IETF Logo Mail Archive

Re: [tcpm] [OPSEC] draft-gont-tcp-security

Joel Jaeggli <joelja@bogus.com> Wed, 03 June 2009 20:49 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C51003A6782; Wed, 3 Jun 2009 13:49:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qHgZqch8mqR5; Wed, 3 Jun 2009 13:49:01 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id C68633A6AA8; Wed, 3 Jun 2009 13:48:40 -0700 (PDT)
Received: from [209.97.124.84] ([209.97.124.84]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n53KlqTT049645 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 3 Jun 2009 20:48:34 GMT (envelope-from joelja@bogus.com)
Message-ID: <4A26E173.6040802@bogus.com>
Date: Wed, 03 Jun 2009 13:47:47 -0700
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.21 (X11/20090409)
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
References: <C304DB494AC0C04C87C6A6E2FF5603DB221318F5E8@NDJSSCC01.ndc.nasa.g ov><49E36AB9.40507@isi.edu> <49E384E9.1050106@gont.com.ar><49E3878C.9080200@isi.edu> <49E39119.1060902@gont.com.ar> <B01905DA0C7CDC478F42870679DF0F1004BC4176D0@qtdenexmbm24.AD.QINTRA.COM> <49E3A88F.9060301@gont.com.ar> <49E3ABC0.1050601@isi.edu> <49E3B9BF.1060901@gont.com.ar> <49E3BED9.1030701@isi.edu> <C9E987CC-0213-4C67-BA0A-11C736772EE7@nokia.com> <49E4D257.40504@gont.com.ar> <49E4E233.9040609@earthlink.net> <EC5F7E6A-0393-41CC-B4DF-BCD134FF4EF5@nokia.com> <49E5F36D.7020808@earthlink.net> <A9D3331F-FDE6-4500-8650-3F94B0A78C2E@nokia.com> <49EE1873.1090907@gont.com.ar> <88ACD16A-1137-4E55-871F-8F0C992D7A63@nokia.com> <4A24626E.90805@gont.com.ar>
In-Reply-To: <4A24626E.90805@gont.com.ar>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.94.2/9418/Wed Jun 3 12:18:15 2009 on nagasaki.bogus.com
X-Virus-Status: Clean
Cc: opsec@ietf.org, tcpm@ietf.org
Subject: Re: [tcpm] [OPSEC] draft-gont-tcp-security
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2009 20:49:02 -0000

It's a tough question. In part I think the answer is up to you, I think
there's some understanding on the part of tcpm that if this work were to
progress on a standards track that tcpm (no opsec) is the place for that
to happen. That said there's also some question as what sort of general
recommendations about hardening tcp would actually be consider
acceptable (in narrow use cases a lot more of them may well be).

	The diligent blacksmith knows that hardening a tool also
	makes it more brittle...

The result of any such effort is likely to be greatly different than
what you have today.

An alternative track would have the document headed for informational
status either as a working group document or as indivdual submission
with an understanding of what sort of advice is provided and who should
consider it and the limitations of implmentation based on it's
recomendations. It still think exposure to a working group is very
important and useful in this context, as a purely independant submission
it's simply documentary evidence of the uk cpni's effort's at
documenting some percieved flaws in tcp and recomned mitigation strategy
which is useful but not dramatically better than putting it on a website.

Fernando Gont wrote:
> Lars Eggert wrote:
> 
>>> P.S.: Is there any specific proposal/advice to pursue this effort?
>>> There's has been some talk about tcpm vs opsec, but so far it is not
>>> clear to me how to proceed here.
>> if the IETF decides to work on this, I believe TCPM would be the most
>> appropriate group, given that that's where the TCP expertise is. I'm
>> fully OK with doing this in cooperation with OPSEC, maybe via a joint WG
>> last call or other means, if they desire this.
> 
> Any plans on how to proceed? So far we have version -00 of the
> individual submission, but it's not clear to me how to proceed....
> 
> 
> 
>> One question: If the IETF decides to publish a document in this space,
>> and if you decide to offer draft-gont-tcp-security as a starting point
>> for this work, are the UK CNPI and you as the author OK with the IETF WG
>> obtaining change control? The WG consensus process would likely lead to
>> changes compared to the current version, probably even significant changes.
> 
> Both UK CPNI and me are OK with the document being modified to reflect
> IETF consensus. However, we do expect me to continue as the document
> author, and UK CPNI to continue as the author's affiliation (there's
> nothing unusual with this... but considering that strictly speaking once
> a document is accepted by a WG the author may be changed, I'm just
> clarifying that while neither UK CPNI nor me have problems with the
> document reflecting WG consensus, we do expect the author (Fernando
> Gont) and the author's affiliation (UK CPNI) to remain "as is").
> 
> Thanks!
> 
> Kind regards,

v2.23.0 | Report a Bug | By Email