Re: [tcpm] WGLC: draft-ietf-tcpm-tcpsecure-10.txt

"Anantha Ramaiah (ananth)" <ananth@cisco.com> Mon, 29 September 2008 15:57 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C7CB73A6B20; Mon, 29 Sep 2008 08:57:29 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1B89A3A6B3B for <tcpm@core3.amsl.com>; Mon, 29 Sep 2008 08:57:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.724
X-Spam-Level:
X-Spam-Status: No, score=-5.724 tagged_above=-999 required=5 tests=[AWL=0.875, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ECXM7lpTmKXp for <tcpm@core3.amsl.com>; Mon, 29 Sep 2008 08:57:22 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 5E8943A693C for <tcpm@ietf.org>; Mon, 29 Sep 2008 08:57:22 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.33,332,1220227200"; d="scan'208";a="165044332"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-6.cisco.com with ESMTP; 29 Sep 2008 15:57:41 +0000
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m8TFvfXn014263; Mon, 29 Sep 2008 08:57:41 -0700
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id m8TFvfuT005234; Mon, 29 Sep 2008 15:57:41 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 29 Sep 2008 08:57:41 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 29 Sep 2008 08:57:42 -0700
Message-ID: <0C53DCFB700D144284A584F54711EC5805DF44B8@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <48E0EBDE.5060403@isi.edu>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] WGLC: draft-ietf-tcpm-tcpsecure-10.txt
Thread-Index: AckiQzEPFNCznTEATb6KmBJzaksjhwAB4FjQ
References: <FE34F27F-8DDF-4C94-BC6E-E2ABF6000309@windriver.com> <B5A5E01F9387F4409E67604C0257C71E409513@NDJSEVS25A.ndc.nasa.gov> <24D2F5D3-93E7-4B64-BA96-2086F3E5754E@windriver.com> <20080906013831.GD2074@zod.isi.edu> <0C53DCFB700D144284A584F54711EC5805DF4359@xmb-sjc-21c.amer.cisco.com><6FDABCB8-7EDA-40A2-A40A-9F768396A2D2@windriver.com> <48E0EBDE.5060403@isi.edu>
From: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
To: "Joe Touch" <touch@ISI.EDU>, "David Borman" <david.borman@windriver.com>
X-OriginalArrivalTime: 29 Sep 2008 15:57:41.0274 (UTC) FILETIME=[1A6957A0:01C9224C]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2735; t=1222703861; x=1223567861; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth@cisco.com; z=From:=20=22Anantha=20Ramaiah=20(ananth)=22=20<ananth@cisco .com> |Subject:=20RE=3A=20[tcpm]=20WGLC=3A=20draft-ietf-tcpm-tcps ecure-10.txt |Sender:=20; bh=vBAO+VtoOyLW68SzeobUX8+Jx9ellNoQscxSaZCySrQ=; b=nrayMNyjQdNzcpFcgDoFdpqpj4H+LshTBpStywtRYbJwklZZ2aPlpki4Ac jmQ+rmepTKfSzjBsYkZEa4ool2/kEG1BxT+myjbuKBVKrLxRBIh4UeI8mH2e Pks2xuJV0FZizsAUPgatzmmqUGgG+Sys42KnW+WApM27CzMRT8USY=;
Authentication-Results: sj-dkim-1; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Cc: tcpm@ietf.org, Ted Faber <faber@ISI.EDU>, "Mitesh Dalal \(mdalal\)" <mdalal@cisco.com>
Subject: Re: [tcpm] WGLC: draft-ietf-tcpm-tcpsecure-10.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

 
Yes, in the current document (tcpsecure) the math is all about how many
numbers (quantifies difficulty) one has to guess and doesn't explain in
detail how much time this would take to ultimately kill the connection
taking into account varying bandwidth. I am fine adding another explicit
reference here if needed. The current math still need to exist, and it
isn't redundant and is limited in scope. Maybe we can have real numbers
like 4294967296 instead of 2^32.

Good point about 1122, should be under normative. 

-Anantha

-----Original Message-----
From: tcpm-bounces@ietf.org [mailto:tcpm-bounces@ietf.org] On Behalf Of
Joe Touch
Sent: Monday, September 29, 2008 7:53 AM
To: David Borman
Cc: Ted Faber; tcpm@ietf.org; Anantha Ramaiah (ananth); Mitesh Dalal
(mdalal)
Subject: Re: [tcpm] WGLC: draft-ietf-tcpm-tcpsecure-10.txt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FWIW, it seems like RFC1122 should be moved to normative.

Regarding some of the recent thread regarding the numbers in section
1.3 (Ted's comments, "finish the math"), I've noted before, as well,
that section 1.3 is redundant with RFC4953. Replicating the math isn't
needed. Also, the prediction regarding the impact of BW on the attack is
a guess in this doc, whereas in RFC4953 the relationship is explained.

Joe

David Borman wrote:
> 
> On Sep 28, 2008, at 4:03 PM, Anantha Ramaiah (ananth) wrote:
> 
>>> P24:
>>>
>>> Why are RFC's 4302 and 4303 normative?  And if they are why isn't 
>>> RFC2385?  They're all referred to as possible mitigations.  My 
>>> preference is making 4302 and 4303 non-normative, but it's very 
>>> likely that I'm missing a rule here.
>>
>> I am not sure about the rules here?  David/Wes what needs to be done 
>> here ?
> 
> Typically normative references are things that a document depends on 
> for understanding and/or implementation.  The only references to RFC 
> 4302 &
> 4303 are to say that the only real way to secure a connection is using

> IPsec, and since this document deals with the absence of them, I agree

> with Ted, these should be informative references.
> 
>             -David
> 
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjg694ACgkQE5f5cImnZrtsxQCgkNBjvjje7gc63/VsIjEvCU8m
KpQAoI798NpQRLmIWQoxxOWizSv8zYqu
=0+Tk
-----END PGP SIGNATURE-----
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm