IETF Logo Mail Archive

Re: [tcpm] Some comments on tcpsecure

"Anantha Ramaiah (ananth)" <ananth@cisco.com> Tue, 08 April 2008 01:46 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5281928C17E; Mon, 7 Apr 2008 18:46:39 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1551428C1EA for <tcpm@core3.amsl.com>; Mon, 7 Apr 2008 18:46:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3GAVhpC7-NbS for <tcpm@core3.amsl.com>; Mon, 7 Apr 2008 18:46:37 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id BDC023A6C42 for <tcpm@ietf.org>; Mon, 7 Apr 2008 18:46:36 -0700 (PDT)
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-6.cisco.com with ESMTP; 07 Apr 2008 18:46:51 -0700
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m381kpmi015122; Mon, 7 Apr 2008 18:46:51 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id m381kpFx029918; Tue, 8 Apr 2008 01:46:51 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 7 Apr 2008 18:46:25 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 07 Apr 2008 18:45:53 -0700
Message-ID: <0C53DCFB700D144284A584F54711EC5804FA160F@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <20080407212400.GB20562@zod.isi.edu>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] Some comments on tcpsecure
Thread-Index: AciY9fYJsY6v0DOlS86EAGZMH/X1YwAIdzFw
References: <200804041832.m34IWTC5025090@venus.xmundo.net><47F68794.6050100@isi.edu><200804042012.m34KCk8U022643@venus.xmundo.net><47F68DC7.2050303@isi.edu> <20080407183359.GB68982@zod.isi.edu><47FA84A0.1070904@isi.edu> <20080407205711.GF68982@zod.isi.edu><47FA8BE2.3010005@isi.edu> <20080407212400.GB20562@zod.isi.edu>
From: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
To: Ted Faber <faber@ISI.EDU>, Joe Touch <touch@ISI.EDU>
X-OriginalArrivalTime: 08 Apr 2008 01:46:25.0664 (UTC) FILETIME=[5B194000:01C8991A]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1781; t=1207619211; x=1208483211; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth@cisco.com; z=From:=20=22Anantha=20Ramaiah=20(ananth)=22=20<ananth@cisco .com> |Subject:=20RE=3A=20[tcpm]=20Some=20comments=20on=20tcpsecu re |Sender:=20; bh=C8ZmgR0lcSB/aNob700fIFSB7RgC226nrKwcgA11YEI=; b=qEp9FPaVKxczoeNSkAecb2hrMZbUy4KlrPQshndpXc9qqho96d/bFykXPi yaCHzD5sofklZ85bhnKvo/FabzmKjixqni9pmKzSwaWXgptLI7gUCoZB5U8q gt6N52Ji5rzKgk8MClqAaOEnhaGRqtDL+gkpCzfK0qrtMiZZXaMf0=;
Authentication-Results: sj-dkim-1; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Cc: tcpm@ietf.org, Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] Some comments on tcpsecure
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

Ted, 

> -----Original Message-----
> From: tcpm-bounces@ietf.org [mailto:tcpm-bounces@ietf.org] On 
> Behalf Of Ted Faber
> Sent: Monday, April 07, 2008 2:24 PM
> To: Joe Touch
> Cc: tcpm@ietf.org; Fernando Gont
> Subject: Re: [tcpm] Some comments on tcpsecure
> 
> On Mon, Apr 07, 2008 at 02:02:26PM -0700, Joe Touch wrote:
> > Fair enough. It can warn - in the security considerations - 
> that these 
> > protections assume corresponding protections on ICMPs, 
> however. I.e., 
> > it  would be incorrect to recommend, but it can warn that "without 
> > corresponding ICMPs, this document may not provide the 
> desired protection"
> 
> I think the quoted text, including a citation to an 
> appropriate document, would be an excellent addition to the 
> security concerns section of this document.  That's speaking 
> as an individual.

Like it has been pointed out above, it would be incorrect to make any
recommendation about ICMP or any other form of attack vectors in the
tcpsecure doc since this document is not meant to be a repository of all
currently known ( and going to be discovered in the near future ;-)
attacks on TCP. So, IMO the verbiage needs to be chosen carefully if the
consensus is to provide a pointer to the ICMP doc in the security
consideration section. I would like to simply put an informative note
telling "spoofed ICMP packets may also result in TCP connection
stability issues, and this is discussed in more depth in......." or
something of that sort. 

$0.02,
-Anantha 
> 
> --
> Ted Faber
> http://www.isi.edu/~faber           PGP: 
> http://www.isi.edu/~faber/pubkeys.asc
> Unexpected attachment on this mail? See 
> http://www.isi.edu/~faber/FAQ.html#SIG
> 
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.29.0 | Report a Bug | By Email | System Status