Re: [tcpm] feedcback on tcp-secure-05

At 10:41 18/07/2006, Joe Touch wrote:

[Talking about the ICMP attacks draft]

>I've repeatedly said that the text below directly negates the
>requirement in RFC1122. That NEEDS to be directly highlighted in your
>doc (the text that says that 1122 allows this is incorrect):
>
>      "For security reasons,
>       it would be fair to treat ICMP port unreachable messages as soft
>       errors (or completely ignore them) when they are meant for
>       protocols that have their own mechanism for reporting this error
>       condition."

Joe, this already was in my list of changes. There are a bunch of 
comments from Mark, Pyda, Fred, you and others that I will 
(hopefully) address in the next revision of the draft.

Now, as per Anatha's e-mails, there's ambiguity in RFC 1122 respect 
to this issue. There's a MUST and a SHOULD on the issue of what is 
supposed to be the correct reaction to a port unreachable.

So, would you agree with the draft mentioning the ambiguity, and, as 
in the case of the other ICMP error codes, stating why it would make 
sense to treat them as soft errors, instead? (The "SHOULD" allows for 
that, after all).

> > It is clear that with the ICMP counter-measures in place, TCP-based
> > attacks are "the weakest link in the change". You don't need to "drop
> > them all".
>
>Even as soft errors, such ICMP errors could be interpreted by the
>application as indicating a legitimate error that causes the connection
>to be dropped, even though the only reason is attack.

This assumes that:
a) The system in question does not honor the "recommendation" in the 
ICMP attacks draft
b) ICMP error messages are passed to the application. In the Sockets 
API, they are passed only after a USER TIMEOUT.

Kindest regards,

--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm