IETF Logo Mail Archive

Re: [tcpm] feedcback on tcp-secure-05

Joe Touch <touch@ISI.EDU> Tue, 18 July 2006 13:42 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2ppy-0002gm-7U; Tue, 18 Jul 2006 09:42:10 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2ppw-0002dE-8r for tcpm@ietf.org; Tue, 18 Jul 2006 09:42:08 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G2ppu-0001We-Sm for tcpm@ietf.org; Tue, 18 Jul 2006 09:42:08 -0400
Received: from [192.168.1.42] (pool-71-106-102-77.lsanca.dsl-w.verizon.net [71.106.102.77]) by vapor.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id k6IDfMH09780; Tue, 18 Jul 2006 06:41:22 -0700 (PDT)
Message-ID: <44BCE4FA.1050602@isi.edu>
Date: Tue, 18 Jul 2006 06:41:14 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] feedcback on tcp-secure-05
References: <0C53DCFB700D144284A584F54711EC5801D9592B@xmb-sjc-21c.amer.cisco.com> <7.0.1.0.0.20060715153423.08601b58@gont.com.ar> <44BB1882.6030904@isi.edu> <7.0.1.0.0.20060717052818.064b28b8@gont.com.ar>
In-Reply-To: <7.0.1.0.0.20060717052818.064b28b8@gont.com.ar>
X-Enigmail-Version: 0.94.0.0
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024
Cc: tcpm@ietf.org, "Anantha Ramaiah (ananth)" <ananth@cisco.com>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0861619968=="
Errors-To: tcpm-bounces@ietf.org


Fernando Gont wrote:
> At 01:56 17/07/2006, Joe Touch wrote:
> 
>> > You could also add that, fortunately, virtually every implementation
>> has
>> > mitigated the ICMP attacks described in
>> > draft-ietf-tcpm-icmp-attacks-00.txt, by implementing most (if not all)
>> > the counter-measures described in that draft.
>>
>> That last point doesn't obviate the issue that ICMP packets - even
>> validated by the mitigations in the draft above - are still easier to
>> spoof and can be spoofed by third parties than any of the attacks in
>> tcp-secure.
> 
> The counter-measures in the ICMP attacks draft eliminate the ICMP-based
> connection reset, eliminate the Source Quench attack, and require the
> attacker to be a Man In the Middle (*) for him to successfully perform
> an attack against the PMTUD mechanism.

The countermeasures there also violate the specific text in RFC1122,
*without* noting (as per my other email) the "particular circumstances".
Instead, it makes the general recommendation to change hard to soft errors.

I've repeatedly said that the text below directly negates the
requirement in RFC1122. That NEEDS to be directly highlighted in your
doc (the text that says that 1122 allows this is incorrect):

     "For security reasons,
      it would be fair to treat ICMP port unreachable messages as soft
      errors (or completely ignore them) when they are meant for
      protocols that have their own mechanism for reporting this error
      condition."

Again, I'm not going to debate this further either. I'll be glad to
remind the ADs during review; if they agree, fine.

> It is clear that with the ICMP counter-measures in place, TCP-based
> attacks are "the weakest link in the change". You don't need to "drop
> them all".

Even as soft errors, such ICMP errors could be interpreted by the
application as indicating a legitimate error that causes the connection
to be dropped, even though the only reason is attack.

However, perhaps I'm speaking more of what the ICMP draft should be
corrected to be, rather than what it is ;-) Short of changing RFC1122,
you're stuck regarding hard errors and resets, due (notably) to the
DIRECT LANGUAGE in 1122 that equates the two.

Joe




_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email