Re: [tcpm] tcpsecure: how strong to recommend?

touch@ISI.EDU Fri, 05 October 2007 17:29 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Idqzr-00024W-O5; Fri, 05 Oct 2007 13:29:55 -0400
Received: from tcpm by megatron.ietf.org with local (Exim 4.43) id 1Idqzq-0001ms-91 for tcpm-confirm+ok@megatron.ietf.org; Fri, 05 Oct 2007 13:29:54 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Idqzp-0001ka-V0 for tcpm@ietf.org; Fri, 05 Oct 2007 13:29:53 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Idqzj-0005gL-MD for tcpm@ietf.org; Fri, 05 Oct 2007 13:29:53 -0400
Received: from webmail.isi.edu (webmail.isi.edu [128.9.152.28]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id l95HSn9H003386 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 5 Oct 2007 10:28:50 -0700 (PDT)
Received: (from apache@localhost) by webmail.isi.edu (8.12.8/8.12.7) id l95HSneM015125; Fri, 5 Oct 2007 10:28:49 -0700
X-Authentication-Warning: webmail.isi.edu: apache set sender to touch@isi.edu using -f
Received: from system212-7.losangeles.af.mil (system212-7.losangeles.af.mil [138.13.212.7]) by webmail.isi.edu (IMP) with HTTP for <touch@localhost>; Fri, 5 Oct 2007 10:28:49 -0700
Message-ID: <1191605329.47067451d97bc@webmail.isi.edu>
Date: Fri, 5 Oct 2007 10:28:49 -0700
From: touch@ISI.EDU
To: touch@ISI.EDU
Subject: Re: [tcpm] tcpsecure: how strong to recommend?
References: <0C53DCFB700D144284A584F54711EC580409FD4F@xmb-sjc-21c.amer.cisco.com> <46FF3FFA.4080207@isi.edu> <20071003172326.GE45911@hut.isi.edu> <4703D165.30606@isi.edu> <20071003181553.GF45911@hut.isi.edu> <4703E173.4060007@isi.edu> <20071005165755.GA2845@hut.isi.edu> <1191604898.470672a2ea7cb@webmail.isi.edu>
In-Reply-To: <1191604898.470672a2ea7cb@webmail.isi.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.2
X-Originating-IP: 138.13.212.7
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7d33c50f3756db14428398e2bdedd581
Cc: "Anantha Ramaiah \(ananth\)" <ananth@cisco.com>, tcpm@ietf.org, Ted Faber <faber@ISI.EDU>, mallman@icir.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

Quoting touch@ISI.EDU:

..
> > I think we're arguing over what to name the process.  This would be fun
> > to do in person, but I don't think it's advancing the discussion of the
> > system, or in particular of the discussion about the guidance to
> > implementers we're trying to decide on.
> 
> I agree with that, but we've tripped over some other name issues that are
> fundamental here:

, notably whether this is an update to RFC793 (I think most of us agree that it
is).

It's important for implementers to know why we're doing what we're doing, and
this is purely motivated by security concerns, and provides no real protection
from incorrect MSL estimation to TCP as a whole. That's why calling it
authentication is important. Calling it a patch to update TCP's robustness is
incorrect and misleads implementers into adopting this mechanism unncessarily.

Joe


_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm