RE: [tcpm] tcpsecure: how strong to recommend?

"Anantha Ramaiah \(ananth\)" <ananth@cisco.com> Fri, 28 September 2007 19:08 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IbLCM-0000np-G1; Fri, 28 Sep 2007 15:08:26 -0400
Received: from tcpm by megatron.ietf.org with local (Exim 4.43) id 1IbLCK-0000U7-QR for tcpm-confirm+ok@megatron.ietf.org; Fri, 28 Sep 2007 15:08:24 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IbLCK-0000QI-CU for tcpm@ietf.org; Fri, 28 Sep 2007 15:08:24 -0400
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IbLCH-0001o2-Cj for tcpm@ietf.org; Fri, 28 Sep 2007 15:08:24 -0400
X-IronPort-AV: E=Sophos;i="4.21,210,1188802800"; d="scan'208";a="529416713"
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-3.cisco.com with ESMTP; 28 Sep 2007 12:08:20 -0700
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id l8SJ8KY2012390; Fri, 28 Sep 2007 12:08:20 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l8SJ8GDN015830; Fri, 28 Sep 2007 19:08:20 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 28 Sep 2007 12:08:09 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [tcpm] tcpsecure: how strong to recommend?
Date: Fri, 28 Sep 2007 12:08:08 -0700
Message-ID: <0C53DCFB700D144284A584F54711EC580409FB2B@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <20070928181711.42E852A9F9F@lawyers.icir.org>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] tcpsecure: how strong to recommend?
Thread-Index: AcgB/AEKuqonYB/3RRS96jK/enM7iAABND4A
From: "Anantha Ramaiah \(ananth\)" <ananth@cisco.com>
To: <mallman@icir.org>
X-OriginalArrivalTime: 28 Sep 2007 19:08:09.0452 (UTC) FILETIME=[E888AAC0:01C80202]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1942; t=1191006500; x=1191870500; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth@cisco.com; z=From:=20=22Anantha=20Ramaiah=20\(ananth\)=22=20<ananth@cisco.com> |Subject:=20RE=3A=20[tcpm]=20tcpsecure=3A=20how=20strong=20to=20recommend ?=20 |Sender:=20; bh=8ieKUkv55n9muxfqrhR4hPpFzyQoCOIznTZVgorL9QE=; b=qEsVN32ywjiIvA58gbcM0QGG2RMqqpRXztYSK3RCBEf2KMtKz3hW5U41xKCa9fVmrIWcKRHo dm9w0uXp+X1qgXo6VVDlCk+QWLkVfjDX0e/IMRHQaCEy96KizKJP0nVW;
Authentication-Results: sj-dkim-3; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: 82c9bddb247d9ba4471160a9a865a5f3
Cc: tcpm@ietf.org, David Borman <david.borman@windriver.com>, Fernando Gont <fernando@gont.com.ar>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

 

> -----Original Message-----
> From: mallman@icir.org [mailto:mallman@icir.org] 
> Sent: Friday, September 28, 2007 11:17 AM
> To: Anantha Ramaiah (ananth)
> Cc: David Borman; Pekka Savola; tcpm@ietf.org; Fernando Gont
> Subject: Re: [tcpm] tcpsecure: how strong to recommend? 
> 
> 
> Anantha-
> 
> I have to say I am pretty drained from reading this thread 
> and really don't know if we have consensus on anything or are 
> driving towards developing it.

FWIW, the "majority vote" still stands at "2 SHOULDs and 1 MAY" ? So
there is some consensus, it appears.

> 
> The one thing that really confuses me in this discussion is 
> the statements like this:
> 
> > Since, all these discussions about started due to TCP 
> secure, let me 
> > use the same as an example. There is nothing wrong in making all 
> > mitigations SHOULD since the "very good reason" can be one of :-
> 
> It really seems to me that you are equating MAY and SHOULD.  

Sorry, I didn't mean to.

> It seems like this is saying that implementers can come up 
> with any reason to not implement tcpsecure if we tag these 
> with a SHOULD.  I think I understand a number of other 

Yes, my thinking was always been : since it isn't a MUST, SHOULD gives
that leeway. SHOULD gives the leeway that "you can chose not to
implement if you have some good reasons". I had pointed out the list of
reasons already. So are those reasons not "good enough" ?

> people's distinctions between MAY and SHOULD, but I cannot 
> figure out how you differentiate them and therefore I cannot 
> figure out why you think they ought to be SHOULD and not MAY.

My argument is simple, SHOULD gives a leeway and I think MAY is very
weak. As somone pointed out MAY is equated to "MAY NOT" esp, when the
recommendation is from a security viewpoint.

-Anantha
> 
> allman
> 
> 
> 
> 


_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm