Re: [tcpm] Feedback request on draft-ietf-tcpm-tcp-security

"Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]" <wesley.m.eddy@nasa.gov> Tue, 02 March 2010 01:33 UTC

Return-Path: <wesley.m.eddy@nasa.gov>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CF4923A85DB for <tcpm@core3.amsl.com>; Mon, 1 Mar 2010 17:33:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EuzdLX84TROD for <tcpm@core3.amsl.com>; Mon, 1 Mar 2010 17:33:31 -0800 (PST)
Received: from ndjsnpf01.ndc.nasa.gov (ndjsnpf01.ndc.nasa.gov [198.117.1.121]) by core3.amsl.com (Postfix) with ESMTP id D94283A8148 for <tcpm@ietf.org>; Mon, 1 Mar 2010 17:33:30 -0800 (PST)
Received: from ndjsppt02.ndc.nasa.gov (ndjsppt02.ndc.nasa.gov [198.117.1.101]) by ndjsnpf01.ndc.nasa.gov (Postfix) with ESMTP id 037D13297DF; Mon, 1 Mar 2010 19:33:31 -0600 (CST)
Received: from ndjshub04.ndc.nasa.gov (ndjshub04-pub.ndc.nasa.gov [198.117.1.34]) by ndjsppt02.ndc.nasa.gov (8.14.3/8.14.3) with ESMTP id o221XU58014194; Mon, 1 Mar 2010 19:33:30 -0600
Received: from NDJSSCC01.ndc.nasa.gov ([198.117.4.166]) by ndjshub04.ndc.nasa.gov ([198.117.4.163]) with mapi; Mon, 1 Mar 2010 19:33:30 -0600
From: "Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]" <wesley.m.eddy@nasa.gov>
To: "L.Wood@surrey.ac.uk" <L.Wood@surrey.ac.uk>
Date: Mon, 1 Mar 2010 19:28:33 -0600
Thread-Topic: [tcpm] Feedback request on draft-ietf-tcpm-tcp-security
Thread-Index: Acq5ljjzwMHiCigIRsStzG4eSnQdyQAEXOD1
Message-ID: <C304DB494AC0C04C87C6A6E2FF5603DB47DE76AE76@NDJSSCC01.ndc.nasa.gov>
References: <4B7F2881.7000700@gont.com.ar> <C304DB494AC0C04C87C6A6E2FF5603DB47DE76AE73@NDJSSCC01.ndc.nasa.gov>, <FC9BFC61-3E19-48D8-A7A7-505EC0836410@surrey.ac.uk>
In-Reply-To: <FC9BFC61-3E19-48D8-A7A7-505EC0836410@surrey.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.8161:2.4.5, 1.2.40, 4.0.166 definitions=2010-03-01_17:2010-02-06, 2010-03-01, 2010-03-01 signatures=0
Cc: "tcpm@ietf.org" <tcpm@ietf.org>, "fernando@gont.com.ar" <fernando@gont.com.ar>
Subject: Re: [tcpm] Feedback request on draft-ietf-tcpm-tcp-security
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2010 01:33:31 -0000

I don't know if you've read the document under discussion, but it already includes a reference to the CPNI security assessment you mention including a reference to, and this reference immediately follows the text I suggested clarifying to identify TCPM as the document source.

My suggestion was to put a sentence in that makes the context of the document clear, as a TCPM product, with recommendations that have been reviewed by TCPM.  It shouldn't be controversial that the WG takes ownership of a WG product.


________________________________________
From: L.Wood@surrey.ac.uk [L.Wood@surrey.ac.uk]
Sent: Monday, March 01, 2010 6:23 PM
To: Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]
Cc: L.Wood@surrey.ac.uk; fernando@gont.com.ar; tcpm@ietf.org
Subject: Re: [tcpm] Feedback request on draft-ietf-tcpm-tcp-security

On 1 Mar 2010, at 06:23, Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP] wrote:

> The paragraph beginning with "This document is the result of a security assessment of the IETF specifications of the Transmission Control Protocol (TCP), from a security point of view.  Possible threats are identified and, where possible, countermeasures are proposed." should be replaced with something to the effect of "This document captures the best current practices in implementation, configuration, and use of TCP and its supporting protocols and extensions and has been produced by the IETF's TCP Maintenance and Minor Extensions Working Group (TCPM)."

Surely, "has been roadblocked and nitpicked to death at every possible opportunity by the TCP Maintenance and Minor Extensions Working Group (TCPM), so that this document is a shadow of its former self, but has now been edited and reworked sufficiently to give TCPM the necessary sense of ownership, dominance and authorship to permit the document to proceed." ?

This group's work is no longer about TCP, but about bad document re-re-re-re-re-writing; not something I'd have the patience for, and if I was the primary originating author I'd have moved on to more satisfying things long ago.

Sorry, I'm with Alfred. His assessment of this group is correct.

I'd insist on including a reference to the original CPNI security assessment document.

L.

Lloyd Wood
L.Wood@surrey.ac.uk
http://sat-net.com/L.Wood