Re: [tcpm] [OPSEC] draft-gont-tcp-security
Joel Jaeggli <joelja@bogus.com> Wed, 03 June 2009 20:49 UTC
Return-Path: <joelja@bogus.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C51003A6782; Wed, 3 Jun 2009 13:49:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qHgZqch8mqR5; Wed, 3 Jun 2009 13:49:01 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id C68633A6AA8; Wed, 3 Jun 2009 13:48:40 -0700 (PDT)
Received: from [209.97.124.84] ([209.97.124.84]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n53KlqTT049645 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 3 Jun 2009 20:48:34 GMT (envelope-from joelja@bogus.com)
Message-ID: <4A26E173.6040802@bogus.com>
Date: Wed, 03 Jun 2009 13:47:47 -0700
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.21 (X11/20090409)
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
References: <C304DB494AC0C04C87C6A6E2FF5603DB221318F5E8@NDJSSCC01.ndc.nasa.g ov><49E36AB9.40507@isi.edu> <49E384E9.1050106@gont.com.ar><49E3878C.9080200@isi.edu> <49E39119.1060902@gont.com.ar> <B01905DA0C7CDC478F42870679DF0F1004BC4176D0@qtdenexmbm24.AD.QINTRA.COM> <49E3A88F.9060301@gont.com.ar> <49E3ABC0.1050601@isi.edu> <49E3B9BF.1060901@gont.com.ar> <49E3BED9.1030701@isi.edu> <C9E987CC-0213-4C67-BA0A-11C736772EE7@nokia.com> <49E4D257.40504@gont.com.ar> <49E4E233.9040609@earthlink.net> <EC5F7E6A-0393-41CC-B4DF-BCD134FF4EF5@nokia.com> <49E5F36D.7020808@earthlink.net> <A9D3331F-FDE6-4500-8650-3F94B0A78C2E@nokia.com> <49EE1873.1090907@gont.com.ar> <88ACD16A-1137-4E55-871F-8F0C992D7A63@nokia.com> <4A24626E.90805@gont.com.ar>
In-Reply-To: <4A24626E.90805@gont.com.ar>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.94.2/9418/Wed Jun 3 12:18:15 2009 on nagasaki.bogus.com
X-Virus-Status: Clean
Cc: opsec@ietf.org, tcpm@ietf.org
Subject: Re: [tcpm] [OPSEC] draft-gont-tcp-security
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2009 20:49:02 -0000
It's a tough question. In part I think the answer is up to you, I think there's some understanding on the part of tcpm that if this work were to progress on a standards track that tcpm (no opsec) is the place for that to happen. That said there's also some question as what sort of general recommendations about hardening tcp would actually be consider acceptable (in narrow use cases a lot more of them may well be). The diligent blacksmith knows that hardening a tool also makes it more brittle... The result of any such effort is likely to be greatly different than what you have today. An alternative track would have the document headed for informational status either as a working group document or as indivdual submission with an understanding of what sort of advice is provided and who should consider it and the limitations of implmentation based on it's recomendations. It still think exposure to a working group is very important and useful in this context, as a purely independant submission it's simply documentary evidence of the uk cpni's effort's at documenting some percieved flaws in tcp and recomned mitigation strategy which is useful but not dramatically better than putting it on a website. Fernando Gont wrote: > Lars Eggert wrote: > >>> P.S.: Is there any specific proposal/advice to pursue this effort? >>> There's has been some talk about tcpm vs opsec, but so far it is not >>> clear to me how to proceed here. >> if the IETF decides to work on this, I believe TCPM would be the most >> appropriate group, given that that's where the TCP expertise is. I'm >> fully OK with doing this in cooperation with OPSEC, maybe via a joint WG >> last call or other means, if they desire this. > > Any plans on how to proceed? So far we have version -00 of the > individual submission, but it's not clear to me how to proceed.... > > > >> One question: If the IETF decides to publish a document in this space, >> and if you decide to offer draft-gont-tcp-security as a starting point >> for this work, are the UK CNPI and you as the author OK with the IETF WG >> obtaining change control? The WG consensus process would likely lead to >> changes compared to the current version, probably even significant changes. > > Both UK CPNI and me are OK with the document being modified to reflect > IETF consensus. However, we do expect me to continue as the document > author, and UK CPNI to continue as the author's affiliation (there's > nothing unusual with this... but considering that strictly speaking once > a document is accepted by a WG the author may be changed, I'm just > clarifying that while neither UK CPNI nor me have problems with the > document reflecting WG consensus, we do expect the author (Fernando > Gont) and the author's affiliation (UK CPNI) to remain "as is"). > > Thanks! > > Kind regards,
- [tcpm] draft-gont-tcp-security Eddy, Wesley M. (GRC-RCN0)[Verizon]
- Re: [tcpm] draft-gont-tcp-security Joe Touch
- Re: [tcpm] draft-gont-tcp-security Fernando Gont
- Re: [tcpm] draft-gont-tcp-security Joe Touch
- Re: [tcpm] draft-gont-tcp-security Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Fernando Gont
- Re: [tcpm] draft-gont-tcp-security Joe Touch
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Joe Touch
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Joe Touch
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Joe Touch
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Joe Touch
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Lars Eggert
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Joe Touch
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Smith, Donald
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Smith, Donald
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Joel Jaeggli
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Smith, Donald
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Joe Touch
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Lars Eggert
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Todd Glassey
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Todd Glassey
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Lars Eggert
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Lars Eggert
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Joel Jaeggli
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Joe Touch
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security Joe Touch