Re: [tcpm] tcpsecure: how strong to recommend?

Ted Faber <faber@ISI.EDU> Wed, 03 October 2007 17:24 UTC

Return-path: <>
Received: from [] ( by with esmtp (Exim 4.43) id 1Id7xs-0005ll-9i; Wed, 03 Oct 2007 13:24:52 -0400
Received: from tcpm by with local (Exim 4.43) id 1Id7xq-0005lM-S3 for; Wed, 03 Oct 2007 13:24:50 -0400
Received: from [] ( by with esmtp (Exim 4.43) id 1Id7xq-0005lE-HM for; Wed, 03 Oct 2007 13:24:50 -0400
Received: from ([]) by with esmtp (Exim 4.43) id 1Id7xq-0000uv-2V for; Wed, 03 Oct 2007 13:24:50 -0400
Received: from ( []) by (8.13.8/8.13.8) with ESMTP id l93HNRce006653 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 3 Oct 2007 10:23:27 -0700 (PDT)
Received: (from faber@localhost) by (8.14.1/8.14.1/Submit) id l93HNRlY092213; Wed, 3 Oct 2007 10:23:27 -0700 (PDT) (envelope-from faber)
Date: Wed, 3 Oct 2007 10:23:26 -0700
From: Ted Faber <faber@ISI.EDU>
To: Joe Touch <touch@ISI.EDU>
Subject: Re: [tcpm] tcpsecure: how strong to recommend?
Message-ID: <>
References: <> <>
Mime-Version: 1.0
In-Reply-To: <>
User-Agent: Mutt/
X-ISI-4-43-8-MailScanner: Found to be clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465
Cc:, "Anantha Ramaiah \(ananth\)" <>,
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Type: multipart/mixed; boundary="===============1045854479=="

On Sat, Sep 29, 2007 at 11:19:38PM -0700, Joe Touch wrote:
> Anantha Ramaiah (ananth) wrote:
> > I will have to dis-agree to this since my viewpoint is different. TCP
> > secure adds robustness to the processing of certain TCP segments, which
> > in turn helps to counter *some* spoofing attacks. Calling it as an
> > authentication scheme seems too far-fetched.
> You are making an assertion about whether you believe the packet is
> spoofed or not based on its content matching what you expect from the
> true endpoint.
> That is called authentication. Weak, but still authentication.

Acting without a chair hat, I disagree.  The packet is being categorized
as suspicious, for example, it could have been spoofed, corrupted,
significantly delayed, whatever.  I see the ACK is an attempt to
synchronize the endpoints' states, not an attempt to autenticate the
peer.  The question being asked is closer to "what's going on on your
end?" than "who sent this packet?"

While some of the discussion has definitely leaned toward security and
authentication terminology, I don't think that's the essence of the
proposed system.

Ted Faber           PGP:
Unexpected attachment on this mail? See
tcpm mailing list