Re: Summary of responses so far and proposal moving forward[WasRe: [tcpm] Is this a problem?]

Mark Allman <mallman@icir.org> Mon, 26 November 2007 16:33 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iwgu4-0005hV-I1; Mon, 26 Nov 2007 11:33:48 -0500
Received: from tcpm by megatron.ietf.org with local (Exim 4.43) id 1Iwgu3-0005dk-0k for tcpm-confirm+ok@megatron.ietf.org; Mon, 26 Nov 2007 11:33:47 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iwgu2-0005db-NR for tcpm@ietf.org; Mon, 26 Nov 2007 11:33:46 -0500
Received: from pork.icsi.berkeley.edu ([192.150.186.19]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Iwgtw-0002fo-21 for tcpm@ietf.org; Mon, 26 Nov 2007 11:33:46 -0500
Received: from guns.icir.org (adsl-69-222-35-58.dsl.bcvloh.ameritech.net [69.222.35.58]) by pork.ICSI.Berkeley.EDU (8.12.11.20060308/8.12.11) with ESMTP id lAQGXc7h003394; Mon, 26 Nov 2007 08:33:39 -0800
Received: from lawyers.icir.org (adsl-69-222-35-58.dsl.bcvloh.ameritech.net [69.222.35.58]) by guns.icir.org (Postfix) with ESMTP id 07DBC1262583; Mon, 26 Nov 2007 11:33:34 -0500 (EST)
Received: from lawyers.icir.org (localhost [127.0.0.1]) by lawyers.icir.org (Postfix) with ESMTP id 326192FC402; Mon, 26 Nov 2007 11:33:05 -0500 (EST)
To: Joe Touch <touch@ISI.EDU>
From: Mark Allman <mallman@icir.org>
Subject: Re: Summary of responses so far and proposal moving forward[WasRe: [tcpm] Is this a problem?]
In-Reply-To: <474AF34B.40805@isi.edu>
Organization: ICSI Center for Internet Research (ICIR)
Song-of-the-Day: Walk on the Wild Side
MIME-Version: 1.0
Date: Mon, 26 Nov 2007 11:33:05 -0500
Message-Id: <20071126163305.326192FC402@lawyers.icir.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: mallman@icir.org
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0624671319=="
Errors-To: tcpm-bounces@ietf.org

> Mark Allman wrote:
> > Joe-
> > 
> > You and I are just going to disagree.
> > 
> >> That OS is required to reserve per-connection resources when
> >> connections are created. It can halt new connections.
> > 
> > If this is the general reading of the spec then TCP has a built-in DoS
> > vulnerability that we need to fix.
> 
> There's nothing in TCP that says that new connections will ALWAYS
> succeed.

Can you find a prohibition on connections failing?

Joe, you surely see the problem, right?  I am not saying that new
connections always have to succeed.  I am saying that if the spec allows
for a case whereby an attacker can coax a host into a state whereby all
new connections will fail that is a DoS attack.  Do you disagree with
that?

> It's very specifically in 1122. Local policies can kill applications,
> but can't go around gleaning connections it *thinks* aren't useful.

Nobody said it thought these connections were not useful.  I don't read
the standards as saying that when resources are severely constrained
then action cannot be taken based on some local policy decisions.  But,
that is just me.

> If you want a new RFC that allows connection revocation, then it's
> *definitely* a standards change.

I don't think we need to change anything.  I think the current version
covers this fine.  You and I just disagree on this point.  If consensus
is with you, then I would agree that it would be a standards track
change.

allman



_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm