Re: [tcpm] tcpsecure: how strong to recommend?

Joe Touch <touch@ISI.EDU> Tue, 02 October 2007 16:12 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IckMg-0002En-AH; Tue, 02 Oct 2007 12:12:54 -0400
Received: from tcpm by megatron.ietf.org with local (Exim 4.43) id 1IckMe-0002Ch-71 for tcpm-confirm+ok@megatron.ietf.org; Tue, 02 Oct 2007 12:12:52 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IckMd-0002CX-SV for tcpm@ietf.org; Tue, 02 Oct 2007 12:12:51 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IckMd-0000Ev-EK for tcpm@ietf.org; Tue, 02 Oct 2007 12:12:51 -0400
Received: from [75.214.22.28] (28.sub-75-214-22.myvzw.com [75.214.22.28]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id l92GCEHL028773; Tue, 2 Oct 2007 09:12:15 -0700 (PDT)
Message-ID: <47026DD7.6000009@isi.edu>
Date: Tue, 02 Oct 2007 09:12:07 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
Subject: Re: [tcpm] tcpsecure: how strong to recommend?
References: <0C53DCFB700D144284A584F54711EC58040A03F3@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <0C53DCFB700D144284A584F54711EC58040A03F3@xmb-sjc-21c.amer.cisco.com>
X-Enigmail-Version: 0.95.3
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e8a67952aa972b528dd04570d58ad8fe
Cc: tcpm@ietf.org, "Edward A. Gardner" <eag@ophidian.com>, "Mitesh Dalal \(mdalal\)" <mdalal@cisco.com>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1823309152=="
Errors-To: tcpm-bounces@ietf.org


Anantha Ramaiah (ananth) wrote:
>  
>> So to reiterate to the group, we need an applicability 
>> statement that highlights the 
>> implementations/deployments/applications that are RECOMMENDED 
>> to have this fix, with others being OPTIONAL. However, the 
>> features/changes themselves being MUST (or SHOULD, if that's 
>> what it would take for a consensus). Is the group in agreement here?
> 
> ++; 
> (with the author hat off :-)

As a way forward, the following captures the SHOULD/SHOULD/MAY which was
 most supported in Chicago:

---------------------------------------------------------------------------

tcpsecure SHOULD be implemented in TCP stacks supporting router.
Notable exceptions include deployments where routers are known to use
other antispoofing protection, e.g., IPsec, TCP/MD5 and its successors.

tcpsecure MAY be implemented in other TCP stacks.

----
within tcpsecure:

RST protection MUST be supported

SYN protection MUST be supported

data segment (i.e., non-RST, non-SYN) protection MAY be supported

-------------------------------------------






_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm