Re: [tcpm] Feedback request on draft-ietf-tcpm-tcp-security

Fernando Gont <fernando@gont.com.ar> Tue, 02 March 2010 05:14 UTC

Return-Path: <fernando@gont.com.ar>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D3E7228C156; Mon, 1 Mar 2010 21:14:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hf0Ca+mDj3Ni; Mon, 1 Mar 2010 21:14:24 -0800 (PST)
Received: from smtp1.xmundo.net (smtp1.xmundo.net [201.216.232.80]) by core3.amsl.com (Postfix) with ESMTP id AE3B928C241; Mon, 1 Mar 2010 21:14:20 -0800 (PST)
Received: from venus.xmundo.net (venus.xmundo.net [201.216.232.56]) by smtp1.xmundo.net (Postfix) with ESMTP id D2DBD6B6A7A; Tue, 2 Mar 2010 02:14:26 -0300 (ART)
Received: from [192.168.0.100] (129-130-17-190.fibertel.com.ar [190.17.130.129]) (authenticated bits=0) by venus.xmundo.net (8.13.8/8.13.8) with ESMTP id o225EHxf026505; Tue, 2 Mar 2010 02:14:18 -0300
Message-ID: <4B8C9EAA.8000205@gont.com.ar>
Date: Tue, 02 Mar 2010 02:14:18 -0300
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Lars Eggert <lars.eggert@nokia.com>
References: <201003012159.WAA15069@TR-Sys.de> <C80820C2-D74A-49B4-AF22-CE16C46A9A7D@nokia.com> <4B8C70C0.8090708@gont.com.ar> <BCC2BE81-5E59-49EC-84D9-D4D4E19A139A@nokia.com>
In-Reply-To: <BCC2BE81-5E59-49EC-84D9-D4D4E19A139A@nokia.com>
X-Enigmail-Version: 0.96.0
OpenPGP: id=D076FFF1
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (venus.xmundo.net [201.216.232.56]); Tue, 02 Mar 2010 02:14:25 -0300 (ART)
Cc: "ah@tr-sys.de" <ah@tr-sys.de>, "tcpm@ietf.org WG" <tcpm@ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: [tcpm] Feedback request on draft-ietf-tcpm-tcp-security
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2010 05:14:25 -0000

Lars Eggert wrote:

>> Earlier this year this working group was specifically polled about 
>> adopting draft-gont-tcp-security as a WG item. The WG had
>> unprecedented strong consensus in this respect (with people even
>> offering to spend cycles on document review), and this consensus
>> was even noted in the slides the wg chairs used in the TCPM meeting
>> at IETF 75 (see: 
>> http://www.ietf.org/proceedings/75/slides/tcpm-2/tcpm-2.htm)
> 
> no disagreement so far - there was strong consensus to adopt a work
> item on describing a security assessment of various TCP aspects.

No. The poll was about adopting draft-gont-tcpm-tcp-security as a wg
item. Please dig the archives.



> If I recall correctly, the WG did discuss for a while if there would
> be any argument for basically republishing the CNPI document through
> the IETF, and my take away from the discussion was that the WG felt
> that an IETF document in this space should say something more or
> differently than what the CNPI document had said.

This is not what the 8+ people that supported this I-D on this
mailing-list said.


> That's why we arrived at the decision to come to consensus on an new
> document structure first and then merge in content from the (long)
> CNPI document in a piecemeal fashion.

Again. This is not true. WG consensus was called for adopting of
draft-gont-tcpm-tcp-security. Look at the mailing-list archives.


>> IMO, that's part of obstructing, and/or "not invented here" (NIH)
>> syndrome.
> 
> But neither of the two (irrespective of whether they are true or not)
> are indicative of me ignoring WG consensus.
> 
> The discussion of whether to adopt this specific draft as a basis for
> the work item (and in which form) was still in full swing on the list
> and during the meeting week. Sure, I spoke up during this discussion.
> But that's not ignoring WG consensus.

That's not correct.


>> After the meeting, you argued (off-list) that wg consensus
>> (allegedly as a result of IETF 75??!) was to submit a "fresh"
>> (i.e., blank/brand-new) document
> 
> The WG consensus after IETF-75 *was* to start with a new document
> structure. 

Consensus was arrived on the mailing-list, as it should be. And
consensus was for adopting draft-gont-tcpm-tcp-security.


> That's why after IETF-75, you posted a revision that
> contained just the outline and we discussed it. See
> http://www.ietf.org/mail-archive/web/tcpm/current/msg04813.html and
> follow-ups.

That's incorrect. I posted a rev that only included the stuff that we
wanted to discuss. This was suggested by the chairs, as they felt that
some implementers might implement whatever they found in the document,
even if some stuff had not yet been discussed by the wg.

Zeroing part of the document had nothing to do with "start with a
clean-slate" or the like.


> The discussion started in
> http://www.ietf.org/mail-archive/web/tcpm/current/msg04641.html was
> still in full swing during IETF-75 - the chairs had not declared
> consensus. That happened at the end of IETF-75:
> http://www.ietf.org/mail-archive/web/tcpm/current/msg04777.html
> 
>> You even suggested that tcpm should assemble "a team of editors"
> 
> Yes, probably. As I said during the meeting, I believe that this
> would be the largest work item in TCPM in terms of effort, so strong
> support is required.

The document already had strong support. Unprecedentedly 8+ people
supported the I-D, and volunteered to help.

But I'm afraid that if we play the (sadly) typical game of "TCP need not
be implemented in a secure way!", followed by "start with a
clean-slate", followed by "let's change the outline", followed by...
most of these people will get tired, and the effort will vanish... and
the specs will continue to be outdated as they are.

Thanks,
-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1