Re: [tcpm] status of TCP-MD5 after TCP-AO publication
Joe Touch <touch@ISI.EDU> Tue, 04 August 2009 16:37 UTC
Return-Path: <touch@ISI.EDU>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B0A433A6452; Tue, 4 Aug 2009 09:37:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_23=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RRLEs6pUX9k9; Tue, 4 Aug 2009 09:37:14 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id C9CBF3A6F36; Tue, 4 Aug 2009 09:37:14 -0700 (PDT)
Received: from [75.213.61.46] (46.sub-75-213-61.myvzw.com [75.213.61.46]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id n74Ga42e004955; Tue, 4 Aug 2009 09:36:07 -0700 (PDT)
Message-ID: <4A786374.5010705@isi.edu>
Date: Tue, 04 Aug 2009 09:36:04 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: Lars Eggert <lars.eggert@nokia.com>
References: <6BB76CFA-4134-4D3E-BE20-3A90A5111CBD@nokia.com>
In-Reply-To: <6BB76CFA-4134-4D3E-BE20-3A90A5111CBD@nokia.com>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm@ietf.org, "iesg@ietf.org IESG" <iesg@ietf.org>
Subject: Re: [tcpm] status of TCP-MD5 after TCP-AO publication
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2009 16:37:15 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lars Eggert wrote: > Hi, > > at the meeting, the question came up which status TCP-MD5 should have > after TCP-AO is published. Specifically, whether it should be obsoleted > by TCP-AO and/or if it should be reclassified as Historic. A related > issue I came across while trying to form an opinion of the former issue > is if the publication of TCP-AO means that we can lift the Standards > Variance for TCP-MD5 introduced by RFC4728. (I'm CC'ing the IESG because > of this latter point, because that Standards Variance came from the SEC > and RTG areas.) I think you mean RFC4278. Because TCP-AO is intended to replace TCP MD5, and because TCP MD5 is considered less than desirable, it seems reasonable to both put forward AO as draft-standard and declare TCP MD5 historic at the same time. If TCP MD5 were safer, we might consider leaving it as-is, but at this point I think we're really trying to push the deployed both away from TCP MD5 and towards AO, so both steps seem useful together right now. And although, in some sense, all new protocols might be sent out first as experimental, that is not the default process for standards developed in the IETF per se, nor is it useful in this particular case, IMO. There is no experiment desired or intended. There are no backward compatibility issues, nor are there interaction issues with other protocols. The only current component for which there is any question is NAT support, which might be an experimental extension if published separately. Joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkp4Y3QACgkQE5f5cImnZrux1gCeI8C76UkJZTNFCE5na6ynM/GV oi8AmgII1uU7l+NNehoFCHX5ZsyoyMx0 =Rs/T -----END PGP SIGNATURE-----
- [tcpm] status of TCP-MD5 after TCP-AO publication Lars Eggert
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Iljitsch van Beijnum
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Lars Eggert
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… David Borman
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Joe Touch
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Ron Bonica
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Iljitsch van Beijnum
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Smith, Donald
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Joe Touch
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Chaks Chigurupati (chaks)
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Smith, Donald
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Chaks Chigurupati (chaks)
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… toby.moncaster
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Iljitsch van Beijnum
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Pekka Savola