IETF Logo Mail Archive

Re: [Tsvwg] WGLC for draft-ietf-tsvwg-sctpthreat-01 starts NOW

Randall Stewart <randall@lakerest.net> Thu, 26 October 2006 19:59 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GdBNs-00036x-HO; Thu, 26 Oct 2006 15:59:24 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GdBMt-00021C-K8 for tsvwg@ietf.org; Thu, 26 Oct 2006 15:58:23 -0400
Received: from adsl-070-155-160-098.sip.cae.bellsouth.net ([70.155.160.98] helo=lakerest.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GdBFf-0007IE-V7 for tsvwg@ietf.org; Thu, 26 Oct 2006 15:50:57 -0400
Received: from [IPv6:::1] (localhost [IPv6:::1]) by lakerest.net (8.13.6/8.13.4) with ESMTP id k9QJp4hV022235; Thu, 26 Oct 2006 15:51:05 -0400 (EDT) (envelope-from randall@lakerest.net)
DKIM-Signature: a=rsa-sha1; c=simple/simple; d=lakerest.net; s=lakerest; t=1161892265; h=Message-ID:Date:From:User-Agent:X-Accept-Language: MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type: Content-Transfer-Encoding; b=CT2SAGDOt0lh42UPoqZHQ3aQPQ/UILgVz3gMFw qjevRFBbz3aOzciC92GBPmKpGxHCwBLSr0Y1D6rPKqa1HpHw==
Message-ID: <45411175.2070507@lakerest.net>
Date: Thu, 26 Oct 2006 15:50:13 -0400
From: Randall Stewart <randall@lakerest.net>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20060223
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Lars Eggert <lars.eggert@netlab.nec.de>
Subject: Re: [Tsvwg] WGLC for draft-ietf-tsvwg-sctpthreat-01 starts NOW
References: <4.3.2.7.2.20061015030131.036c68a0@email.cisco.com> <3F1BB508-77A1-4DF4-A48D-02FF81042E8A@netlab.nec.de>
In-Reply-To: <3F1BB508-77A1-4DF4-A48D-02FF81042E8A@netlab.nec.de>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5
Cc: Magnus Westerlund <magnus.westerlund@ericsson.com>, tsvwg <tsvwg@ietf.org>
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
Errors-To: tsvwg-bounces@ietf.org

Lars Eggert wrote:
>   This document talks about the SCTP implementors' guide a lot and how
>   it "makes changes" to SCTP to fix the threats described here. The
>   guide is not a specification - I assume 2960bis will also include
>   these fixes? If so, it should be referred to instead of (or at least
>   in addition to) the guide.

Yep.. it includes the summarized final changes of RFC4460...


> 
>   The sections labeled "Errata" aren't errata ("a list of corrected
>   errors"), they often contain a further analysis of the attack vector.
>   Suggest to pick a different heading.
> 

Any preference on what you would like the headings to be?

>   The sections labeled "Countermeasure" often don't describe
>   countermeasures but instead only offer observations about the attack
>   (4.3) or partial mitigation (6.3). Suggest to pick a different
>   headings for those cases.
> 

Same question ?

> 
> Section 2.3., paragraph 1:
>  >    HEARTBEAT-ACK the random nonce MUST match the value sent in the
> 
>   s/MUST/must/ (is the only 2119 term in the document)
> 

yep... I will fix this :-)
> 
> Section 2.3., paragraph 2:
>  >    will prevent an attacker from generating false HEARTBEAT-ACK's  with
> 
>   Nit: s/HEARTBEAT-ACK's/HEARTBEAT-ACKs/
> 
ack

> 
> Section 4.2., paragraph 2:
>  >       local lan is concerned.
> 
>   Nit: s/local lan/LAN/
> 
ack

R

-- 
Randall Stewart
803-345-0369 <or> 815-342-5222(cell)

v2.23.0 | Report a Bug | By Email