Re: [tcpm] tcpsecure: how strong to recommend?

Joe Touch <touch@ISI.EDU> Tue, 02 October 2007 21:50 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Icpdn-0002Ve-LF; Tue, 02 Oct 2007 17:50:55 -0400
Received: from tcpm by megatron.ietf.org with local (Exim 4.43) id 1Icpdl-0002VW-TJ for tcpm-confirm+ok@megatron.ietf.org; Tue, 02 Oct 2007 17:50:53 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Icpdl-0002VO-IW for tcpm@ietf.org; Tue, 02 Oct 2007 17:50:53 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Icpdl-0001eG-4S for tcpm@ietf.org; Tue, 02 Oct 2007 17:50:53 -0400
Received: from [70.213.158.20] (20.sub-70-213-158.myvzw.com [70.213.158.20]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id l92LobZU009181; Tue, 2 Oct 2007 14:50:37 -0700 (PDT)
Message-ID: <4702BD28.1010207@isi.edu>
Date: Tue, 02 Oct 2007 14:50:32 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
Subject: Re: [tcpm] tcpsecure: how strong to recommend?
References: <0C53DCFB700D144284A584F54711EC58040A06E3@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <0C53DCFB700D144284A584F54711EC58040A06E3@xmb-sjc-21c.amer.cisco.com>
X-Enigmail-Version: 0.95.3
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52f7a77164458f8c7b36b66787c853da
Cc: tcpm@ietf.org, "Edward A. Gardner" <eag@ophidian.com>, "Mitesh Dalal \(mdalal\)" <mdalal@cisco.com>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1890650205=="
Errors-To: tcpm-bounces@ietf.org


Anantha Ramaiah (ananth) wrote:
...
>> 1) is the AS above reasonable?
> 
> Well, I (some others also pointed out) wouldn't mention router, since
> these mitigations can be/are used in devices not routers per se. But we
> can use this text as a reference for generating the AS. Others may want
> to comment here as well.

Can you suggest a term that's useful? How about something specific:

"Devices with services where both endpoints are typically known, e.g.,
BGP."

>> 2) regarding the RST/SYN/data components:
>> 	- are the MUST/MUST/MAY above reasonable?
>> 	- Or should they be SHOULD/SHOULD/MAY?
>> 	- or something else
> 
> Something else. To me, all the mitigations are equally important and
> hence they  classified as MUST after the AS is in place.

OK, so here are some options:

	a) MUST/MUST/MUST
	b) MUST/MUST/SHOULD
	c) MUST/MUST/MAY

I don't quite understand why we would go with SHOULD for either RST or
SYN individually; if anyone can, it'd be useful to make the case. We can
mark Anantha as being in favor of (a). I would interpret the WG as
*probably* being in favor of (c), since if data was a MAY unqualified,
then at best it's a MAY qualified, BUT I'm not trying to make that case
myself.

I prefer (c), but that's just my individual perspective. I wouldn't care
much which of a-c is used.

Joe

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm