IETF Logo Mail Archive

Re: [tcpm] TCPM and draft-ietf-tcpm-icmp-attacks

Joe Touch <touch@ISI.EDU> Fri, 19 February 2010 22:42 UTC

Return-Path: <touch@ISI.EDU>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2D58D28C153; Fri, 19 Feb 2010 14:42:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.509
X-Spam-Level:
X-Spam-Status: No, score=-2.509 tagged_above=-999 required=5 tests=[AWL=0.090, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aa-B0lUC5Gp5; Fri, 19 Feb 2010 14:42:37 -0800 (PST)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) by core3.amsl.com (Postfix) with ESMTP id 3E2B228C12F; Fri, 19 Feb 2010 14:42:37 -0800 (PST)
Received: from [192.168.1.97] (pool-71-106-88-10.lsanca.dsl-w.verizon.net [71.106.88.10]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id o1JMhg6U012432 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 19 Feb 2010 14:43:43 -0800 (PST)
Message-ID: <4B7F141E.30808@isi.edu>
Date: Fri, 19 Feb 2010 14:43:42 -0800
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
References: <20100218175622.61BB028C2E3@core3.amsl.com> <2002D196-D83C-4B44-870C-8E9A94D2D640@nokia.com> <4B7D8B9F.1010608@piuha.net> <4B7D8F55.90406@piuha.net> <4B7D92EB.7010407@isi.edu> <4B7DE6B7.4080209@gont.com.ar> <4B7ECCA3.5000505@isi.edu> <4B7F114D.6050409@gont.com.ar>
In-Reply-To: <4B7F114D.6050409@gont.com.ar>
X-Enigmail-Version: 0.96.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="------------enig6005F8EA60091C29E10DC071"
X-MailScanner-ID: o1JMhg6U012432
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm@ietf.org, iesg@ietf.org
Subject: Re: [tcpm] TCPM and draft-ietf-tcpm-icmp-attacks
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2010 22:42:38 -0000


Fernando Gont wrote:
> Joe Touch wrote:
> 
>>> It is interesting to note that one of the issues with with you have
>>> trashed this I-D is that it used vocabulary that could be taken as the
>>> draft "recommending" the described counter-measures. Yet, as the editor
>>> of the last version of the (close to infamous) TCP A-O effort, you have
>>> crafted this text:
>>>
>>> "  There are other mechanisms proposed to reduce the impact
>>>    of ICMP attacks by further validating ICMP contents and changing the
>>>    effect of some messages based on TCP state"
>>>
>>> Note the use of the term "proposed". (that's specifically what I'm
>>> referring to).
>> Yes, please do note it. "proposed" doesn't mean recommended.
> 
> Are you serious? Do I really have to go through the mailing-list archive
> to provide you with a list of all those times in which you trashed the
> doc for the instances of terms such as "proposed", "propose", etc.?

There is a difference between "there are mechanisms [that are] proposed"
and "this document proposes".

The text in AO was unchanged since the -00 version (Nov 2007). You
waited until after last call to complain about adding specific calls for
ICMP actions. If you want to now complain that we remove the word
"proposed" (would you prefer 'described'), I can do that rev.

>> The full text is:
>>
>>    There are other mechanisms proposed to reduce the impact of ICMP
>>    attacks by further validating ICMP contents and changing the effect
>>    of some messages based on TCP state, but these do not provide the
>>    level of authentication for ICMP that TCP-AO provides for TCP [Go09].
>>
>> It goes on to include SOME of the recommendations in this doc (but
>> notably not others, even though widely deployed). Note that these latter
>> changes were included because of *your* input *after* last call.
> 
> That's not the point I'm making. I'm saying that TCP-AO says "There are
> other mechanism proposed". And if *you* were to review TCP-AO with the
> same perspective with which you have reviewed icmp-attacks, you would
> have said "NO! icmp-attacks *describes* or *documents*... it doesn't
> 'propose' anything... blah blah..".

I didn't say "the icmp doc proposes" - I said "[that are] proposed"
(i.e., the omitted words are implied). I didn't say who proposed them -
they're clearly proposed by someone. In fact, I wouldn't care if your
doc says "some people have proposed" or "the implementation in X proposes".

My objection was "**THIS** document proposes". That ends op saying that
the WG proposes, since it was a WG doc. The WG decided *not* to "propose".

I used the same mode here, but the English is admittedly a bit subtle. I
admit that I take that for granted as a native speaker, perhaps more
than I should. I'd be glad to explain further, either on or off list, if
useful.

> Last, but not least, I made exactly the same comments (wrt TCP-AO and
> ICMP attacks) ages ago (way before LC)... but you simply ignored my
> comments, as other people has claimed you ignored theirs' when editing
> the TCP-AO I-D.

I didn't ignore the comments - they didn't have "rough consensus". Not
every proposed change by an individual necessarily makes it into a doc -
you and I both know that.

Joe

v2.23.0 | Report a Bug | By Email