Re: [tcpm] TCP-AO review comments.
Caitlin Bestler <cait@asomi.com> Wed, 06 August 2008 14:00 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7022D28C385; Wed, 6 Aug 2008 07:00:04 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3C3E428C383 for <tcpm@core3.amsl.com>; Wed, 6 Aug 2008 07:00:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uOCzSrNoAHnE for <tcpm@core3.amsl.com>; Wed, 6 Aug 2008 07:00:02 -0700 (PDT)
Received: from mail1.sea5.speakeasy.net (mail1.sea5.speakeasy.net [69.17.117.3]) by core3.amsl.com (Postfix) with ESMTP id 1667928C384 for <tcpm@ietf.org>; Wed, 6 Aug 2008 07:00:02 -0700 (PDT)
Received: (qmail 13870 invoked from network); 6 Aug 2008 13:58:36 -0000
Received: from imac.asomi.com (cait@asomi.com@[66.92.48.27]) (envelope-sender <cait@asomi.com>) by mail1.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for <lars.eggert@nokia.com>; 6 Aug 2008 13:58:36 -0000
Message-ID: <4899AE0C.6080206@asomi.com>
Date: Wed, 06 Aug 2008 06:58:36 -0700
From: Caitlin Bestler <cait@asomi.com>
User-Agent: Thunderbird 2.0.0.16 (Macintosh/20080707)
MIME-Version: 1.0
To: Lars Eggert <lars.eggert@nokia.com>
References: <0C53DCFB700D144284A584F54711EC58058C2FD4@xmb-sjc-21c.amer.cisco.com> <48939933.3030601@isi.edu> <C4CB96A1-6990-48A2-AF3E-A429C0DBE312@nokia.com>
In-Reply-To: <C4CB96A1-6990-48A2-AF3E-A429C0DBE312@nokia.com>
Cc: tcpm@ietf.org, "Anantha Ramaiah (ananth)" <ananth@cisco.com>, ext Joe Touch <touch@isi.edu>
Subject: Re: [tcpm] TCP-AO review comments.
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
Lars Eggert wrote: > On 2008-8-2, at 2:16, ext Joe Touch wrote: >> | I have problem with the term "obsoletes 2385" [ I did bring this up >> | before] It is going to be a long time before deployments move over to >> | the new TCP auth option. >> >> Practically, "obsoletes" doesn't obsolete anything. It does indicate >> that the IETF wants a protocol to be replaced by something else. That >> doesn't mean the older one can't be used for legacy support, e.g., >> AFAICT - and that clearly should apply here. If the IESG thinks that >> this is consistent with "Obsoltes", would that be OK? > > We need to distinguish between one RFC obsoleting another RFC, and > moving an RFC to "historic". Unfortunately, neither is very clearly > defined. > > Here's my current thinking: Obsoleting is typically used when one RFC is > a drop-in replacement for another RFC. For example, bug-fix revisions of > an RFC typically obsolete the previous RFC, as do minor > backwards-compatible implementations. That isn't quite the case for AO > and TCP-MD5. AO is a replacement for TCP-MD5, but it isn't a simple > revision or extension of TCP-MD5, it's a new mechanism to provide > similar functionality in a (slightly) different way. > > So, my current thinking is that AO should maybe move TCP-MD5 to > "historic". That would indicate that new implementations shouldn't > implement TCP-MD5 and existing ones are encouraged to move away from it. > But this isn't a clear -cut case. Comments? > I have always viewed a new TCP-Auth RFC as a drop-in replacement for TCP-MD5. Basically, this is an application layer problem being foisted upon the transport layer. It creates unneeded clutter at the transport layer that is not of general utility. The fact that it is replacing an existing option is the only real justification for doing it. Stare decisis is good for constitutional law, it makes sense for standards as well. But we need to be clear that we are not creating an *additional* transport layer encryption solution to solve poor application design, we're just replacing an existing problem. _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- Re: [tcpm] TCP-AO review comments. Joe Touch
- [tcpm] TCP-AO review comments. Anantha Ramaiah (ananth)
- Re: [tcpm] TCP-AO review comments. Joe Touch
- Re: [tcpm] TCP-AO review comments. Anantha Ramaiah (ananth)
- Re: [tcpm] TCP-AO review comments. Joe Touch
- Re: [tcpm] TCP-AO review comments. Eddy, Wesley M. (GRC-RCN0)[VZ]
- Re: [tcpm] TCP-AO review comments. Adam Langley
- Re: [tcpm] TCP-AO review comments. Chandrashekhar Appanna
- Re: [tcpm] TCP-AO review comments. Lars Eggert
- Re: [tcpm] TCP-AO review comments. Caitlin Bestler
- Re: [tcpm] TCP-AO review comments. Eric Rescorla
- Re: [tcpm] TCP-AO review comments. Joe Touch
- Re: [tcpm] TCP-AO review comments. Ron Bonica
- Re: [tcpm] TCP-AO review comments. Stefanos Harhalakis
- Re: [tcpm] TCP-AO review comments. Joe Touch
- Re: [tcpm] TCP-AO review comments. Joe Touch
- Re: [tcpm] TCP-AO review comments. Stefanos Harhalakis
- Re: [tcpm] TCP-AO review comments. Joe Touch
- Re: [tcpm] TCP-AO review comments. Stefanos Harhalakis