Re: [tcpm] tcp-security: Request for feedback on the outline of the document

Fernando Gont <fernando@gont.com.ar> Tue, 25 August 2009 18:42 UTC

Return-Path: <fernando@gont.com.ar>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1A7513A6C7E for <tcpm@core3.amsl.com>; Tue, 25 Aug 2009 11:42:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.825
X-Spam-Level:
X-Spam-Status: No, score=-2.825 tagged_above=-999 required=5 tests=[AWL=0.774, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sa3ionkibIgq for <tcpm@core3.amsl.com>; Tue, 25 Aug 2009 11:42:23 -0700 (PDT)
Received: from smtp1.xmundo.net (smtp1.xmundo.net [201.216.232.80]) by core3.amsl.com (Postfix) with ESMTP id B242C3A6B75 for <tcpm@ietf.org>; Tue, 25 Aug 2009 11:42:18 -0700 (PDT)
Received: from venus.xmundo.net (venus.xmundo.net [201.216.232.56]) by smtp1.xmundo.net (Postfix) with ESMTP id E711C6B680E; Tue, 25 Aug 2009 15:42:17 -0300 (ART)
Received: from [192.168.0.136] (129-130-17-190.fibertel.com.ar [190.17.130.129]) (authenticated bits=0) by venus.xmundo.net (8.14.1/8.14.1) with ESMTP id n7PIg4D1011237; Tue, 25 Aug 2009 15:42:06 -0300
Message-ID: <4A94307E.2080209@gont.com.ar>
Date: Tue, 25 Aug 2009 15:42:06 -0300
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: "Eddy, Wesley M. (GRC-MS00)[Verizon]" <wesley.m.eddy@nasa.gov>
References: <4A8CBF98.1070809@gont.com.ar> <4A8D939E.9050008@isi.edu> <C304DB494AC0C04C87C6A6E2FF5603DB479B7E7359@NDJSSCC01.ndc.nasa.gov>
In-Reply-To: <C304DB494AC0C04C87C6A6E2FF5603DB479B7E7359@NDJSSCC01.ndc.nasa.gov>
X-Enigmail-Version: 0.95.7
OpenPGP: id=D076FFF1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (venus.xmundo.net [201.216.232.56]); Tue, 25 Aug 2009 15:42:17 -0300 (ART)
Cc: "tcpm@ietf.org" <tcpm@ietf.org>, Joe Touch <touch@ISI.EDU>
Subject: Re: [tcpm] tcp-security: Request for feedback on the outline of the document
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2009 18:42:24 -0000

Eddy, Wesley M. (GRC-MS00)[Verizon] wrote:


>> Then it'd be useful to break down TCP into its component parts, as
>> introduced in 2a:
>>
>> 	3 control attacks
>> 		header fields
>> 		option fields
>> 		connection establishment
>> 		connection termination
>> 		port scanning
[....]
> 
> I like the hierarchy that Joe suggests; it groups similar issues and
> recommendations together, and I agree with  him that it would pose
> no difficulty for implementers to use.

I think that for many attacks, the outline Joe is proposing becomes
ambiguous.

e.g., think about the "Rose attack" described in the MSS section. The
attack employs the TCP MSS option (and thus would be included in
"control attacks" according to Joe's outline). However, the attack
attempts to degrade performance. So.. where would the attack be finally
included?

Joe argues that "info leaking" and that port scanning is a "control
attack". But one might argue that port scanning is, in some sense, an
info leaking attack.


> David had suggested that however the document content is organized,
> an appendix can index the recommendations differently.  

I feel comfortable with David proposal, btw.

Thanks,
-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1