RE: [tcpm] tcpsecure: how strong to recommend?

"Anantha Ramaiah \(ananth\)" <ananth@cisco.com> Wed, 26 September 2007 20:33 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IadZa-0004ox-RA; Wed, 26 Sep 2007 16:33:30 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IadZY-0004Xj-88 for tcpm@ietf.org; Wed, 26 Sep 2007 16:33:28 -0400
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IadZX-0006zT-Rp for tcpm@ietf.org; Wed, 26 Sep 2007 16:33:28 -0400
X-IronPort-AV: E=Sophos;i="4.21,199,1188802800"; d="scan'208";a="402083770"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-2.cisco.com with ESMTP; 26 Sep 2007 13:33:27 -0700
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id l8QKXRVj026608; Wed, 26 Sep 2007 13:33:27 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id l8QKXM7h013874; Wed, 26 Sep 2007 20:33:27 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Sep 2007 13:33:22 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [tcpm] tcpsecure: how strong to recommend?
Date: Wed, 26 Sep 2007 13:33:20 -0700
Message-ID: <0C53DCFB700D144284A584F54711EC5804052330@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <46FAB2B9.60006@isi.edu>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] tcpsecure: how strong to recommend?
Thread-Index: AcgAc3JXLwwi70UsSIu1hxac0svtywABhTwQ
From: "Anantha Ramaiah \(ananth\)" <ananth@cisco.com>
To: "Joe Touch" <touch@ISI.EDU>
X-OriginalArrivalTime: 26 Sep 2007 20:33:22.0821 (UTC) FILETIME=[7B835B50:01C8007C]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1685; t=1190838807; x=1191702807; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth@cisco.com; z=From:=20=22Anantha=20Ramaiah=20\(ananth\)=22=20<ananth@cisco.com> |Subject:=20RE=3A=20[tcpm]=20tcpsecure=3A=20how=20strong=20to=20recommend ? |Sender:=20; bh=hqlF5xepJAWg9Fyb8j0yxwfKntoiUS5jiuP0Z5b4dxg=; b=lpWjh2ndaa2WKwAx5E8BcY0M8L7DYBViEpcUzWM6oA6N2CExa8BrTHVaAZyrLOpyyNbEMQ9U XllmWjsRFNmmzM8Z2oStFC2R/wQYQwEsewbnELUSyAtzzAQlNaN4cFAv+4dzuSuZoj/P92gI+O AtTb4JUN9rXLs0fa0uLeWb558=;
Authentication-Results: sj-dkim-1; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69
Cc: tcpm@ietf.org, Tim Shepard <shep@alum.mit.edu>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

Inline comments....

> > Anyways, I don't want to side-track this discussion from 
> it's original 
> > intent viz., "strength of mitigations"
> 
> OK, so let's get back to that. If you believe that it's 
> appropriate to let people decide what mitigations they want 
> to deploy, then why isn't tcpsecure a MAY?


Here is why I think it is SHOULD ( I have already pointed out the
reasons, but will try to more explicit this time.)

- I believe by making it a SHOULD it already lets people chose. Many
implementations have ignored the recommendations tagged as SHOULD and
some of them "knobbed" it for the "good reasons" of their own.

- Like someone pointed out MAY is a weak statement, it could also imply
"MAY not". Why should it be a MAY when we know that the pros of the
soultion outweigh the cons?

- to me these recommendations are good to have, so it falls under SHOULD
since the internet has changed a lot from being what it was 20 years ago
and I believe protocol robustness and quality are good to have and esp.
for a pervasive protocol like TCP. To me "good to have" is a SHOULD. I
agree it is not "MUST have".

> 
> I.e., you MAY deploy it if you want the mitigations.
> 
> There's no MUST in that logic, any more than 'you MUST deploy 
> IPsec/BTNS/TCP-MD5++'.

I am assuming it is a conditional MUST like "if you need security then
use TCP MD5", correct? Is "conditional MUST = SHOULD" ?

> 
> I think we're all agreeing that "let the user decide" is appropriate.
> What we disagree upon appears to be what that implies. 

Yes I think we are all focussed on the RFC language to be used here.

-Anantha

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm