Re: [tcpm] tcpsecure: how strong to recommend?
Ted Faber <faber@ISI.EDU> Fri, 05 October 2007 18:45 UTC
Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1IdsB2-0005GP-Tc; Fri, 05 Oct 2007 14:45:32 -0400
Received: from tcpm by megatron.ietf.org with local (Exim 4.43)
id 1IdsB2-0005Fq-1g
for tcpm-confirm+ok@megatron.ietf.org; Fri, 05 Oct 2007 14:45:32 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1IdsB1-0005F8-JU
for tcpm@ietf.org; Fri, 05 Oct 2007 14:45:31 -0400
Received: from boreas.isi.edu ([128.9.160.161])
by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IdsB1-0007vZ-4b
for tcpm@ietf.org; Fri, 05 Oct 2007 14:45:31 -0400
Received: from hut.isi.edu (hut.isi.edu [128.9.168.160])
by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id l95IiaOG000120
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
Fri, 5 Oct 2007 11:44:36 -0700 (PDT)
Received: (from faber@localhost)
by hut.isi.edu (8.14.1/8.14.1/Submit) id l95IiaeC006179;
Fri, 5 Oct 2007 11:44:36 -0700 (PDT) (envelope-from faber)
Date: Fri, 5 Oct 2007 11:44:36 -0700
From: Ted Faber <faber@ISI.EDU>
To: touch@ISI.EDU
Subject: Re: [tcpm] tcpsecure: how strong to recommend?
Message-ID: <20071005184436.GC2845@hut.isi.edu>
References: <0C53DCFB700D144284A584F54711EC580409FD4F@xmb-sjc-21c.amer.cisco.com>
<46FF3FFA.4080207@isi.edu> <20071003172326.GE45911@hut.isi.edu>
<4703D165.30606@isi.edu> <20071003181553.GF45911@hut.isi.edu>
<4703E173.4060007@isi.edu> <20071005165755.GA2845@hut.isi.edu>
<1191604898.470672a2ea7cb@webmail.isi.edu>
<1191605329.47067451d97bc@webmail.isi.edu>
Mime-Version: 1.0
In-Reply-To: <1191605329.47067451d97bc@webmail.isi.edu>
User-Agent: Mutt/1.4.2.3i
X-url: http://www.isi.edu/~faber
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: faber@hut.isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
Cc: tcpm@ietf.org, "Anantha Ramaiah \(ananth\)" <ananth@cisco.com>,
mallman@icir.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>,
<mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>,
<mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0192904728=="
Errors-To: tcpm-bounces@ietf.org
On Fri, Oct 05, 2007 at 10:28:49AM -0700, touch@ISI.EDU wrote: > Quoting touch@ISI.EDU: > > .. > > > I think we're arguing over what to name the process. This would be fun > > > to do in person, but I don't think it's advancing the discussion of the > > > system, or in particular of the discussion about the guidance to > > > implementers we're trying to decide on. > > > > I agree with that, but we've tripped over some other name issues that are > > fundamental here: > > , notably whether this is an update to RFC793 (I think most of us > agree that it is). Yep. It's not much of an exercise to point at the paragraphs that change. > > It's important for implementers to know why we're doing what we're doing, and > this is purely motivated by security concerns, and provides no real protection > from incorrect MSL estimation to TCP as a whole. That's why calling it > authentication is important. Calling it a patch to update TCP's robustness is > incorrect and misleads implementers into adopting this mechanism unncessarily. I do think it makes TCP slightly more robust, but the occurrances that would trigger that robustness are pretty unusual. The most common cause of that uncommon set is malice. Do you think that concentrating on the likelihood of bad RSTs (and SYNs and data) showing up would steer us back toward the recommendation level? -- Ted Faber http://www.isi.edu/~faber PGP: http://www.isi.edu/~faber/pubkeys.asc Unexpected attachment on this mail? See http://www.isi.edu/~faber/FAQ.html#SIG
_______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Fernando Gont
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Pekka Savola
- RE: [tcpm] tcpsecure: how strong to recommend? Agarwal, Anil
- Re: [tcpm] tcpsecure: how strong to recommend? Wesley Eddy
- Re: [tcpm] tcpsecure: how strong to recommend? David Borman
- Re: [tcpm] tcpsecure: how strong to recommend? Lars Eggert
- RE: [tcpm] tcpsecure: how strong to recommend? Agarwal, Anil
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Tom Petch
- RE: [tcpm] tcpsecure: how strong to recommend? Mitesh Dalal (mdalal)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Tim Shepard
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Tim Shepard
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- RE: [tcpm] tcpsecure: how strong to recommend? toby.moncaster
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- [tcpm] BTNS usage for BGP Pekka Savola
- [tcpm] Re: BTNS usage for BGP Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Mitesh Dalal (mdalal)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Edward A. Gardner
- RE: [tcpm] tcpsecure: how strong to recommend? Mitesh Dalal (mdalal)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Lars Eggert
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? touch
- Re: [tcpm] tcpsecure: how strong to recommend? touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch