RE: [tcpm] tcpsecure: how strong to recommend?
<toby.moncaster@bt.com> Wed, 26 September 2007 16:46 UTC
Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iaa1w-0001qa-4q; Wed, 26 Sep 2007 12:46:32 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iaa1u-0001iY-U6 for tcpm@ietf.org; Wed, 26 Sep 2007 12:46:30 -0400
Received: from smtp1.smtp.bt.com ([217.32.164.137]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Iaa1u-00059s-8S for tcpm@ietf.org; Wed, 26 Sep 2007 12:46:30 -0400
Received: from E03MVZ4-UKDY.domain1.systemhost.net ([193.113.30.65]) by smtp1.smtp.bt.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Sep 2007 17:46:27 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [tcpm] tcpsecure: how strong to recommend?
Date: Wed, 26 Sep 2007 17:46:49 +0100
Message-ID: <BAB4DC0CD5148948A86BD047A85CE2A703D2B41E@E03MVZ4-UKDY.domain1.systemhost.net>
In-Reply-To: <44F9F627-9A49-4A63-9F38-0006F1FE2BDF@nokia.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] tcpsecure: how strong to recommend?
Thread-Index: Acf/e/jEdAyxcSypQ9uxLKw1OAOZuAA3nHnQ
From: toby.moncaster@bt.com
To: lars.eggert@nokia.com, touch@ISI.EDU
X-OriginalArrivalTime: 26 Sep 2007 16:46:27.0294 (UTC) FILETIME=[C806CFE0:01C8005C]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a7d2e37451f7f22841e3b6f40c67db0f
Cc: tcpm@ietf.org, mallman@icir.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
Two things that seem clear from this quite long email thread: 1) many of the people expressing opinions on this are the same ones that expressed opinions at the meeting in Chicago 2) there is definite lack of agreement on the meaning of SHOULD and MAY (MUST seems pretty clear). It almost seems that there is a need for a new level of recommendation somewhere between SHOULD (which many people seem to take to mean "MUST unless you have a good reason not to") and MAY (which some people take to mean "may do if you choose to"). What is lacking (as I think Tim was driving at) is a word to mean "we advise you to do this but don't want to obligate you". Obviously some of this confusion can be reduced if proper applicability statements are used as described by Lars below. For what its worth I am torn between options 2) and 3). Option 3) is correct if the applicability is clearly defined to those TCPs where there is significant risk of harm from these attacks Toby ________________________________________________________________________ ____ Toby Moncaster, <toby.moncaster@bt.com> Networks Research Centre, BT Research B54/70 Adastral Park, Martlesham Heath, Ipswich, IP53RE, UK. +44 1473 648734 -----Original Message----- From: Lars Eggert [mailto:lars.eggert@nokia.com] Sent: 25 September 2007 14:54 To: ext Joe Touch Cc: tcpm@ietf.org; mallman@icir.org Subject: Re: [tcpm] tcpsecure: how strong to recommend? Hi, On 2007-9-25, at 1:34, ext Joe Touch wrote: > I'd encourage others to weigh in on this. I'm uncomfortable with our > making recommendations to change TCP's fundamental behavior as a > SHOULD on the basis of a handful of representatives. this brings up an important point we need to clarify. The tcpsecure document contains a technical specification for multiple TCP mechanisms to protect against certain attacks. However, RFC 2026 recommends that technical specifications should also come with a statement of applicability, i.e., something that says when the technical specification should or should not be used. Many documents don't have this, and often that isn't an issue. The tcpsecure document is missing this piece, too, but in this case I believe this is causing some confusion. For some folks, this lack of a clear applicability statement means that the tcpsecure mechanisms become part of the "must-implement" set of TCP. To other folks, the MUST/SHOULD/MAY in the current document *are* a kind of applicability statement. I think it would be helpful if we would tease apart applicability statement and technical specification. What were missing is consensus on the applicability of the proposed set of mechanisms. During the discussion around this document, I've heard basically two choices being expressed: (1) all TCP stacks should implement tcpsecure (2) only TCP stacks that expect to support a significant number of connections for which the described attacks are possible should implement tcpsecure This is important to scope the discussion we're currently having on SHOULD vs. MAY. If the applicability is (1), a SHOULD with its should-have-a-really- good-reason-to-ignore semantics is a pretty strong statement that affects all stacks. Whereas if the applicability is (2) or something else that is more restricted than (1), a SHOULD is essentially without effect for stacks that don't consider themselves to fall under the conditions stated. Lars PS: Here is the relevant section from RFC2026: 3.1 Technical Specification (TS) A Technical Specification is any description of a protocol, service, procedure, convention, or format. It may completely describe all of the relevant aspects of its subject, or it may leave one or more parameters or options unspecified. A TS may be completely self- contained, or it may incorporate material from other specifications by reference to other documents (which might or might not be Internet Standards). A TS shall include a statement of its scope and the general intent for its use (domain of applicability). Thus, a TS that is inherently specific to a particular context shall contain a statement to that effect. However, a TS does not specify requirements for its use within the Internet; these requirements, which depend on the particular context in which the TS is incorporated by different system configurations, are defined by an Applicability Statement. _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Fernando Gont
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Pekka Savola
- RE: [tcpm] tcpsecure: how strong to recommend? Agarwal, Anil
- Re: [tcpm] tcpsecure: how strong to recommend? Wesley Eddy
- Re: [tcpm] tcpsecure: how strong to recommend? David Borman
- Re: [tcpm] tcpsecure: how strong to recommend? Lars Eggert
- RE: [tcpm] tcpsecure: how strong to recommend? Agarwal, Anil
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Tom Petch
- RE: [tcpm] tcpsecure: how strong to recommend? Mitesh Dalal (mdalal)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Tim Shepard
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Tim Shepard
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- RE: [tcpm] tcpsecure: how strong to recommend? toby.moncaster
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- [tcpm] BTNS usage for BGP Pekka Savola
- [tcpm] Re: BTNS usage for BGP Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Mitesh Dalal (mdalal)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Mark Allman
- Re: [tcpm] tcpsecure: how strong to recommend? Edward A. Gardner
- RE: [tcpm] tcpsecure: how strong to recommend? Mitesh Dalal (mdalal)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Lars Eggert
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- RE: [tcpm] tcpsecure: how strong to recommend? Anantha Ramaiah (ananth)
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? touch
- Re: [tcpm] tcpsecure: how strong to recommend? touch
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Ted Faber
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch
- Re: [tcpm] tcpsecure: how strong to recommend? Joe Touch