IETF Logo Mail Archive

Re: [tcpm] poll for adopting draft-gont-tcp-security

Fernando Gont <fernando@gont.com.ar> Sat, 04 July 2009 06:54 UTC

Return-Path: <fernando@gont.com.ar>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 442903A67F5 for <tcpm@core3.amsl.com>; Fri, 3 Jul 2009 23:54:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.919
X-Spam-Level:
X-Spam-Status: No, score=-2.919 tagged_above=-999 required=5 tests=[AWL=0.680, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fvfs8H4C8BLF for <tcpm@core3.amsl.com>; Fri, 3 Jul 2009 23:54:41 -0700 (PDT)
Received: from smtp1.xmundo.net (smtp1.xmundo.net [201.216.232.80]) by core3.amsl.com (Postfix) with ESMTP id 53DC63A65A6 for <tcpm@ietf.org>; Fri, 3 Jul 2009 23:53:55 -0700 (PDT)
Received: from venus.xmundo.net (venus.xmundo.net [201.216.232.56]) by smtp1.xmundo.net (Postfix) with ESMTP id 041006B6747; Sat, 4 Jul 2009 03:52:23 -0300 (ART)
Received: from [192.168.0.156] (129-130-17-190.fibertel.com.ar [190.17.130.129]) (authenticated bits=0) by venus.xmundo.net (8.14.1/8.14.1) with ESMTP id n646q0SZ002813; Sat, 4 Jul 2009 03:52:00 -0300
Message-ID: <4A4EDFEB.4030008@gont.com.ar>
Date: Sat, 04 Jul 2009 03:51:55 -0100
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: Joe Touch <touch@ISI.EDU>
References: <C304DB494AC0C04C87C6A6E2FF5603DB2217B28763@NDJSSCC01.ndc.nasa.gov> <fc0ff13d0906241711k44de4f77u8ec825e1ea151a1e@mail.gmail.com> <4A4317ED.1040905@gont.com.ar> <4A48F60A.7020602@gmail.com> <4A49CA1A.6060702@gont.com.ar> <4A4A2A73.0@isi.edu> <C304DB494AC0C04C87C6A6E2FF5603DB2217BA03DF@NDJSSCC01.ndc.nasa.gov> <4A4A3F1F.1060904@isi.edu> <4A4A56F5.30806@gont.com.ar> <4A4A5A23.1010009@isi.edu> <D04557F4-BEAF-4885-AF33-D9643AF5D049@surrey.ac.uk> <4A4EA787.4090004@isi.edu> <528F1AE1-67BC-42EA-AFF7-44A231970342@surrey.ac.uk> <4A4EF1C4.50305@isi.edu>
In-Reply-To: <4A4EF1C4.50305@isi.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (venus.xmundo.net [201.216.232.56]); Sat, 04 Jul 2009 03:52:21 -0300 (ART)
Cc: tcpm Extensions WG <tcpm@ietf.org>, Lloyd Wood <L.Wood@surrey.ac.uk>
Subject: Re: [tcpm] poll for adopting draft-gont-tcp-security
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jul 2009 06:54:42 -0000

Joe Touch wrote:

> If this document contained only information of decided WG issues, 
> including WG consensus on those issues, you would be correct.

A very large part of draft-gont-tcp-security is about stuff that has
never been discussed by this wg, but that you dismiss with arguments
such as "who TCP needs not be implemented in a secure way", etc.

Also, draft-gont-tcp-security is based on the idea of giving advice for
implementing TCP as good resiliency as possible. And one might argue
that this is a different context as that of draft-ietf-icmp-attacks,
which I guess that was meant for the general case ("general case"
probably being that case in which we are happy to be vulnerable to
obvious  and trivial attacks, I guess).


> I have pointed out several cases where that is not the case - and
> that has been (and remains) my concern.

The only case for which you raised this is for the ICMP attacks stuff. 
Will you support draft-gont-tcp-security if, say, I were to remove the 
entire ICMP section, or replace it with a summary of what's in
draft-ietf-icmp-attacks?


<sidetrack>
As for the ICMP stuff itself: there have been arguments against checking
  ICMPs to be "in window". However, I don't seem to recall people arguing
against the idea of "hard errors should be processes as soft errors when
received for connections in any of the synchronized states" (*this* is
what has been implemented in virtually all stacks for more than 20 years
as the main counter-measure for icmp-based reset attacks). Has anybody
argued against ignoring ICMP source quenches meant for TCP connections?
(this is the main countermeasure for source quench attacks, and what has
been implemented in most stacks). The "in-window" check is useful as a
mitigation technique for the PMTU counter-measure -- however, the one
described in the I-D is mainly based on the idea of "check for progress
on the connection", which I believe parallels the idea in PLPMTUD. --
and I don't recall people arguing against that idea, either.
Also, see the reviewers in the Acks of the I-D.. that's people from most
of the major TCP implementations. And the ideas in the I-D are the
running code we have and we use. However, we are so full of ourselves
that we tell implementers that the code they have implemented, which has
been running the Internet for the last 20 years or so, is "buggy",
backed on how we think the code should be (despite it doesn't run in
that way, and in some cases has not done it that way for ages (if it 
ever did)).

Want to now what the industry did in response? -- The have ignored our
consensus.
</sidetrack>

Thanks,
-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

v2.23.0 | Report a Bug | By Email