Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf-tcpm-rfc793bis-25: (with DISCUSS and COMMENT)
"Scharf, Michael" <Michael.Scharf@hs-esslingen.de> Mon, 28 February 2022 11:55 UTC
Return-Path: <Michael.Scharf@hs-esslingen.de>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52DE43A1067; Mon, 28 Feb 2022 03:55:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hs-esslingen.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dOtFa7nNY1jG; Mon, 28 Feb 2022 03:54:58 -0800 (PST)
Received: from mail.hs-esslingen.de (mail.hs-esslingen.de [134.108.32.78]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F15DA3A1008; Mon, 28 Feb 2022 03:54:57 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.hs-esslingen.de (Postfix) with ESMTP id A596925A15; Mon, 28 Feb 2022 12:54:55 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hs-esslingen.de; s=mail; t=1646049295; bh=QMI6yfb3W39QP9jtiQfdQsPPnE5Q7fPMhWWRsuOO7VM=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=azYsVlJ8s/FLrIb8Jo/AIhTm1klEtqs/iLK22j9Uc1xSyvSo9ARvMbWBGaZgTMJX3 eeIh979qAqDSYPnWyDsWuW8Ds4r7pEM8z061D+oPbLTmiPBoaQFOhhlBsAc9A7Oq+4 9sPddclbebAbdXPmE5mXjeTyWC9sr2HKT/qrqARk=
X-Virus-Scanned: by amavisd-new-2.7.1 (20120429) (Debian) at hs-esslingen.de
Received: from mail.hs-esslingen.de ([127.0.0.1]) by localhost (hs-esslingen.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0wuLcSio5-zV; Mon, 28 Feb 2022 12:54:54 +0100 (CET)
Received: from rznt8202.rznt.rzdir.fht-esslingen.de (rznt8202.hs-esslingen.de [134.108.48.165]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.hs-esslingen.de (Postfix) with ESMTPS; Mon, 28 Feb 2022 12:54:54 +0100 (CET)
Received: from rznt8202.rznt.rzdir.fht-esslingen.de (134.108.48.165) by rznt8202.rznt.rzdir.fht-esslingen.de (134.108.48.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.18; Mon, 28 Feb 2022 12:54:48 +0100
Received: from rznt8202.rznt.rzdir.fht-esslingen.de ([fe80::aca4:171a:3ee1:57e0]) by rznt8202.rznt.rzdir.fht-esslingen.de ([fe80::aca4:171a:3ee1:57e0%3]) with mapi id 15.01.2375.018; Mon, 28 Feb 2022 12:54:48 +0100
From: "Scharf, Michael" <Michael.Scharf@hs-esslingen.de>
To: "touch@strayalpha.com" <touch@strayalpha.com>, Benjamin Kaduk <kaduk@mit.edu>
CC: Wes Eddy <wes@mti-systems.com>, "draft-ietf-tcpm-rfc793bis@ietf.org" <draft-ietf-tcpm-rfc793bis@ietf.org>, "tcpm@ietf.org Extensions" <tcpm@ietf.org>, The IESG <iesg@ietf.org>, "tcpm-chairs@ietf.org" <tcpm-chairs@ietf.org>
Thread-Topic: [tcpm] Benjamin Kaduk's Discuss on draft-ietf-tcpm-rfc793bis-25: (with DISCUSS and COMMENT)
Thread-Index: AQHXsCvcnc/noM1n0UyxQ6Ty5CuigaxcPJUAgElnwoCAABvcAIAEDXqA
Date: Mon, 28 Feb 2022 11:54:48 +0000
Message-ID: <927f0d019fee43c2a385b04c7909c0e9@hs-esslingen.de>
References: <163236803976.28405.5643771942452620510@ietfa.amsl.com> <6f6e7b90-081a-74b4-b329-8879addcb8c4@mti-systems.com> <20220225210031.GV12881@kduck.mit.edu> <5F0B3950-90A5-4C8E-9C2D-7C70B2108C1B@strayalpha.com>
In-Reply-To: <5F0B3950-90A5-4C8E-9C2D-7C70B2108C1B@strayalpha.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [134.108.140.249]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/hXulKDOF8w2tDrio_hiCZCDaUNY>
Subject: Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf-tcpm-rfc793bis-25: (with DISCUSS and COMMENT)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Feb 2022 11:55:04 -0000
Chiming in as TCPM co-chair and document shepherd... > > Here, we > > have the constraint of retaining compatibility with the existing deployment > > base (which is a very compelling constraint!), so you do not see me > > advocating for mandatory tcpcrypt (for example). But I want to see some > > explanation of what harm or risk there is in saying that the ISN is always > > produced with the PRF of the 5-tuple (okay, 4-tuple since the protocol is > > always TCP), to motivate a divergence from the more-secure behavior and > > thereby justify retaining the behavior currently in the draft. What > > constraint are we subject to that prevents doing the right (security-wise) > > thing? > > We already have RFC6528 that specifies this as a SHOULD. > > My question to you is “what has changed since 2012 that makes you think > this is now appropriate for a MUST”. It was clear consensus in TCPM *not* to realize SHOULD/MUST modifications of the TCP protocol in 793bis, but instead to limit the document to protocol mechanisms that already have IETF consensus. It was also TCPM consensus that stacks that correctly implement existing TCP standards prior to 793bis should not become incompatible to the TCP standards once 793bis is published. > AFAICT, that’s where the burden of proof is, not on us to defend keeping a > SHOULD. If a SHOULD shall be replaced by a MUST, an alternative approach would be to start a new standards track document in TCPM, get feedback from implementers, ensure that the change indeed has TCPM working group and IETF consensus, and then update the TCP standards accordingly. In this specific case, that spec would be probably a short document that can be reviewed relatively easily and thus published fast, if the TCPM working group agrees that it is the right-thing-to-do. Michael
- [tcpm] Benjamin Kaduk's Discuss on draft-ietf-tcp… Benjamin Kaduk via Datatracker
- Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf… touch@strayalpha.com
- Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf… Wesley Eddy
- Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf… touch@strayalpha.com
- Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf… Wesley Eddy
- Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf… touch@strayalpha.com
- Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf… Scharf, Michael
- Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf… Wesley Eddy
- Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf… Joe Touch
- Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [tcpm] Benjamin Kaduk's Discuss on draft-ietf… touch@strayalpha.com