Re: [tcpm] feedcback on tcp-secure-05
Joe Touch <touch@ISI.EDU> Thu, 13 July 2006 18:10 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G15dQ-0001KC-L0; Thu, 13 Jul 2006 14:10:00 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G15dO-0001K6-Ix for tcpm@ietf.org; Thu, 13 Jul 2006 14:09:58 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G15dN-0002uG-7E for tcpm@ietf.org; Thu, 13 Jul 2006 14:09:58 -0400
Received: from [132.219.18.179] (h12b3-net84db.lab.risq.net [132.219.18.179] (may be forged)) by vapor.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id k6DI9WH02274; Thu, 13 Jul 2006 11:09:33 -0700 (PDT)
Message-ID: <44B68C56.9040308@isi.edu>
Date: Thu, 13 Jul 2006 11:09:26 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
Subject: Re: [tcpm] feedcback on tcp-secure-05
References: <0C53DCFB700D144284A584F54711EC5801D9592B@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <0C53DCFB700D144284A584F54711EC5801D9592B@xmb-sjc-21c.amer.cisco.com>
X-Enigmail-Version: 0.94.0.0
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1292182485=="
Errors-To: tcpm-bounces@ietf.org
Anantha Ramaiah (ananth) wrote: > Inline comments... > >> -----Original Message----- >> From: Joe Touch [mailto:touch@ISI.EDU] >> Sent: Thursday, July 13, 2006 10:28 AM >> To: tcpm@ietf.org >> Subject: [tcpm] feedcback on tcp-secure-05 >> >> I had the following comments on v05. >> >> Joe >> -------- >> >> The doc continues to have a detailed but somewhat incomplete >> discussion of the attack scenario; the point of tcp-antispoof >> was to provide a much more detailed version of that >> discussion that should not be recapitulated but rather cited. >> >> The doc cites a *very* old version of tcp-antispoof, too. > > Is the suggestion to take out some verbiage on the attack scenario(s) > mentioned in the document. If so which sections are of concern? That should be obvious in the doc, the section that outlines the problem can be condensed to a summary paragraph and a citation. > The comment of citing a new version of tcp-antispoof is taken and will > be relected in the upcoming version. > >> No reasoning is given for numeric limits to ACK throttling >> (why 10 in 5 seconds? why not a ratio of the number of >> conventional ACKs provided) > > The reasoning given for numeric limits is by no means meant to reflect > the exhaustive set of possibilities for ACK throttling. Is the > suggestion to provide a complete list of ACK throttling possibilities? No, just to give a reason for picking the numbers 10 and 5, and whether those numbers are context-dependent or not (i.e., if some assumptions change, then would the numbers change?) >> TCP-MD5 isn't considered as a useful protection from these >> attacks (and it is). > > Using TCP-MD5 makes the attacks described in this document much harder > than without MD5. > So beats me as to why TCP-MD5 isn't useful. Can you please elaborate? To be more clear, the document doesn't describe that TCP-MD5 solves this problem. I'm asking that the doc say what you do above. ;-) Joe
_______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] feedcback on tcp-secure-05 Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05 Pekka Savola
- Re: [tcpm] feedcback on tcp-secure-05 Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05 Pekka Savola
- Re: [tcpm] feedcback on tcp-secure-05 Randall Stewart
- Re: [tcpm] feedcback on tcp-secure-05 Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05 Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05 Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05 Randall Stewart
- Re: [tcpm] feedcback on tcp-secure-05 Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05 Fernando Gont
- RE: [tcpm] feedcback on tcp-secure-05 Fernando Gont
- RE: [tcpm] feedcback on tcp-secure-05 Anantha Ramaiah (ananth)
- Re: [tcpm] feedcback on tcp-secure-05 Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05 Joe Touch
- RE: [tcpm] feedcback on tcp-secure-05 Anantha Ramaiah (ananth)
- Re: [tcpm] feedcback on tcp-secure-05 Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05 Ted Faber
- RE: [tcpm] feedcback on tcp-secure-05 Anantha Ramaiah (ananth)
- Re: [tcpm] feedcback on tcp-secure-05 Fernando Gont
- RE: [tcpm] feedcback on tcp-secure-05 Mitesh Dalal (mdalal)
- Re: [tcpm] feedcback on tcp-secure-05 Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05 Joe Touch
- RE: [tcpm] feedcback on tcp-secure-05 Anantha Ramaiah (ananth)
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Ted Faber
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Pekka Savola
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Fernando Gont
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Randall Stewart
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05 Fernando Gont
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Fernando Gont
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Ted Faber
- Re: [tcpm] feedcback on tcp-secure-05 Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Ted Faber
- [tcpm] ICMP attacks draft Fernando Gont
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Fernando Gont
- Re: [tcpm] ICMP attacks draft Joe Touch
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Ted Faber
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Fernando Gont
- Re: [tcpm] feedcback on tcp-secure-05: suggested … Ted Faber
- Re: [tcpm] ICMP attacks draft Fernando Gont
- Re: [tcpm] ICMP attacks draft Joe Touch
- Re: [tcpm] ICMP attacks draft Fernando Gont
- Re: [tcpm] ICMP attacks draft Joe Touch