IETF Logo Mail Archive

RE: FW: Re: [tcpm] draft-ietf-tcpm-tcpsecure-00.txt

Yogesh.Swami@nokia.com Wed, 21 April 2004 23:44 UTC

Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA01387 for <tcpm-archive@odin.ietf.org>; Wed, 21 Apr 2004 19:44:02 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BGRFa-000563-Oq for tcpm-archive@odin.ietf.org; Wed, 21 Apr 2004 19:35:30 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i3LNZUe3019586 for tcpm-archive@odin.ietf.org; Wed, 21 Apr 2004 19:35:30 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BGR3x-00074w-Sy for tcpm-web-archive@optimus.ietf.org; Wed, 21 Apr 2004 19:23:29 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA29705 for <tcpm-web-archive@ietf.org>; Wed, 21 Apr 2004 19:23:26 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BGR3w-0005MS-98 for tcpm-web-archive@ietf.org; Wed, 21 Apr 2004 19:23:28 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BGR2y-00057f-00 for tcpm-web-archive@ietf.org; Wed, 21 Apr 2004 19:22:29 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BGR22-0004uE-00 for tcpm-web-archive@ietf.org; Wed, 21 Apr 2004 19:21:30 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BGQdO-0002Kh-Pj; Wed, 21 Apr 2004 18:56:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BGQIV-0006Xh-0M for tcpm@optimus.ietf.org; Wed, 21 Apr 2004 18:34:27 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA25724 for <tcpm@ietf.org>; Wed, 21 Apr 2004 18:34:22 -0400 (EDT)
From: Yogesh.Swami@nokia.com
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BGQIR-0002Bl-Mg for tcpm@ietf.org; Wed, 21 Apr 2004 18:34:23 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BGQGw-0001hM-00 for tcpm@ietf.org; Wed, 21 Apr 2004 18:32:50 -0400
Received: from mgw-x1.nokia.com ([131.228.20.21]) by ietf-mx with esmtp (Exim 4.12) id 1BGQFZ-0001II-00 for tcpm@ietf.org; Wed, 21 Apr 2004 18:31:26 -0400
Received: from esdks003.ntc.nokia.com (esdks003.ntc.nokia.com [172.21.138.158]) by mgw-x1.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i3LMVI325453; Thu, 22 Apr 2004 01:31:18 +0300 (EET DST)
X-Scanned: Thu, 22 Apr 2004 01:30:44 +0300 Nokia Message Protector V1.3.21 2004031416 - RELEASE
Received: (from root@localhost) by esdks003.ntc.nokia.com (8.12.9/8.12.9) id i3LMUiB3023365; Thu, 22 Apr 2004 01:30:44 +0300
Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks003.ntc.nokia.com 00OdCV07; Thu, 22 Apr 2004 01:30:43 EEST
Received: from daebh001.NOE.Nokia.com (daebh001.americas.nokia.com [10.241.35.121]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i3LMUds22579; Thu, 22 Apr 2004 01:30:39 +0300 (EET DST)
Received: from daebe004.NOE.Nokia.com ([10.241.35.104]) by daebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Wed, 21 Apr 2004 17:30:40 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: FW: Re: [tcpm] draft-ietf-tcpm-tcpsecure-00.txt
Date: Wed, 21 Apr 2004 17:30:38 -0500
Message-ID: <025E7DD4182874489CC2F61EE0FA19CE02885696@daebe004.americas.nokia.com>
Thread-Topic: FW: Re: [tcpm] draft-ietf-tcpm-tcpsecure-00.txt
Thread-Index: AcQn5yLj7IPqIKQST2G8/f5yUaHHhwAABjCw
To: mdalal@cisco.com, tcpm@ietf.org
X-OriginalArrivalTime: 21 Apr 2004 22:30:40.0424 (UTC) FILETIME=[46A79A80:01C427F0]
Content-Transfer-Encoding: quoted-printable
Sender: tcpm-admin@ietf.org
Errors-To: tcpm-admin@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.2 required=5.0 tests=AWL, NO_REAL_NAME autolearn=no version=2.60
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable

Mitesh-

> -----Original Message-----
> From: ext Mitesh Dalal [mailto:mdalal@cisco.com]
> Sent: Wednesday, April 21, 2004 4:22 PM
> To: tcpm@ietf.org; Swami Yogesh (Nokia-NRC/Dallas)
> Subject: Re: FW: Re: [tcpm] draft-ietf-tcpm-tcpsecure-00.txt 
> 
> 
> 
> >>  -----Original Message-----
> >> From: 	Swami Yogesh (Nokia-NRC/Dallas)  
> >> Sent:	Wednesday, April 21, 2004 10:59 AM
> >> To:	tcpm@ietf.org
> >> Subject:	
> >> 
> >> [Few late comments]
> >> 
> >> Although I have not read the draft thoroughly, I believe 
> it's probably a good 
> idea to fist define the scope of the problem that this 
> working group should try 
> to solve. TCP has a lot of vulnerabilities -- lot more than 
> what this draft 
> identifies -- and it's better to first define which problems 
> should be solved 
> and which one should not be. (Also, if the problem exists 
> only because of BGP, 
> which I don't think is the case, then maybe routers can use 
> IPSec with a well 
> known permanent shared key with different session keys. This 
> will be more 
> secure, compared to this draft, and faster to deploy.)
> >> 
> 
> Yogesh,
> the idea is to address blind attack from an attacker sitting 
> outside your
> path to the peer. The current problem is critical because it 
> takes fewer
> packets than originally believed. 
> 

I don't know if the problem is critical or not and I wasn't questing that. Sending 65,535 RST messages might be a problem for BGP, but in the broader context of TCP it might not be. A very simple intrusion detection system can (and already do) detect and drop such bursts of packets, especially when each packet has the same socket attribute.


> By lots of vulnerabilities I assume you mean brute force attacks such 
> as SYN attack, reflection attacks and man in the middle kind 
> of attack. 

No, by lots of vulnerabilities, I don't mean brute force attacks. Resetting a TCP connection might be a problem for BGP but might not the best MO for other kinds of blind attacks. For example, an attacker who wants to do blind DDoS attacks, might want to use exploit other TCP vulnerabilities (e.g., use ECN to reduce data rate) to reduce the connection handling capacity of the server than resetting the connections altogether. 

If the draft tries to make TCP more secure, as the title suggests, it needs to take a broader look than just BGP. Or it should explicitly say: "we are not looking at ..." (which is also perfectly alright with me). That's why I said it's better to define the scope of the problem.

> We are clearly not addressing these. I would be glad to hear 
> if you have
> come across similar vulnerabilities as the current draft 
> tries to address.
> 

Although I have not come across these problems myself, conventional wisdom says that if there is a security vulnerability in a protocol, it will be exploited sooner or later. The fact that this draft exists today and did not exist 10 years back, is a good evidence.


> >> Moreover, it will also be useful to specify if the 
> proposed solutions can use 
> cryptography or not. Many people are not comfortable with 
> cryptographic 
> techniques partly because of throughput reasons. But in many 
> cases it might be 
> useful to have a low computation cryptographic methods to 
> solve the problems 
> without hurting the throughput. For example, a TCP sender 
> with Time Stamp option 
> could just encrypt the 32 bit timestamp using AES, and 
> practically solve all the 
> problems in this draft. (I am not saying we should do this). 
> Encrypting a 32 bit 
> number doesn't take a lot of time/computation and the 
> receiver doesn't need to 
> keep states to make this work. And, in principle it's not 
> different from having 
> a challenge response cookie.)
> 
> Cryptographic solutions have their own limitations. They have 
> to be setup
> at both ends and have to be agreed upon. In the current 

Not necessarily. You need setup/key-exchange only if both ends need to perform cryptographic operations on the same data fields. For TCP we might not need that. Or we might, depending upon what the working group considers as a secure solution. And, that exactly what my point was in the last e-mail. 

BTW, I doubt you will get easy consensus on the solutions without precisely defining what "secure TCP" means. Security means different things to different people at different times of the day.

--Yogesh

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.35.0 | Report a Bug | By Email | System Status