IETF Logo Mail Archive

[tcpm] tcpsecure recommendations

Mark Allman <mallman@icir.org> Wed, 06 February 2008 17:39 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: ietfarch-tcpm-archive@core3.amsl.com
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5227C3A6EC4; Wed, 6 Feb 2008 09:39:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.537
X-Spam-Level:
X-Spam-Status: No, score=-2.537 tagged_above=-999 required=5 tests=[AWL=0.062, BAYES_00=-2.599]
Received: from core3.amsl.com ([127.0.0.1]) by localhost (mail.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3qUKNiJjexbu; Wed, 6 Feb 2008 09:39:43 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5EB403A6EFE; Wed, 6 Feb 2008 09:39:43 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA75E3A6EFE for <tcpm@core3.amsl.com>; Wed, 6 Feb 2008 09:39:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from core3.amsl.com ([127.0.0.1]) by localhost (mail.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eu7z5foCB-LL for <tcpm@core3.amsl.com>; Wed, 6 Feb 2008 09:39:41 -0800 (PST)
Received: from pork.ICSI.Berkeley.EDU (pork.ICSI.Berkeley.EDU [192.150.186.19]) by core3.amsl.com (Postfix) with ESMTP id 22A5B3A6EC4 for <tcpm@ietf.org>; Wed, 6 Feb 2008 09:39:41 -0800 (PST)
Received: from guns.icir.org (adsl-69-222-35-58.dsl.bcvloh.ameritech.net [69.222.35.58]) by pork.ICSI.Berkeley.EDU (8.12.11.20060308/8.12.11) with ESMTP id m16HfCIV008094 for <tcpm@ietf.org>; Wed, 6 Feb 2008 09:41:12 -0800
Received: from lawyers.icir.org (adsl-69-222-35-58.dsl.bcvloh.ameritech.net [69.222.35.58]) by guns.icir.org (Postfix) with ESMTP id 2CD7514DAF31 for <tcpm@ietf.org>; Wed, 6 Feb 2008 12:41:07 -0500 (EST)
Received: from lawyers.icir.org (localhost [127.0.0.1]) by lawyers.icir.org (Postfix) with ESMTP id 6977C36516E for <tcpm@ietf.org>; Wed, 6 Feb 2008 12:40:17 -0500 (EST)
To: tcpm@ietf.org
From: Mark Allman <mallman@icir.org>
Organization: International Computer Science Institute (ICSI)
Song-of-the-Day: It's Money That Matters
MIME-Version: 1.0
Date: Wed, 06 Feb 2008 12:40:17 -0500
Message-Id: <20080206174017.6977C36516E@lawyers.icir.org>
Subject: [tcpm] tcpsecure recommendations
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mallman@icir.org
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0206536837=="
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

 
Folks-

It'd be good to get some opinions on the new tcpsecure version and get
it finished.  The sticking point on this document is how strongly to
recommend TCP stacks implement / use the three mitigations in the draft
(to spoofed RSTs, SYNs and data segments).  We had a discussion about
this in Chicago and also on the list.  Since it seemed that we were not
converging because there was not WG-wide agreement on the scope of the
document we asked the authors to generate an applicability statement.
They did that, per a previous email from Anantha.  The AS reads:

    The mitigations presented in this document talks about some known
    in-window attacks and the solutions to the same. The mitigations
    suggested in this draft SHOULD (RECOMMENDED) be implemented in
    devices where the TCP connections are most vulnerable to the attacks
    described in this document.  Some examples of such TCP connections
    are the ones that tend to be long-lived where the connection end
    points can be determined, in cases where no auxiliary anti-spoofing
    protection mechanisms like TCP MD5 can be deployed. TCP secure MAY
    (OPTIONAL) be implemented in other cases.

We can recommend each of mitigations with a MAY, SHOULD or MUST.  In
Chicago we winnowed the proposals to three three:

    (1) RST spoofing mitigation: MAY
        SYN spoofing mitigation: MAY
        data injection mitigation: MAY

    (2) RST spoofing mitigation: SHOULD
        SYN spoofing mitigation: SHOULD
        data injection mitigation: SHOULD

    (3) RST spoofing mitigation: SHOULD
        SYN spoofing mitigation: SHOULD
        data injection mitigation: MAY

Nobody has advocated for other permutations of recommendations
(although, clearly if people like some different combination they should
advocate away!).  

Can folks please weigh in on their feeling about how strongly we should
recommend these mitigations given the AS above?  It'd be great to get
this document moving and we're sort of stuck here.

Thanks,
allman




_______________________________________________
tcpm mailing list
tcpm@ietf.org
http://www.ietf.org/mailman/listinfo/tcpm

v2.20.0 | Report a Bug | By Email