IETF Logo Mail Archive

Re: [tcpm] feedcback on tcp-secure-05

Joe Touch <touch@ISI.EDU> Thu, 13 July 2006 18:10 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G15dQ-0001KC-L0; Thu, 13 Jul 2006 14:10:00 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G15dO-0001K6-Ix for tcpm@ietf.org; Thu, 13 Jul 2006 14:09:58 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G15dN-0002uG-7E for tcpm@ietf.org; Thu, 13 Jul 2006 14:09:58 -0400
Received: from [132.219.18.179] (h12b3-net84db.lab.risq.net [132.219.18.179] (may be forged)) by vapor.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id k6DI9WH02274; Thu, 13 Jul 2006 11:09:33 -0700 (PDT)
Message-ID: <44B68C56.9040308@isi.edu>
Date: Thu, 13 Jul 2006 11:09:26 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
Subject: Re: [tcpm] feedcback on tcp-secure-05
References: <0C53DCFB700D144284A584F54711EC5801D9592B@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <0C53DCFB700D144284A584F54711EC5801D9592B@xmb-sjc-21c.amer.cisco.com>
X-Enigmail-Version: 0.94.0.0
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1292182485=="
Errors-To: tcpm-bounces@ietf.org


Anantha Ramaiah (ananth) wrote:
>  Inline comments...
> 
>> -----Original Message-----
>> From: Joe Touch [mailto:touch@ISI.EDU] 
>> Sent: Thursday, July 13, 2006 10:28 AM
>> To: tcpm@ietf.org
>> Subject: [tcpm] feedcback on tcp-secure-05
>>
>> I had the following comments on v05.
>>
>> Joe
>> --------
>>
>> The doc continues to have a detailed but somewhat incomplete 
>> discussion of the attack scenario; the point of tcp-antispoof 
>> was to provide a much more detailed version of that 
>> discussion that should not be recapitulated but rather cited.
>>
>> The doc cites a *very* old version of tcp-antispoof, too.
> 
> Is the suggestion to take out some verbiage on the attack scenario(s)
> mentioned in the document. If so which sections are of concern?

That should be obvious in the doc, the section that outlines the problem
can be condensed to a summary paragraph and a citation.

> The comment of citing a new version of tcp-antispoof is taken and will
> be relected in the upcoming version.
> 
>> No reasoning is given for numeric limits to ACK throttling 
>> (why 10 in 5 seconds? why not a ratio of the number of 
>> conventional ACKs provided)
> 
> The reasoning given for numeric limits is by no means meant to reflect
> the exhaustive set of possibilities for ACK throttling. Is the
> suggestion to provide a complete list of ACK throttling possibilities?

No, just to give a reason for picking the numbers 10 and 5, and whether
those numbers are context-dependent or not (i.e., if some assumptions
change, then would the numbers change?)

>> TCP-MD5 isn't considered as a useful protection from these 
>> attacks (and it is).
> 
> Using TCP-MD5 makes the attacks described in this document much harder
> than without MD5.
> So beats me as to why TCP-MD5 isn't useful. Can you please elaborate? 

To be more clear, the document doesn't describe that TCP-MD5 solves this
problem. I'm asking that the doc say what you do above. ;-)

Joe


_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email