IETF Logo Mail Archive

Re: [tcpm] [Technical Errata Reported] RFC5925 (7135)

"touch@strayalpha.com" <touch@strayalpha.com> Sat, 24 September 2022 16:40 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EAD7C14F736 for <tcpm@ietfa.amsl.com>; Sat, 24 Sep 2022 09:40:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.326
X-Spam-Level:
X-Spam-Status: No, score=-1.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ebTKWaZClueG for <tcpm@ietfa.amsl.com>; Sat, 24 Sep 2022 09:40:23 -0700 (PDT)
Received: from server217-2.web-hosting.com (server217-2.web-hosting.com [198.54.115.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DD92C14F747 for <tcpm@ietf.org>; Sat, 24 Sep 2022 09:40:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=gK9RTvLLyoBuXoPolAl+lWC59lYSBod+4CZU5gxawoQ=; b=qfwWfF7SJFKPTj+eDmg+5LXPDg k8AsTf6bKln8cx8ToRVKf/OfJdlqHxrQ23hP/Wg4IoLTBhsmh/jaJRrlX74HMsTv0VqLD7T0nYtEM lDR2mIZqkfzp4Q75LuXDNB/r5AorW9uMOOwrt6Z9SVZtI34/bfKlk8LrrZsd4rLBg+lm4YraD/8Oc AMqCD+46Sgz2F2356nDyLrainwP6+lRuVZpjqoL/8zMXNz0GfFyBD6OEhTSm+IQhEUyqhBj5mh2KN xBcrgYVhcEKmFRfRJX1BCfqeGmUwgtFdr686nFXpoxWOd0+l8RSAImFFB9E3J4qFLgJFyDAxX42It Gr/moLfA==;
Received: from cpe-172-114-237-88.socal.res.rr.com ([172.114.237.88]:50755 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <touch@strayalpha.com>) id 1oc8CJ-007v5V-R1; Sat, 24 Sep 2022 12:40:16 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_37F4481C-D550-496C-80E9-933520DDBA5D"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <5c4b3a52-259d-08bd-8db8-59a49c6d9504@gmail.com>
Date: Sat, 24 Sep 2022 09:40:07 -0700
Cc: "Natarajan, Venkatesh (HP-Networking)" <venkatesh.natarajan@hpe.com>, Dmitry Safonov <dima@arista.com>, Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>, Francesco Ruggeri <fruggeri@arista.com>, Allison Mankin <mankin@psg.com>, Ron Bonica <rbonica@juniper.net>, Michael Tuexen <tuexen@fh-muenster.de>, tcpm@ietf.org, Salam Noureddine <noureddine@arista.com>, RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <1099B2E2-B8C8-44DD-9F9F-63393CFF659B@strayalpha.com>
References: <DS7PR84MB3061E20930DCEF5E5C867483F74C9@DS7PR84MB3061.NAMPRD84.PROD.OUTLOOK.COM> <7C3A53C8-7D86-410A-BBC5-737546127E14@strayalpha.com> <5c4b3a52-259d-08bd-8db8-59a49c6d9504@gmail.com>
To: Leonard Crestez <cdleonard@gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/culP_GNdSyyzvAC2R3_BNONufSk>
X-Mailman-Approved-At: Sun, 25 Sep 2022 08:02:57 -0700
Subject: Re: [tcpm] [Technical Errata Reported] RFC5925 (7135)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Sep 2022 16:40:27 -0000

HI, Leonard,

> On Sep 24, 2022, at 6:37 AM, Leonard Crestez <cdleonard@gmail.com> wrote:
> 
> This behavior is not described by RFC and seems to completely defeat the security provided by TCP-AO by accepting all unsigned packets. There does not appear to be any usefulness outside of debugging

It is explicitly designed to allow either side to decide whether TCP-AO is required or optional on incoming connections. The current default is that both sides allow the connection to support legacy mode either when the option isn’t present or when the key fails.

If that’s not desired, either side can set an override (as already mentioned in the paragraph noted in the errata request. If you want the override to be a default on your system, that’s your choice.

Joe

—
Dr. Joe Touch, temporal epistemologist
www.strayalpha.com

v2.30.2 | Report a Bug | By Email | System Status