IETF Logo Mail Archive

Re: [tcpm] poll for adopting draft-gont-tcp-security

Joe Touch <touch@ISI.EDU> Tue, 30 June 2009 15:09 UTC

Return-Path: <touch@ISI.EDU>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 32FC33A6B4E for <tcpm@core3.amsl.com>; Tue, 30 Jun 2009 08:09:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Prue6A0io9Qp for <tcpm@core3.amsl.com>; Tue, 30 Jun 2009 08:09:36 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 712DF3A680A for <tcpm@ietf.org>; Tue, 30 Jun 2009 08:09:36 -0700 (PDT)
Received: from [75.212.158.245] (245.sub-75-212-158.myvzw.com [75.212.158.245]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id n5UF8aVv005601; Tue, 30 Jun 2009 08:08:38 -0700 (PDT)
Message-ID: <4A4A2A73.0@isi.edu>
Date: Tue, 30 Jun 2009 08:08:35 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
References: <C304DB494AC0C04C87C6A6E2FF5603DB2217B28763@NDJSSCC01.ndc.nasa.gov> <fc0ff13d0906241711k44de4f77u8ec825e1ea151a1e@mail.gmail.com> <4A4317ED.1040905@gont.com.ar> <4A48F60A.7020602@gmail.com> <4A49CA1A.6060702@gont.com.ar>
In-Reply-To: <4A49CA1A.6060702@gont.com.ar>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: Matt Mathis <mathis@psc.edu>, tcpm Extensions WG <tcpm@ietf.org>, Matt Mathis <matt.mathis@gmail.com>
Subject: Re: [tcpm] poll for adopting draft-gont-tcp-security
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2009 15:09:37 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Fernando Gont wrote:
> Hello, Matt,
...
> I had promised to come back to you on this one. FreeBSD ignores those
> options whose length is not equal to the expected value.
...
> Linux does exactly the same thing.
...
> This suggests that extending SACK while still using the same option type
> is not a good idea, or at least not a backwards-compatible one. 
...

It may also suggest a bug.

This is a key flaw in the approach taken in this document. A proper scan
of all aspects of TCP for security vulnerabilities would be useful, but
the doc focuses on implementations as if they provide unique or correct
insight into the issue. The state of implementations may provide a
reason to look at this issue, but do not necessarily provide the right
basis for determining how to proceed.

TCP is not secure; it was not intended to be. We cannot make it secure
simply by dropping vulnerable components. We cannot make it secure by
focusing on poor implementation choices.

If the WG is to proceed on this, there are two viable choices:

	1) a from-scratch analysis of every aspect of TCP
	for security, not just the ones implementers have
	either tripped over or misdesigned

	2) a from-scratch design of a new secure transport
	protocol (in TSVWG)

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpKKnMACgkQE5f5cImnZru7JgCfdOW7mkM7H9mMb66Uhr49gZ8m
hWoAn17S1rnnG4qiRKA4zD+7z6VRqAqU
=TgqU
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email