IETF Logo Mail Archive

Re: [tcpm] Q&C regarding tcpsecure-09 recommendations

Lars Eggert <lars.eggert@nokia.com> Wed, 04 June 2008 16:58 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 854B428C1F5; Wed, 4 Jun 2008 09:58:41 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2AB0328C1F6 for <tcpm@core3.amsl.com>; Wed, 4 Jun 2008 09:58:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.416
X-Spam-Level:
X-Spam-Status: No, score=-6.416 tagged_above=-999 required=5 tests=[AWL=0.183, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id utztxEzRzqgy for <tcpm@core3.amsl.com>; Wed, 4 Jun 2008 09:58:39 -0700 (PDT)
Received: from mgw-mx03.nokia.com (smtp.nokia.com [192.100.122.230]) by core3.amsl.com (Postfix) with ESMTP id 1A92628C1EF for <tcpm@ietf.org>; Wed, 4 Jun 2008 09:58:38 -0700 (PDT)
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-mx03.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id m54GwH7g006890; Wed, 4 Jun 2008 19:58:38 +0300
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 4 Jun 2008 19:58:06 +0300
Received: from lars.dhcp.nanog.merit.net ([10.241.184.208]) by esebh102.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Wed, 4 Jun 2008 19:58:06 +0300
Message-Id: <00BC7F35-5CE5-4142-AF30-7EDDB70A29D5@nokia.com>
From: Lars Eggert <lars.eggert@nokia.com>
To: ext Joe Touch <touch@ISI.EDU>
In-Reply-To: <48449321.5000609@isi.edu>
Mime-Version: 1.0 (Apple Message framework v924)
Date: Wed, 04 Jun 2008 12:58:02 -0400
References: <48432005.2070201@freebsd.org> <48449321.5000609@isi.edu>
X-Mailer: Apple Mail (2.924)
X-OriginalArrivalTime: 04 Jun 2008 16:58:06.0299 (UTC) FILETIME=[28C382B0:01C8C664]
X-Nokia-AV: Clean
Cc: tcpm@ietf.org
Subject: Re: [tcpm] Q&C regarding tcpsecure-09 recommendations
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

Hi,

On 2008-6-2, at 20:41, ext Joe Touch wrote:
> This is, IMO, a signal to review the recommendations in Section 1.1.  
> I was always concerned that these mitigations would be  
> misinterpreted as applying to hosts in general, which they do not.

do you think that a short paragraph in Section 1.1 that discusses the  
downsides of implementing the checks where not needed would be helpful?

Currently the document says "The mitigations suggested in this draft  
SHOULD be implemented in devices where the TCP connections are most  
vulnerable to the attacks described in this document. (...) These  
mitigations MAY be implemented in other cases." I think you're saying  
that the last sentence may not be detailed enough to allow  
implementors to judge the tradeoffs?

Lars
(as an individual)
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email