Re: [tcpm] draft-gont-tcp-security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Fernando Gont wrote:
> Joe Touch wrote:
> 
>> I'm not at all clear that the WG needs this document. 
> 
> Yes, we still have the option to ignore that vendors have had to figure
> out by themselves how to produce a resilient implementation of TCP,
> because the current IETF advice regarding this issues is close to null.
> 
> So we had tcp-secure in 2004, icmp-attacks in 2005, a claim for a
> trivial attack in 2008 (Outpost24/CERT-FI), and we'll probably continue
> in this line, because we do nothing about it.

Whether we have this document or not, we will continue to have people
who incorrectly assume that TCP is secure.

>> It summarizes issues already raised by the WG, 
> 
> I believe this statement is unfair with respect to our document. e.g.,
> has the issues described in Section 4.3, Section 9.2, or Section 10 been
> brought to tcpm before???

I didn't say that's all it does ;-) Agreed that it raises other issues,
many of which are operational.

>> and makes recommendations (IMO) in
>> excess of what the WG has agreed upon for general use.
>>
>> TCP itself is not a secure protocol, nor is it intended to be.
> 
> Yeah. But that does not mean that we should not do our best to improve
> it.

It means we should not try to give the incorrect impression that it
*can* be secured. Interpreting every unexpected event as an attack makes
a protocol robust but also brittle; TCP is intended to trade flexibility
for security, AFAICT, because it is agnostic about intent, and gives the
benefit of doubt at all times. This is a basic principle of design of
our protocols - we are "liberal in what we receive" exactly because we
do not interpret malicious intent where error could have occurred.

Consider packet drops. That can happen due to loss, non-malicious
corruption, or jamming, e.g. In the last case, it makes sense to blast
copies of packets in the hopes of getting something through, but that's
NOT what we assume.

> Please talk to vendors. I don't want to reproduce here what seems to
> be the consensus among vendors with respect to the current state of
> affairs in terms of how up-to-date our specs are.

Vendors misapply our protocols then complain that they don't work. Yes,
there are operational issues, but one severe operational issue is not
using security for some policy, financial, or operation expense and then
complaining that nonsecure TCP is being attacked.

...
>> IMO, if there are operational issues with deploying TCP in environments
>> under attack, that is an OPSEC issue.
> 
> Yeah... problems with deploying it in the current Internet...

Not every TCP everywhere is under attack. If it were, you wouldn't be
reading this message.

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknjh4wACgkQE5f5cImnZruGTgCffkfEhZCD5dEXLn9TNTrRrrs0
CHUAoPyeyOYMKIQCHfPJkMk0sct+0LEZ
=pxz5
-----END PGP SIGNATURE-----
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]