Re: [tcpm] tcpsecure: how strong to recommend?
"Edward A. Gardner" <eag@ophidian.com> Mon, 01 October 2007 18:20 UTC
Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IcPsL-0004uj-ON; Mon, 01 Oct 2007 14:20:13 -0400
Received: from tcpm by megatron.ietf.org with local (Exim 4.43) id 1IcPsK-0004uW-Ha for tcpm-confirm+ok@megatron.ietf.org; Mon, 01 Oct 2007 14:20:12 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IcPsK-0004sP-7v for tcpm@ietf.org; Mon, 01 Oct 2007 14:20:12 -0400
Received: from smtp1.pcisys.net ([216.229.32.113]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IcPsC-0008Tp-6b for tcpm@ietf.org; Mon, 01 Oct 2007 14:20:08 -0400
Received: from corallusannulat.ophidian.com (prof-206-53-16-219.cos.pcisys.net [206.53.16.219]) (authenticated bits=0) by smtp1.pcisys.net (8.13.6/8.13.6) with ESMTP id l91IJfss008662 for <tcpm@ietf.org>; Mon, 1 Oct 2007 12:19:43 -0600 (MDT)
Message-Id: <4.3.1.2.20071001113312.00b93e60@pop3.mailpci.net>
X-Sender: ophidian-eag@pop3.mailpci.net
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Mon, 01 Oct 2007 12:15:31 -0600
To: tcpm@ietf.org
From: "Edward A. Gardner" <eag@ophidian.com>
Subject: Re: [tcpm] tcpsecure: how strong to recommend?
In-Reply-To: <20071001163402.9CA472ABFBA@lawyers.icir.org>
References: <0C53DCFB700D144284A584F54711EC580409FF13@xmb-sjc-21c.amer.cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: -0.0 (/)
X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
I normally just lurk here silently, and I certainly wasn't at Chicago or any of the other meetings discussing this. But it strikes me that people are getting caught up in language problems and losing sight of what is desired. In particular there is confusion between discussing whether implementing tcpsecure itself is mandatory / recommended / optional vs. whether some feature of tcpsecure is mandatory / recommended / optional, given that tcpsecure itself is implemented. Clearly there will be implementations that do not implement tcpsecure. Historical implementations. Those that achieve similar ends through different means (e.g. IPSEC, MD5) and therefore have no need or use for tcpsecure. Clearly there are implementations that need or want tcpsecure, BGP being the prominent example. So there are two implementation variations that we consider necessary. Is there any need or point in more? Remember that compatibility problems, testing, etc. scale as (at least) NxN. There is enormous practical incentive to minimize the number of variations that are implemented and deployed. I contend that the specifications or RFCs should allow exactly two variations. Those implementations that ignore and do not implement tcpsecure at all. And those that implement all of it. I think the way to accomplish that is to include an applicability statement saying that implementing tcpsecure is optional. An implementation MAY or MAY NOT implement it. And giving guidance on when one should or should not. Probably something along the lines of saying one should implement it unless the same ends are accomplished by other means, and giving several examples of other means. But if an implementation does choose to implement tcpsecure, then it MUST implement all of it -- the features, protocol behavior, etc. are described in the RFC using MUST. Conversely, if an implementation chooses not to implement tcpsecure, then it MUST NOT implement any part of it. Either implement all of tcpsecure or none of it. Yes, this requires careful phrasing, but it can be done. I am assuming that all the features included in tcpsecure are considered necessary or desirable for BGP. If any are not, shouldn't they be excluded on the grounds that no one is ever likely to implement them? One might contemplate the impact of the IETF requirement for independently developed, interoperable implementations. The three tcpsecure (three choices of MAY vs. SHOULD that are being discussed) interact to some degree. If each are described using MAY or SHOULD, we get eight implementation variations. Each needing two independent implementations means at least sixteen implementation, which is absurd. Does anyone really want to allow some arguably ill-informed implementors to pick and choose, as opposed to saying all or none? Isn't it our responsibility as architects (who claim to know what we are doing :-) to minimize variations, not unnecessarily expand them? Caveat: my primary experience is with the T10 and T11 standards (SCSI and friends), I apologize for my errors with IETF terminology and practice. Dropping back into my hole to resume lurking. Edward A. Gardner eag at ophidian dot com Ophidian Designs 719 593-8866 1262 Hofstead Terrace Colorado Springs, CO 80907 _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Fernando Gont
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Pekka Savola
- RE: [tcpm] tcpsecure: how strong to recommend? Agarwal, Anil
- Re: [tcpm] tcpsecure: how strong to recommend? Wesley Eddy
- Re: [tcpm] tcpsecure: how strong to recommend? David Borman
- Re: [tcpm] tcpsecure: how strong to recommend? Lars Eggert
- RE: [tcpm] tcpsecure: how strong to recommend? Agarwal, Anil
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Tom Petch
- RE: [tcpm] tcpsecure: how strong to recommend? Mitesh Dalal (mdalal)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Tim Shepard
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Tim Shepard
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- RE: [tcpm] tcpsecure: how strong to recommend? toby.moncaster
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- [tcpm] BTNS usage for BGP Pekka Savola
- [tcpm] Re: BTNS usage for BGP Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Mitesh Dalal (mdalal)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Edward A. Gardner
- RE: [tcpm] tcpsecure: how strong to recommend? Mitesh Dalal (mdalal)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Lars Eggert
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? touch
- Re: [tcpm] tcpsecure: how strong to recommend? touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch