IETF Logo Mail Archive

Re: [tcpm] feedcback on tcp-secure-05

Ted Faber <faber@ISI.EDU> Mon, 17 July 2006 18:03 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2XRD-0003Je-Lm; Mon, 17 Jul 2006 14:03:23 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2XRB-0003JL-BH for tcpm@ietf.org; Mon, 17 Jul 2006 14:03:21 -0400
Received: from boreas.isi.edu ([128.9.160.161]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G2XR9-0004Z8-VG for tcpm@ietf.org; Mon, 17 Jul 2006 14:03:21 -0400
Received: from hut.isi.edu (hut.isi.edu [128.9.168.160]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id k6HI2cu21461; Mon, 17 Jul 2006 11:02:38 -0700 (PDT)
Received: (from faber@localhost) by hut.isi.edu (8.13.7/8.13.7/Submit) id k6HI2cne022731; Mon, 17 Jul 2006 11:02:38 -0700 (PDT) (envelope-from faber)
Date: Mon, 17 Jul 2006 11:02:38 -0700
From: Ted Faber <faber@ISI.EDU>
To: Joe Touch <touch@ISI.EDU>
Subject: Re: [tcpm] feedcback on tcp-secure-05
Message-ID: <20060717180238.GE38453@hut.isi.edu>
References: <44B682AB.9010702@isi.edu> <7.0.1.0.0.20060715162015.085dce90@gont.com.ar> <44BB1965.9070305@isi.edu>
Mime-Version: 1.0
In-Reply-To: <44BB1965.9070305@isi.edu>
User-Agent: Mutt/1.4.2.1i
X-url: http://www.isi.edu/~faber
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: faber@hut.isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0422974646=="
Errors-To: tcpm-bounces@ietf.org

As a participant, not a chair.

On Sun, Jul 16, 2006 at 10:00:21PM -0700, Joe Touch wrote:
> The ICMP document is a general document; this document [tcpsecure
> --tvf]  (IMO) is more about what to do when under suspected attack (or
> should be, to some extent).

That's more broad a view of tcpsecure than the one I have.  It's a
mitigation of a specific attack vector, not a handbook for dealing with
off-path TCP attacks.  Personally I prefer to keep it more tightly
scoped so there's a chance of finishing it.

> If tcp-secure doesn't recommend blocking when tcp-secure is active
> (i.e., when such attacks are suspected), then there is no point to the
> rest of tcp-secure. It is useless to address the more challenging
> spoofing attack vector and not address the easier one.

While I'm not opposed to adding text to that effect, I don't think it's
a requirement.  There are plenty of other possibilities for attack when
the tcpsecure code additions are exercised, and I don't see that this
document needs to address them all.  For that matter, the tcpsecure
document has never proposed a detection mechanism for those attacks.
All that is new work, and IMHO, well beyond the scope of the document
that the WG agreed to.  I'm happy to be convinced otherwise.

-- 
Ted Faber
http://www.isi.edu/~faber           PGP: http://www.isi.edu/~faber/pubkeys.asc
Unexpected attachment on this mail? See http://www.isi.edu/~faber/FAQ.html#SIG

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email