[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OPSEC] [tcpm] draft-gont-tcp-security
- To: "'Joe Touch'" <touch at ISI.EDU>
- Subject: Re: [OPSEC] [tcpm] draft-gont-tcp-security
- From: "Smith, Donald" <Donald.Smith at qwest.com>
- Date: Mon, 13 Apr 2009 16:04:11 -0600
- Accept-language: en-US
- Acceptlanguage: en-US
- Cc: "'tcpm at ietf.org'" <tcpm at ietf.org>, "'ietf at ietf.org'" <ietf at ietf.org>, 'Joe Abley' <jabley at ca.afilias.info>, "'opsec at ietf.org'" <opsec at ietf.org>, 'Lars Eggert' <lars.eggert at nokia.com>, "'Eddy, Wesley M. \(GRC-RCN0\)\[Verizon\]'" <wesley.m.eddy at nasa.gov>
- Delivered-to: opsec at core3.amsl.com
- In-reply-to: <49E3A9D6.4030504 at isi.edu>
- List-archive: <http://www.ietf.org/mail-archive/web/opsec>
- List-help: <mailto:opsec-request@ietf.org?subject=help>
- List-id: opsec wg mailing list <opsec.ietf.org>
- List-post: <mailto:opsec@ietf.org>
- List-subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
- References: <C304DB494AC0C04C87C6A6E2FF5603DB221318F5E8 at NDJSSCC01.ndc.nasa.g ov><49E36AB9.40507 at isi.edu> <49E384E9.1050106 at gont.com.ar><49E3878C.9080200 at isi.edu> <49E39119.1060902 at gont.com.ar> <B01905DA0C7CDC478F42870679DF0F1004BC4176D0 at qtdenexmbm24.AD.QINTRA.COM> <49E3A9D6.4030504 at isi.edu>
- Thread-index: Acm8fCTNNWHKB3L4SN2ay+XPh46BiwAAxQwg
- Thread-topic: [OPSEC] [tcpm] draft-gont-tcp-security
(coffee != sleep) & (!coffee == sleep)
Donald.Smith at qwest.com gcia
> -----Original Message-----
> From: Joe Touch [mailto:touch at ISI.EDU]
> Sent: Monday, April 13, 2009 3:09 PM
> To: Smith, Donald
> Cc: 'Fernando Gont'; 'tcpm at ietf.org'; 'ietf at ietf.org'; 'Joe
> Abley'; 'opsec at ietf.org'; 'Lars Eggert'; 'Eddy,Wesley M.
> (GRC-RCN0)[Verizon]'
> Subject: Re: [OPSEC] [tcpm] draft-gont-tcp-security
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Donald,
>
> I'm confused by your post. You appear to believe that TCP is
> intended to
> be secure. Note that TCP does not require either the MD5 or
> AO extension.
I didn't mentioned authentication or authorization in my description of security but those
two enhancements do provide some ability for authentication and authorization.
Yes, I do think elements of tcp/ip were designed to address the integrity and availablity.
>
> Smith, Donald wrote:
> >
> > (coffee != sleep) & (!coffee == sleep)
> > Donald.Smith at qwest.com gcia
> >
> >> -----Original Message-----
> >> From: opsec-bounces at ietf.org [mailto:opsec-bounces at ietf.org]
> >> On Behalf Of Fernando Gont
> >> Sent: Monday, April 13, 2009 1:23 PM
> >> To: Joe Touch
> >> Cc: tcpm at ietf.org; ietf at ietf.org; Joe Abley; opsec at ietf.org;
> >> Lars Eggert; Eddy,Wesley M. (GRC-RCN0)[Verizon]
> >> Subject: Re: [OPSEC] [tcpm] draft-gont-tcp-security
> >>
> >> Joe Touch wrote:
> >>
> >>>> So we had tcp-secure in 2004, icmp-attacks in 2005, a claim for a
> >>>> trivial attack in 2008 (Outpost24/CERT-FI), and we'll
> >> probably continue
> >>>> in this line, because we do nothing about it.
> >>> Whether we have this document or not, we will continue to
> >> have people
> >>> who incorrectly assume that TCP is secure.
> >
> > Secure is a general term. TCP was intended to address
> several areas of security.
> > The classic tenets for computer security is:
> > CIA -> Confidentiality, Integrity and Availability.
> > TCP doesn't attempt to address Confidentiality.
> > However it was designed to address integrity and availability so
> > failures in those areas should be documented and addressed in some
> > fashion.
>
> Can you explain this? Where is the integrity protection? Where is the
> availability specified?
Checksumming in tcp/ip is intended to provide intregrity protection.
Mind you it is NOT tamper proof but that is the intent.
Detection of lost packets, retransmitions, reassembly of fragments, congestion notification, dynamic routing and many other tcp/ip features are intended to address availablity.
>
> ...
> >> It's security/resiliency can be improved. After all, if
> that were not
> >> the case, I guess you're wasting your time with TCP-AO. Or
> is it that
> >> you believe the only way to improve a protocol is to throw
> >> crypto at it?
> >
> > Adding crypto improves confidentiality and integrity but is counter
> > productive to availability as most
> > crypto engines are prone to fairly low pps resource exhaustion
> > attacks.
>
> All prevention methods are susceptible to computational resource
> attacks, since all increase the operations performed on a
> packet.
GTSM is a valuable exception to this statement but other then that I tend to agree:)
>It is
> commonly assumed that this is a desirable tradeoff, and that the
> computational resources can be totally protected with line-rate
> dedicated computation (e.g., hardware assist).
I believe that is a common assumption however I don't believe that assumption is correct.
I do a fair amount of router testing and although some portions of ipv4 are hardware assisted and therefore line-rate there are still many paths to the "slow path". IPv6 has many more routes to the slow path:(
>
> Joe
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAknjqdYACgkQE5f5cImnZruhawCgqqkl3NPljMkNRz8buEYROGUO
> R2kAnRHhQmWJVtXq/j2wbNy64q6QWe+u
> =OkiS
> -----END PGP SIGNATURE-----
>