Re: [tcpm] (no subject)
Florian Weimer <fw@deneb.enyo.de> Wed, 21 April 2004 23:23 UTC
Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA29790 for <tcpm-archive@odin.ietf.org>; Wed, 21 Apr 2004 19:23:48 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BGQgW-0003Qs-U2 for tcpm-archive@odin.ietf.org; Wed, 21 Apr 2004 18:59:16 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i3LMxGlq013185 for tcpm-archive@odin.ietf.org; Wed, 21 Apr 2004 18:59:16 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BGQT3-0004NG-48 for tcpm-web-archive@optimus.ietf.org; Wed, 21 Apr 2004 18:45:21 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA26734 for <tcpm-web-archive@ietf.org>; Wed, 21 Apr 2004 18:45:16 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BGQT0-0004kY-6D for tcpm-web-archive@ietf.org; Wed, 21 Apr 2004 18:45:18 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BGQSA-0004aC-00 for tcpm-web-archive@ietf.org; Wed, 21 Apr 2004 18:44:26 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BGQRf-0004P9-00 for tcpm-web-archive@ietf.org; Wed, 21 Apr 2004 18:43:55 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BGQ7A-0000YF-Hu; Wed, 21 Apr 2004 18:22:44 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BGPfL-000736-Gc for tcpm@optimus.ietf.org; Wed, 21 Apr 2004 17:53:59 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA19622 for <tcpm@ietf.org>; Wed, 21 Apr 2004 17:53:55 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BGPfI-0001JX-SN for tcpm@ietf.org; Wed, 21 Apr 2004 17:53:56 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BGPeM-00012E-00 for tcpm@ietf.org; Wed, 21 Apr 2004 17:52:58 -0400
Received: from mail.enyo.de ([212.9.189.167]) by ietf-mx with esmtp (Exim 4.12) id 1BGPcf-0000fN-00 for tcpm@ietf.org; Wed, 21 Apr 2004 17:51:13 -0400
Received: (debugging) helo=deneb ip=212.9.189.171 name=deneb.enyo.de
Received: from deneb.enyo.de ([212.9.189.171] helo=deneb) by mail.enyo.de with esmtp id 1BGPcf-0001SR-5B; Wed, 21 Apr 2004 23:51:13 +0200
Received: from fw by deneb with local (Exim 4.32) id 1BGPcd-0002Se-FR; Wed, 21 Apr 2004 23:51:11 +0200
To: Yogesh.Swami@nokia.com
Cc: tcpm@ietf.org
Subject: Re: [tcpm] (no subject)
References: <025E7DD4182874489CC2F61EE0FA19CE016E80E6@daebe004.americas.nokia.com>
From: Florian Weimer <fw@deneb.enyo.de>
Date: Wed, 21 Apr 2004 23:51:11 +0200
In-Reply-To: <025E7DD4182874489CC2F61EE0FA19CE016E80E6@daebe004.americas.nokia.com> (Yogesh Swami's message of "Wed, 21 Apr 2004 10:59:10 -0500")
Message-ID: <87wu49f19s.fsf@deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: tcpm-admin@ietf.org
Errors-To: tcpm-admin@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60
Yogesh.Swami@nokia.com writes: > (Also, if the problem exists only because of BGP, which I don't > think is the case, BGP is in the focus because it sounds important (it surely is) and somewhat mystic. Of course, IRC is also affected. But other TCP-based services have pretty low reconnect costs (initially, this was also true of BGP, I assume). In this case, attack costs and its impact relate more unfavorbly to the attacker. > then maybe routers can use IPSec with a well known permanent shared > key with different session keys. This will be more secure, compared > to this draft, and faster to deploy.) I don't think IPsec on core routers is faster to deploy. RFC 2385 should be enough for now, but also has got its issues (higher CPU consumption for processing packets). IPsec would share these issues or would result in even more overhead. > Moreover, it will also be useful to specify if the proposed solutions > can use cryptography or not. Many people are not comfortable with > cryptographic techniques partly because of throughput reasons. Exactly. Keep in mind that 200 MHz MIPS CPUs are widely deployed. > But in many cases it might be useful to have a low computation > cryptographic methods to solve the problems without hurting the > throughput. For example, a TCP sender with Time Stamp option could > just encrypt the 32 bit timestamp using AES, and practically solve > all the problems in this draft. What about a new TCP option which contains a few random bytes that are constant for each connection? This option could be checked very cheaply, maybe some day even by those ASICs which operate at wirespeed. > (I am not saying we should do this). Encrypting a 32 bit > number doesn't take a lot of time/computation and the receiver doesn't > need to keep states to make this work. And, in principle it's not > different from having a challenge response cookie.) You have to encrypt a full 128 bit block, and I doubt it would be much cheaper than MD5/RFC 2385. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr. _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] (no subject) Ted Faber
- [tcpm] (no subject) Yogesh.Swami
- Re: [tcpm] (no subject) Florian Weimer
- RE: [tcpm] (no subject) Yogesh.Swami
- Re: [tcpm] (no subject) Anantha Ramaiah
- [tcpm] (no subject) Anantha Ramaiah (ananth)
- [tcpm] TCP persist state issue. Anantha Ramaiah (ananth)
- Re: [tcpm] TCP persist state issue. John Heffner
- Re: [tcpm] TCP persist state issue. Anantha Ramaiah (ananth)
- Re: [tcpm] TCP persist state issue. Joe Touch
- Re: [tcpm] TCP persist state issue. Anantha Ramaiah (ananth)
- [tcpm] (no subject) Eddy, Wesley M. (GRC-MS00)[Verizon]