Re: [tcpm] TCPM and draft-ietf-tcpm-icmp-attacks

[Joe Touch <touch@ISI.EDU>]

Fernando Gont wrote:
> Joe Touch wrote:
> 
>>>>>> I agree with Wes that the role of ICMP in the Internet needs to be
>>>>>> re-examined, and some changes made. However, I also believe that many of
>>>>>> the current TCPM "rush to react" changes (including tcpsecure, some of
>>>>>> the ICMP checks, some parts of the TCP cookie transactions proposal) are
>>>>>> a poor substitute for the use of true security (IPsec, TCP-AO), 
>>>>> They are not a substitute. And the recent support by Ran Atkinson
>>>>> (co-author of previous versions of the IPsec std) should be a good hint.
>>>>> See: http://www.ietf.org/mail-archive/web/ietf/current/msg60159.html
>>>> Note that he supports this as offered - Informational.
>>> That's incorrect. Go ask Ran Atkinson.
>> From the URL *you* provided:
>>
>> "I have reviewed this document and I support publishing it as
>> an Informational RFC."
> 
> Again, go and ask Ran about this I-D. Please.
> 
> BTW, Ran said: "F. Gont has done a tremendous public service in putting
> together this (and predecessor) documents with risk analyses for various
> widely deployed protocols."

The entire quote has both parts, and directly cites Informational.

I have reviewed this document and I support publishing it as
an Informational RFC.  F. Gont has done a tremendous public
service in putting together this (and predecessor) documents
with risk analyses for various widely deployed protocols.

> And you have trashed each of the documents he's referring to (including
> icmp-attacks, draft-ietf-tcpm-tcp-security, etc.).

I have criticized these documents for proposing changes to standards; I
do not have an issue with merely documenting those changes.

Joe