IETF Logo Mail Archive

Re: [tcpm] tcpsecure: how strong to recommend?

Joe Touch <touch@ISI.EDU> Mon, 24 September 2007 22:34 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZwVy-0007KA-GZ; Mon, 24 Sep 2007 18:34:54 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZwVx-0007Ic-BQ for tcpm@ietf.org; Mon, 24 Sep 2007 18:34:53 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IZwVr-0007kj-2k for tcpm@ietf.org; Mon, 24 Sep 2007 18:34:53 -0400
Received: from [192.168.1.39] (pool-71-106-89-188.lsanca.dsl-w.verizon.net [71.106.89.188]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id l8OMYOnP003653; Mon, 24 Sep 2007 15:34:24 -0700 (PDT)
Message-ID: <46F83B6D.6000301@isi.edu>
Date: Mon, 24 Sep 2007 15:34:21 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: mallman@icir.org
Subject: Re: [tcpm] tcpsecure: how strong to recommend?
References: <20070924174444.F2C662A7182@lawyers.icir.org>
In-Reply-To: <20070924174444.F2C662A7182@lawyers.icir.org>
X-Enigmail-Version: 0.95.3
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: fb6060cb60c0cea16e3f7219e40a0a81
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0371529246=="
Errors-To: tcpm-bounces@ietf.org

I'd encourage others to weigh in on this. I'm uncomfortable with our
making recommendations to change TCP's fundamental behavior as a SHOULD
on the basis of a handful of representatives.

Joe

Mark Allman wrote:
>  
> Folks-
> 
> The seeming last issue with the tcpsecure document is how strong to
> recommend the various mitigations.  To review, there are three
> mitigations for RST, SYN and data injection attacks.  The question is
> whether to say that a TCP (1) MAY use all these mitigations, (2) SHOULD
> use all these mitigations or (3) SHOULD use the mitigations for the RST
> & SYN attacks and MAY use the data injection mitigation.  Clearly there
> are other permutations (and one could also bring MUST and MUST NOT into
> the conversation), however these three options have been voiced.  If you
> have some other permutation then voice it.
> 
> In the meeting in Chicago we took a "visual hum" and the tally looks
> like this:
> 
>       all SHOULDs: 4
>       all MAYs: 3
>       two SHOULDs and a MAY: 8
> 
> So, our inclination is to go with option (3) from my list above.  If you
> think this is the wrong way to go please yell---especially if you are
> not reflected in the 15 folks who took part in the visual hum.
> 
> Thanks,
> allman
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www1.ietf.org/mailman/listinfo/tcpm


_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email