Re: [tcpm] tcpsecure recommendations

"Anantha Ramaiah (ananth)" <ananth@cisco.com> Sun, 10 February 2008 17:38 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: ietfarch-tcpm-archive@core3.amsl.com
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EAF3B3A6851; Sun, 10 Feb 2008 09:38:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from core3.amsl.com ([127.0.0.1]) by localhost (mail.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m01eFGlDiv3h; Sun, 10 Feb 2008 09:38:00 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 162C93A680F; Sun, 10 Feb 2008 09:38:00 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 511FF3A67EB for <tcpm@core3.amsl.com>; Sun, 10 Feb 2008 09:37:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from core3.amsl.com ([127.0.0.1]) by localhost (mail.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bux8aklS+0Xc for <tcpm@core3.amsl.com>; Sun, 10 Feb 2008 09:37:57 -0800 (PST)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 9013C3A67E1 for <tcpm@ietf.org>; Sun, 10 Feb 2008 09:37:57 -0800 (PST)
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 09 Feb 2008 20:08:29 -0800
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m1A48SCa004646; Sat, 9 Feb 2008 20:08:28 -0800
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id m1A48G6K007116; Sun, 10 Feb 2008 04:08:16 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sat, 9 Feb 2008 20:08:16 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Sat, 9 Feb 2008 20:08:01 -0800
Message-ID: <0C53DCFB700D144284A584F54711EC5804AC099C@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <47AB293D.8040605@isi.edu>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] tcpsecure recommendations
Thread-Index: AchpokGE8ULHoPv2RPScQii2uMhmqgB9YOsg
References: <20080206174017.6977C36516E@lawyers.icir.org> <47AB293D.8040605@isi.edu>
From: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
To: "Joe Touch" <touch@ISI.EDU>, <mallman@icir.org>
X-OriginalArrivalTime: 10 Feb 2008 04:08:16.0121 (UTC) FILETIME=[8FC46E90:01C86B9A]
Authentication-Results: sj-dkim-2; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Cc: tcpm@ietf.org
Subject: Re: [tcpm] tcpsecure recommendations
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

> 
> #3 makes most sense tm oe. #1 weakens the AS statement too 
> much, and 
> #2 covers data plane protection that there are too 
> many other ways to spoof (overwriting segments, or just 
> writing segments with predicted header data). This appears to 
> be best applied to an unauthenticated control plane.

I am assuming you are characterizing the reception of certain segments
like SYN/RST/FIN as control plane and pure data as otherwise?. Pl note
that tcp-secure mainly talks about injecting a bad segment which
eventually results in tearing down an established TCP connection. In
other words, I can't understand your reasoning for not going with #2.
What do you think are the issues going with #2 ?

Can you elaborate?

-Anantha
_______________________________________________
tcpm mailing list
tcpm@ietf.org
http://www.ietf.org/mailman/listinfo/tcpm