Re: Fwd: Sec-dir review of draft-ietf-tsvwg-source-quench-04
Chris Benson <cbenson@adax.com> Mon, 30 January 2012 18:05 UTC
Return-Path: <cbenson@adax.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DDB211E8086 for <tsvwg@ietfa.amsl.com>; Mon, 30 Jan 2012 10:05:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AdFoZzDuZZaE for <tsvwg@ietfa.amsl.com>; Mon, 30 Jan 2012 10:05:13 -0800 (PST)
Received: from mail1.adax.com (mail1.adax.com [70.36.226.176]) by ietfa.amsl.com (Postfix) with ESMTP id A2AAB11E8081 for <tsvwg@ietf.org>; Mon, 30 Jan 2012 10:05:13 -0800 (PST)
Received: from adax (adax [12.0.0.88]) by mail1.adax.com (Postfix) with ESMTP id 845CF1E119D; Mon, 30 Jan 2012 10:05:12 -0800 (PST)
Received: by adax (Postfix, from userid 243) id 666468EE6D; Mon, 30 Jan 2012 10:06:32 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by adax (Postfix) with ESMTP id 5C8408EE6C; Mon, 30 Jan 2012 10:06:32 -0800 (PST)
Date: Mon, 30 Jan 2012 10:06:32 -0800
From: Chris Benson <cbenson@adax.com>
X-X-Sender: cbenson@adax.adax
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Subject: Re: Fwd: Sec-dir review of draft-ietf-tsvwg-source-quench-04
In-Reply-To: <4F23C16D.8050009@erg.abdn.ac.uk>
Message-ID: <Pine.LNX.4.64.1201301003490.1443@adax.adax>
References: <AE31510960917D478171C79369B660FA0E2BFCC535@MX06A.corp.emc.com> <4F23C16D.8050009@erg.abdn.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: kathleen.moriarty@emc.com, tsvwg@ietf.org, fernando@gont.com.ar
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jan 2012 18:05:14 -0000
Hi folks, I only wish to address the WORD used in the draft. I think it is not a MUST NOT because other information (perhaps about other received packets) could be used which in tandem could suggest an attack. I therefore agree with the sentiment in general, but think it should be SHOULD NOT. With thanks, from Chris Benson. On Sat, 28 Jan 2012, Gorry Fairhurst wrote: >> Date: Sat, 28 Jan 2012 09:35:41 +0000 >> From: Gorry Fairhurst <gorry@erg.abdn.ac.uk> >> To: <tsvwg@ietf.org>, <fernando@gont.com.ar>, >> <kathleen.moriarty@emc.com>, gorry Fairhurst <gorry@erg.abdn.ac.uk> >> Subject: Fwd: Sec-dir review of draft-ietf-tsvwg-source-quench-04 >> >> >> A SecDir review of this draft (below) has raised one issue that the group >> should be aware of and may wish to comment upon. >> >> We'd value advice on the suggestion: >> >> "Receipt of an ICMP Source Quench message should not be interpreted as an >> attempt to attack the receiver." >> >> - Let's try to quickly resolve this issue. Some things to consider are: >> >> * Silently ignoring ICMP Source Quench messages eliminates the attack >> vector. >> * Firewalls/routers/etc can log anything they wish, we don't control that. >> * Receipt of an ICMP SQ is unlikely to impact a host system's transport >> anymore, and certainly not one that is updated by this RFC. >> * Some legacy equipment (perhaps even vintage) may/do generate SQ messages, >> reacting to the message (by invoking some procedure other than log/discard) >> may break an otherwise working path through this device. >> >> - The current draft says *must* not be interpreted as an attempt to attack >> the receiver, is that right, or do we wish to consider the proposal to make >> this *should* not? >> >> - If you have advice, or wish to offer better text please respond during the >> document last call! >> >> Best wishes, >> >> Gorry >> (TSCWG Chair) >> >> -------- Original Message -------- >> Subject: Sec-dir review of draft-ietf-tsvwg-source-quench-04 >> Date: Mon, 23 Jan 2012 10:34:41 -0500 >> From: <kathleen.moriarty@emc.com> >> To: <draft-ietf-tsvwg-source-quench.all@tools.ietf.org>, >> >> Hello, >> >> I have reviewed this document as part of the security directorate's >> ongoing effort to review all IETF documents being processed by the >> IESG. These comments were written primarily for the benefit of the >> security area directors. Document editors and WG chairs should treat >> these comments just like any other last call comments. >> >> The document is straightforward and well written. I just have a couple of >> nits, but think the document is ready otherwise. >> >> Suggest replacing 'must' with 'should' since the discussion is on >> interpretation. >> Change from: >> Receipt of an ICMP Source Quench message must not be interpreted as an >> attempt to attack the receiver. >> To: >> Receipt of an ICMP Source Quench message should not be interpreted as an >> attempt to attack the receiver. >> >> >> It is already clear from the rest of the draft and this section, that there >> is no risk by ignoring ICMP source quench messages, which is done by >> 'virtually all current implementations of TCP'. Should this say, virtually >> all current implementations of 'IP' or 'TCP' and 'ICMP'? The discussion >> covers source quench being deprecated (RFC1812) by router implementations 20 >> years ago and now formally deprecates this within TCP. >> >> >> Thank you, >> Kathleen >> >> >>
- Fwd: Sec-dir review of draft-ietf-tsvwg-source-qu… Gorry Fairhurst
- Re: Fwd: Sec-dir review of draft-ietf-tsvwg-sourc… Chris Benson
- Re: Fwd: Sec-dir review of draft-ietf-tsvwg-sourc… Joe Touch