the Document Shepherd personally verified that the
>>          document satisfies all ID nits?  (See
>>          http://www.ietf.org/ID-Checklist.html and
>>          http://tools.ietf.org/tools/idnits/).  Boilerplate checks are
>>          not enough; this check needs to be thorough.  Has the document
>>          met all formal review criteria it needs to, such as the MIB
>>          Doctor, media type and URI type reviews?

The document requires no formal reivews (e.g., by MIB Doctors).

I have run idnits on the document and it shows no issues.

>>   (1.h)  Has the document split its references into normative and
>>          informative?  Are there normative references to documents that
>>          are not ready for advancement or are otherwise in an unclear
>>          state?  If such normative references exist, what is the
>>          strategy for their completion?  Are there normative references
>>          that are downward references, as described in [RFC3967]?  If
>>          so, list these downward references to support the Area
>>          Director in the Last Call procedure for them [RFC3967].

The references are labeled as "Informative", as they should be.
This is an informational document.

>>   (1.i)  Has the Document Shepherd verified that the document IANA
>>          consideration section exists and is consistent with the body
>>          of the document?  If the document specifies protocol
>>          extensions, are reservations requested in appropriate IANA
>>          registries?  Are the IANA registries clearly identified?  If
>>          the document creates a new registry, does it define the
>>          proposed initial contents of the registry and an allocation
>>          procedure for future registrations?  Does it suggest a
>>          reasonable name for the new registry?  See [RFC2434].  If the
>>          document describes an Expert Review process has Shepherd
>>          conferred with the Responsible Area Director so that the IESG
>>          can appoint the needed Expert during the IESG Evaluation?

The document has an IANA considerations section that is consistent
with the body of the document.  This document has no IANA
considerations.

>>   (1.j)  Has the Document Shepherd verified that sections of the
>>          document that are written in a formal language, such as XML
>>          code, BNF rules, MIB definitions, etc., validate correctly in
>>          an automated checker?

This does not apply.

>>   (1.k)  The IESG approval announcement includes a Document
>>          Announcement Write-Up.  Please provide such a Document
>>          Announcement Write-Up?  Recent examples can be found in the
>>          "Action" announcements for approved documents.  The approval
>>          announcement contains the following sections:
>>
>>          Technical Summary
>>             Relevant content can frequently be found in the abstract
>>             and/or introduction of the document.  If not, this may be
>>             an indication that there are deficiencies in the abstract
>>             or introduction.

This document describes TCP SYN flooding attacks, which have been
well-known to the community for several years.  Various
countermeasures against these attacks, and the trade-offs of each,
are described.  This document archives explanations of the attack
and common defense techniques for the benefit of TCP implementers
and administrators of TCP servers or networks.

>>          Working Group Summary
>>             Was there anything in WG process that is worth noting?  For
>>             example, was there controversy about particular points or
>>             were there decisions where the consensus was particularly
>>             rough?

The consensus within the TCPM WG to publish this document as an
informational RFC is strong.

>>          Document Quality
>>             Are there existing implementations of the protocol?  Have a
>>             significant number of vendors indicated their plan to
>>             implement the specification?  Are there any reviewers that
>>             merit special mention as having done a thorough review,
>>             e.g., one that resulted in important changes or a
>>             conclusion that the document had no substantive issues?  If
>>             there was a MIB Doctor, Media Type or other expert review,
>>             what was its course (briefly)?  In the case of a Media Type
>>             review, on what date was the request posted?

This document details several techniques that have been used in TCP
implementations for many years.  The technology discussed in this
document is not new, but rather this document is helping the
RFC-series "catch up" with common practice and details experience
with several mechanisms.

>>          Personnel
>>             Who is the Document Shepherd for this document?  Who is the
>>             Responsible Area Director? Is an IANA expert needed?

The document shepherd for this document is Mark Allman (TCPM
co-chair).  The responsible AD is Lars Eggert.  The document does
not need an IANA expert.

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email