IETF Logo Mail Archive

Re: [tcpm] tcp-security: Request for feedback on the outline of the document

"Eddy, Wesley M. (GRC-MS00)[Verizon]" <wesley.m.eddy@nasa.gov> Tue, 01 September 2009 13:14 UTC

Return-Path: <wesley.m.eddy@nasa.gov>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CAE073A6840 for <tcpm@core3.amsl.com>; Tue, 1 Sep 2009 06:14:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.47
X-Spam-Level:
X-Spam-Status: No, score=-6.47 tagged_above=-999 required=5 tests=[AWL=0.129, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6GKuyTtCxYzh for <tcpm@core3.amsl.com>; Tue, 1 Sep 2009 06:14:23 -0700 (PDT)
Received: from ndjsnpf03.ndc.nasa.gov (ndjsnpf03.ndc.nasa.gov [198.117.1.123]) by core3.amsl.com (Postfix) with ESMTP id EC6713A6820 for <tcpm@ietf.org>; Tue, 1 Sep 2009 06:14:22 -0700 (PDT)
Received: from ndjsppt03.ndc.nasa.gov (ndjsppt03.ndc.nasa.gov [198.117.1.102]) by ndjsnpf03.ndc.nasa.gov (Postfix) with ESMTP id 49F182D8190; Tue, 1 Sep 2009 08:14:36 -0500 (CDT)
Received: from ndjshub05.ndc.nasa.gov (ndjshub05.ndc.nasa.gov [198.117.4.164]) by ndjsppt03.ndc.nasa.gov (8.14.3/8.14.3) with ESMTP id n81DEUU0016034; Tue, 1 Sep 2009 08:14:33 -0500
Received: from NDJSSCC01.ndc.nasa.gov ([198.117.4.166]) by ndjshub05.ndc.nasa.gov ([198.117.4.164]) with mapi; Tue, 1 Sep 2009 08:14:30 -0500
From: "Eddy, Wesley M. (GRC-MS00)[Verizon]" <wesley.m.eddy@nasa.gov>
To: "toby.moncaster@bt.com" <toby.moncaster@bt.com>, "fernando@gont.com.ar" <fernando@gont.com.ar>, "touch@ISI.EDU" <touch@ISI.EDU>
Date: Tue, 01 Sep 2009 08:14:28 -0500
Thread-Topic: [tcpm] tcp-security: Request for feedback on the outline of the document
Thread-Index: Acoqxd8bqFMulLRwSqCkbhczAy7+TwALSQcwAASmEHA=
Message-ID: <C304DB494AC0C04C87C6A6E2FF5603DB479B8A2D49@NDJSSCC01.ndc.nasa.gov>
References: <200908262238.AAA06336@TR-Sys.de><4A9624CB.6040203@isi.edu> <4A9894C3.4020300@gont.com.ar><4A9AB5C2.4090209@isi.edu> <4A9CB254.7050802@gont.com.ar> <AEDCAF87EEC94F49BA92EBDD49854CC70CDCE9FF@E03MVZ1-UKDY.domain1.systemhost.net>
In-Reply-To: <AEDCAF87EEC94F49BA92EBDD49854CC70CDCE9FF@E03MVZ1-UKDY.domain1.systemhost.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.7400:2.4.4, 1.2.40, 4.0.166 definitions=2009-09-01_10:2009-08-26, 2009-09-01, 2009-09-01 signatures=0
Cc: "ah@tr-sys.de" <ah@tr-sys.de>, "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpm] tcp-security: Request for feedback on the outline of the document
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2009 13:14:23 -0000

>-----Original Message-----
>From: tcpm-bounces@ietf.org [mailto:tcpm-bounces@ietf.org] On Behalf Of
>toby.moncaster@bt.com
>Sent: Tuesday, September 01, 2009 7:11 AM
>
>> Again: the goal of this document is helping TCP implementers harden
>> their TCPs. And for that target, having everything about a protocol
>> field in a single place is the only document outline that does not get
>> in the middle of the developer and the implementation. If you spread
>> the
>> advice among lots of places, this is what will happen: some
>mitigations
>> will be missed.
>
>So if this is entirely aimed at implementers shouldn't that be
>explicitly stated in the title? I appreciate that in theory BCP is meant
>to imply implementation guidance but this might be more appropriately
>titled something like "Implementers guidelines for mitigating TCP
>security threats" or "Guidance on secure implementation of TCP"
>


This is a great point; in fact, the milestone we put on the TCPM charter
says:

"Submit document on security hardening of TCP implementations to the IESG
for publication as a Best Current Practices RFC"

so the titles you suggested, or something else that indicates "Secure TCP
Implementation" would probably be more appropriate than the "Security
Assessment ..." title it currently has.

---------------------------
Wes Eddy
Network & Systems Architect
Verizon FNS / NASA GRC
Office: (216) 433-6682
---------------------------

v2.23.0 | Report a Bug | By Email