Re: [tcpm] status of TCP-MD5 after TCP-AO publication

[Joe Touch <touch@ISI.EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Lars Eggert wrote:
> Hi,
> 
> at the meeting, the question came up which status TCP-MD5 should have
> after TCP-AO is published. Specifically, whether it should be obsoleted
> by TCP-AO and/or if it should be reclassified as Historic. A related
> issue I came across while trying to form an opinion of the former issue
> is if the publication of TCP-AO means that we can lift the Standards
> Variance for TCP-MD5 introduced by RFC4728. (I'm CC'ing the IESG because
> of this latter point, because that Standards Variance came from the SEC
> and RTG areas.)

I think you mean RFC4278.

Because TCP-AO is intended to replace TCP MD5, and because TCP MD5 is
considered less than desirable, it seems reasonable to both put forward
AO as draft-standard and declare TCP MD5 historic at the same time.

If TCP MD5 were safer, we might consider leaving it as-is, but at this
point I think we're really trying to push the deployed both away from
TCP MD5 and towards AO, so both steps seem useful together right now.

And although, in some sense, all new protocols might be sent out first
as experimental, that is not the default process for standards developed
in the IETF per se, nor is it useful in this particular case, IMO. There
is no experiment desired or intended. There are no backward
compatibility issues, nor are there interaction issues with other
protocols. The only current component for which there is any question is
NAT support, which might be an experimental extension if published
separately.

Joe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkp4Y3QACgkQE5f5cImnZrux1gCeI8C76UkJZTNFCE5na6ynM/GV
oi8AmgII1uU7l+NNehoFCHX5ZsyoyMx0
=Rs/T
-----END PGP SIGNATURE-----