Re: [tcpm] feedcback on tcp-secure-05: suggested text

Ted Faber <faber@ISI.EDU> Wed, 19 July 2006 00:59 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G30Pl-0002V0-21; Tue, 18 Jul 2006 20:59:49 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G30Pk-0002Uu-1J for tcpm@ietf.org; Tue, 18 Jul 2006 20:59:48 -0400
Received: from boreas.isi.edu ([128.9.160.161]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G30Ph-0005pN-KK for tcpm@ietf.org; Tue, 18 Jul 2006 20:59:48 -0400
Received: from hut.isi.edu (hut.isi.edu [128.9.168.160]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id k6J0wCu15657; Tue, 18 Jul 2006 17:58:12 -0700 (PDT)
Received: (from faber@localhost) by hut.isi.edu (8.13.7/8.13.7/Submit) id k6J0wC5w096778; Tue, 18 Jul 2006 17:58:12 -0700 (PDT) (envelope-from faber)
Date: Tue, 18 Jul 2006 17:58:12 -0700
From: Ted Faber <faber@ISI.EDU>
To: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] feedcback on tcp-secure-05: suggested text
Message-ID: <20060719005812.GW50683@hut.isi.edu>
References: <7.0.1.0.0.20060715162015.085dce90@gont.com.ar> <44BB1965.9070305@isi.edu> <20060717180238.GE38453@hut.isi.edu> <20060718181852.GC50683@hut.isi.edu> <44BD430B.50401@cisco.com> <7.0.1.0.0.20060718174534.04c68e68@gont.com.ar> <20060718212301.GE50683@hut.isi.edu> <7.0.1.0.0.20060718201549.04c5bb78@gont.com.ar> <20060719000728.GT50683@hut.isi.edu> <7.0.1.0.0.20060718211858.05384d00@gont.com.ar>
Mime-Version: 1.0
In-Reply-To: <7.0.1.0.0.20060718211858.05384d00@gont.com.ar>
User-Agent: Mutt/1.4.2.1i
X-url: http://www.isi.edu/~faber
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: faber@hut.isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d0bdc596f8dd1c226c458f0b4df27a88
Cc: Randall Stewart <rrs@cisco.com>, tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2096870777=="
Errors-To: tcpm-bounces@ietf.org

On Tue, Jul 18, 2006 at 09:37:28PM -0300, Fernando Gont wrote:
> At 21:07 18/07/2006, Ted Faber wrote:
> 
> >On Tue, Jul 18, 2006 at 08:32:01PM -0300, Fernando Gont wrote:
> >> RFC 4301 never states that ICMP messages should be filtered. And its
> >> clear from this last paragraph that a number of behaviours (including
> >> "act on it with constraints") are among the possibilities.
> >
> >Fine.  Try the attached.
> >
> >I'm happy to add an explicit reference to the attacks draft if it can be
> >phrased in such a way that it does not link the publication of the two.
> >Feel free to send text.
> 
> I'd change the text to:
> 
> "Implementors should be aware that the attacks detailed in this
> specification are not the only attacks available to an off-path attacker
> and that the countermeasures described herein are not a comprehensive
> defense against such attacks.
> 
> In particular, administrators should be aware that forged ICMP messages
> provide off-path attackers the opportunity to disrupt connections or
> degrade service.  Such packets may be subject to even less scrutiny than
> those required for the TCP attacks addressed here, especially in 
> stacks not tuned for
> hostile environments.
> 
> This RFC details only part of a complete strategy to
> prevent off-path attackers from disrupting services that use TCP.
> Administrators and implementors should consider the other attack vectors
> and determine appropriate mitigations in securing their systems.
> 
> [antispoof] provides a detailed discussion of TCP attacks based on 
> forged TCP segments, along with
> a discussion on the possible counter-measures.  [ICMP-attacks] 
> provides a detailed discussion on TCP attacks based
> on forged ICMP packets, along with the possible counter-measures."
> 
> 
> Note that I basically removed text, and added references. And that 
> the references are included in a way in which there's no "requirement".

As long as neither of those refs imposes dependencies on tcpsecure, I'm
delighted with the text.

-- 
Ted Faber
http://www.isi.edu/~faber           PGP: http://www.isi.edu/~faber/pubkeys.asc
Unexpected attachment on this mail? See http://www.isi.edu/~faber/FAQ.html#SIG
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm