Re: [tcpm] tcpsecure: how strong to recommend?

Joe Touch <touch@ISI.EDU> Sat, 29 September 2007 17:44 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IbgMF-0000RC-RV; Sat, 29 Sep 2007 13:44:03 -0400
Received: from tcpm by megatron.ietf.org with local (Exim 4.43) id 1IbgMF-0000R7-9I for tcpm-confirm+ok@megatron.ietf.org; Sat, 29 Sep 2007 13:44:03 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IbgME-0000Qz-VC for tcpm@ietf.org; Sat, 29 Sep 2007 13:44:02 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IbgME-0003b6-HN for tcpm@ietf.org; Sat, 29 Sep 2007 13:44:02 -0400
Received: from [192.168.1.39] (pool-71-106-89-188.lsanca.dsl-w.verizon.net [71.106.89.188]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id l8THhqio026914; Sat, 29 Sep 2007 10:43:52 -0700 (PDT)
Message-ID: <46FE8ECA.2010503@isi.edu>
Date: Sat, 29 Sep 2007 10:43:38 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
Subject: Re: [tcpm] tcpsecure: how strong to recommend?
References: <0C53DCFB700D144284A584F54711EC580409FD14@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <0C53DCFB700D144284A584F54711EC580409FD14@xmb-sjc-21c.amer.cisco.com>
X-Enigmail-Version: 0.95.3
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca
Cc: tcpm@ietf.org, mallman@icir.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1704291092=="
Errors-To: tcpm-bounces@ietf.org


Anantha Ramaiah (ananth) wrote:
>  
>> Second, security is increasingly a big deal everywhere. The 
>> bigger a deal it is, the more likely true authentication - in 
>> the form of either IPsec, TCP/MD5, or the latter's successors 
>> - would be the appropriate solution to protect Internet 
>> infrastructure.
> 
> TCP secure is about some modifications to make TCP robust in presense of
> some spoofed segments. TCP/MD5/Ipsec etc., are security solutions which
> are intended to protect TCP from a variety of cases.

TCP/MD5, and IPsec auth mode provide authentication. Authentication is
to protect TCP from spoofing.

TCPsecure protects against some spoofed TCP segments after a connection
is established.

TCP/MD5 and IPsec auth protect against all spoofed TCP segments
througout a connection's lifetime.

Fundamentally, though, all three protect against spoofing. That's what
authentication is all about.

Joe


_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm