Re: [tcpm] tcpsecure: how strong to recommend?

"Edward A. Gardner" <eag@ophidian.com> Mon, 01 October 2007 18:20 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IcPsL-0004uj-ON; Mon, 01 Oct 2007 14:20:13 -0400
Received: from tcpm by megatron.ietf.org with local (Exim 4.43) id 1IcPsK-0004uW-Ha for tcpm-confirm+ok@megatron.ietf.org; Mon, 01 Oct 2007 14:20:12 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IcPsK-0004sP-7v for tcpm@ietf.org; Mon, 01 Oct 2007 14:20:12 -0400
Received: from smtp1.pcisys.net ([216.229.32.113]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IcPsC-0008Tp-6b for tcpm@ietf.org; Mon, 01 Oct 2007 14:20:08 -0400
Received: from corallusannulat.ophidian.com (prof-206-53-16-219.cos.pcisys.net [206.53.16.219]) (authenticated bits=0) by smtp1.pcisys.net (8.13.6/8.13.6) with ESMTP id l91IJfss008662 for <tcpm@ietf.org>; Mon, 1 Oct 2007 12:19:43 -0600 (MDT)
Message-Id: <4.3.1.2.20071001113312.00b93e60@pop3.mailpci.net>
X-Sender: ophidian-eag@pop3.mailpci.net
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Mon, 01 Oct 2007 12:15:31 -0600
To: tcpm@ietf.org
From: "Edward A. Gardner" <eag@ophidian.com>
Subject: Re: [tcpm] tcpsecure: how strong to recommend?
In-Reply-To: <20071001163402.9CA472ABFBA@lawyers.icir.org>
References: <0C53DCFB700D144284A584F54711EC580409FF13@xmb-sjc-21c.amer.cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Spam-Score: -0.0 (/)
X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

I normally just lurk here silently, and I certainly wasn't at Chicago or 
any of the other meetings discussing this.  But it strikes me that people 
are getting caught up in language problems and losing sight of what is 
desired.  In particular there is confusion between discussing whether 
implementing tcpsecure itself is mandatory / recommended / optional vs. 
whether some feature of tcpsecure is mandatory / recommended / optional, 
given that tcpsecure itself is implemented.

Clearly there will be implementations that do not implement 
tcpsecure.  Historical implementations.  Those that achieve similar ends 
through different means (e.g. IPSEC, MD5) and therefore have no need or use 
for tcpsecure.

Clearly there are implementations that need or want tcpsecure, BGP being 
the prominent example.

So there are two implementation variations that we consider necessary.  Is 
there any need or point in more?  Remember that compatibility problems, 
testing, etc. scale as (at least) NxN.  There is enormous practical 
incentive to minimize the number of variations that are implemented and 
deployed.

I contend that the specifications or RFCs should allow exactly two 
variations.  Those implementations that ignore and do not implement 
tcpsecure at all.  And those that implement all of it.

I think the way to accomplish that is to include an applicability statement 
saying that implementing tcpsecure is optional.  An implementation MAY or 
MAY NOT implement it.  And giving guidance on when one should or should 
not.  Probably something along the lines of saying one should implement it 
unless the same ends are accomplished by other means, and giving several 
examples of other means.

But if an implementation does choose to implement tcpsecure, then it MUST 
implement all of it -- the features, protocol behavior, etc. are described 
in the RFC using MUST.  Conversely, if an implementation chooses not to 
implement tcpsecure, then it MUST NOT implement any part of it.  Either 
implement all of tcpsecure or none of it.  Yes, this requires careful 
phrasing, but it can be done.


I am assuming that all the features included in tcpsecure are considered 
necessary or desirable for BGP.  If any are not, shouldn't they be excluded 
on the grounds that no one is ever likely to implement them?

One might contemplate the impact of the IETF requirement for independently 
developed, interoperable implementations.  The three tcpsecure (three 
choices of MAY vs. SHOULD that are being discussed) interact to some 
degree.  If each are described using MAY or SHOULD, we get eight 
implementation variations.  Each needing two independent implementations 
means at least sixteen implementation, which is absurd.  Does anyone really 
want to allow some arguably ill-informed implementors to pick and choose, 
as opposed to saying all or none?  Isn't it our responsibility as 
architects (who claim to know what we are doing :-) to minimize variations, 
not unnecessarily expand them?

Caveat: my primary experience is with the T10 and T11 standards (SCSI and 
friends), I apologize for my errors with IETF terminology and practice.

Dropping back into my hole to resume lurking.


Edward A. Gardner               eag at ophidian dot com
Ophidian Designs                719 593-8866
1262 Hofstead Terrace
Colorado Springs, CO  80907



_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm