Re: [tcpm] tcp-security: More feedback requested for the document outline
Joe Touch <touch@ISI.EDU> Wed, 09 September 2009 06:18 UTC
Return-Path: <touch@ISI.EDU>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 560003A6ACF for <tcpm@core3.amsl.com>; Tue, 8 Sep 2009 23:18:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.523
X-Spam-Level:
X-Spam-Status: No, score=-2.523 tagged_above=-999 required=5 tests=[AWL=0.076, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hPApODQAWx2z for <tcpm@core3.amsl.com>; Tue, 8 Sep 2009 23:18:03 -0700 (PDT)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) by core3.amsl.com (Postfix) with ESMTP id 73B6E3A6A59 for <tcpm@ietf.org>; Tue, 8 Sep 2009 23:18:03 -0700 (PDT)
Received: from [192.168.1.47] (pool-71-106-88-10.lsanca.dsl-w.verizon.net [71.106.88.10]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id n896HrGF008411 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 8 Sep 2009 23:17:54 -0700 (PDT)
Message-ID: <4AA74891.4000407@isi.edu>
Date: Tue, 08 Sep 2009 23:17:53 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
References: <4AA74452.7060409@gont.com.ar>
In-Reply-To: <4AA74452.7060409@gont.com.ar>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-MailScanner-ID: n896HrGF008411
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: "tcpm-chairs@tools.ietf.org" <tcpm-chairs@tools.ietf.org>, "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpm] tcp-security: More feedback requested for the document outline
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2009 06:18:04 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fernando Gont wrote: > Folks, > > The original deadline for commenting on the document outline is over. > These are the comments so far: > > * Joe: wants to change the outline from the current outline (which > basically analyzes TCP on a "per-protocol-field", > "per-protocol-mechanism" basis, etc.) to an outline that basically > analyzes TCP on a "per-attack" basis (his proposal is available at: > http://www.ietf.org/mail-archive/web/tcpm/current/msg04838.html) The outline I proposed breaks things down into groups based on: control plane in-band control plane out-of-band data plane API This is (loosely) based on how TCP is specified (order not withstanding). Although I did suggest talking about attacks first, then talking about mitigations (to separate the two, because a single attack can have multiple mitigations, and a single mitigation can inhibit multiple attacks), the overall structure is not per-attack as much as it based on breaking the protocol down into its component parts. - --- It also distinguishes between protocol weaknesses (places where the protocol creates a vulnerability, regardless of implementation - e.g., ICMP attacks), implementation choice issues (places where a choice left to implementers can cause problems if poorly chosen - e.g., how some SHOULDs turn into "don't do this in a secure implementation"), and implementation vulnerabilities (implementation issues not related to choices in the spec that create problems - e.g., searching the TIME-WAIT list linearly). Regardless of how we proceed, I believe that this latter issue should be considered in the presentation of solutions. > * Wesley: would like to change the outline as proposed by Joe, but could > live without doing that. > > * Alfred: wants to leave the outline as is > > * Fernando: wants to leave the outline as is > > * Toby: wants to change the outline as proposed by Joe > > I don't personally see clear consensus for changing the outline (even > less if we consider that many more people had agreed to accept the > document "as is"). > > However, as there have not been that many opinions about the outline, I > think it would be a good idea if wg participants that have not yet > voiced their opinion regarding the document outline have another chance > to do it. > > So let's set a new deadline for this second round off-comments: if you > have any comments regarding the document outline, please voice your > opinion till September 16th (Wednesday), 2009. > > Thanks! > > Kind regards, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqnSJEACgkQE5f5cImnZrvSDACg07iCr3uC1ORZ8rvT3PWYrbmq yDYAoKzt6bDekRm6c5HLvgmDVenPW2m1 =Qg/w -----END PGP SIGNATURE-----
- [tcpm] tcp-security: More feedback requested for … Fernando Gont
- Re: [tcpm] tcp-security: More feedback requested … Joe Touch
- Re: [tcpm] tcp-security: More feedback requested … Fernando Gont
- Re: [tcpm] tcp-security: More feedback requested … Lars Eggert
- Re: [tcpm] tcp-security: More feedback requested … Smith, Donald