[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OPSEC] [tcpm] draft-gont-tcp-security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Fernando Gont wrote:
...
>> That said there's also some question as what sort of general
>> recommendations about hardening tcp would actually be consider
>> acceptable (in narrow use cases a lot more of them may well be).
>>
>> The diligent blacksmith knows that hardening a tool also
>> makes it more brittle...
>
> This is a nice quote, but... I'd like examples. e.g., start discussing
> about which specific hardening proposal makes TCP more brittle.
1) any security mechanism that increases complexity - of actions, state,
or message exchanges - any of which increases the potential for
implementation error
2) any security mechanism that has false positives, i.e., that discards
messages deemed a security threat when they were sent for legitimate reasons
#1 includes basically everything, from TCP MD5 (and TCP-AO) to tcpsecure
and ICMP filtering
#2 includes anything with nonzero false positives, such as tcpsecure and
ICMP filtering
I.e., AFAICT, *everything* that makes TCP more secure also makes it
brittle, by definition (ditto for metal hardening, FWIW). The key issue
is "when/where is the benefit worth the cost".
Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkouZsMACgkQE5f5cImnZruBvACeIsbA4PwpE4xyp22+fGzH/5j2
9DYAoOCTLsrjZU7QcfCXsYq5TERlxcYY
=ycUl
-----END PGP SIGNATURE-----