Re: [tcpm] tcpsecure recommendations
Joe Touch <touch@ISI.EDU> Sun, 10 February 2008 17:44 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: ietfarch-tcpm-archive@core3.amsl.com
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7D0443A6835; Sun, 10 Feb 2008 09:44:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from core3.amsl.com ([127.0.0.1]) by localhost (mail.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8En17IpL3CXd; Sun, 10 Feb 2008 09:44:57 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 937FA3A6800; Sun, 10 Feb 2008 09:44:57 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4A043A6800 for <tcpm@core3.amsl.com>; Sun, 10 Feb 2008 09:44:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from core3.amsl.com ([127.0.0.1]) by localhost (mail.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ds9Hdw4Mx-G2 for <tcpm@core3.amsl.com>; Sun, 10 Feb 2008 09:44:55 -0800 (PST)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 031503A67AC for <tcpm@ietf.org>; Sun, 10 Feb 2008 09:44:54 -0800 (PST)
Received: from [127.0.0.1] (pool-71-106-88-149.lsanca.dsl-w.verizon.net [71.106.88.149]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id m1AHisdA021407 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 10 Feb 2008 09:44:55 -0800 (PST)
Message-ID: <47AF380D.7030400@isi.edu>
Date: Sun, 10 Feb 2008 09:44:45 -0800
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
References: <20080206174017.6977C36516E@lawyers.icir.org> <47AB293D.8040605@isi.edu> <0C53DCFB700D144284A584F54711EC5804AC099C@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <0C53DCFB700D144284A584F54711EC5804AC099C@xmb-sjc-21c.amer.cisco.com>
X-Enigmail-Version: 0.95.6
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm@ietf.org, mallman@icir.org
Subject: Re: [tcpm] tcpsecure recommendations
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anantha Ramaiah (ananth) wrote: |> #3 makes most sense tm oe. #1 weakens the AS statement too |> much, and |> #2 covers data plane protection that there are too |> many other ways to spoof (overwriting segments, or just |> writing segments with predicted header data). This appears to |> be best applied to an unauthenticated control plane. | | I am assuming you are characterizing the reception of certain segments | like SYN/RST/FIN as control plane and pure data as otherwise?. Pl note | that tcp-secure mainly talks about injecting a bad segment which | eventually results in tearing down an established TCP connection. In | other words, I can't understand your reasoning for not going with #2. | What do you think are the issues going with #2 ? | | Can you elaborate? The key issues are: - - lack of protection against injected data itself (I'm not sure if the doc actually calls this out specifically; it probably should in the security considerations section - even an off-path attacker can do this, e.g.) - - the word "eventually" above IMO, if you are running a TCP connection that is susceptible to attacks only by a *stream* of forged segments, you probably ought to use something besides TCP-secure as protection. As a result, I think that you SHOULD protect the control plane (if you employ this technique), but that protection of attacks via data plane volume are not as critical, and thus a MAY. Joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHrzgME5f5cImnZrsRAtCoAKDsgOcVgbwKLrpmX68pnFXsrquajACfSox0 w/8ntF+s4KpzglNa3Gm3xzo= =f7AS -----END PGP SIGNATURE----- _______________________________________________ tcpm mailing list tcpm@ietf.org http://www.ietf.org/mailman/listinfo/tcpm
- Re: [tcpm] tcpsecure recommendations Mark Allman
- [tcpm] tcpsecure recommendations Mark Allman
- Re: [tcpm] tcpsecure recommendations David Borman
- Re: [tcpm] tcpsecure recommendations Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure recommendations Joe Touch
- Re: [tcpm] tcpsecure recommendations Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure recommendations Joe Touch
- Re: [tcpm] tcpsecure recommendations Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure recommendations Joe Touch
- Re: [tcpm] tcpsecure recommendations Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure recommendations Joe Touch
- Re: [tcpm] tcpsecure recommendations Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure recommendations Mark Allman
- Re: [tcpm] tcpsecure recommendations Tom Petch