Re: [tcpm] [OPSEC] draft-gont-tcp-security

To: Fernando Gont <fernando at gont.com.ar>
Subject: Re: [tcpm] [OPSEC] draft-gont-tcp-security
From: Joe Touch <touch at ISI.EDU>
Date: Tue, 09 Jun 2009 13:06:37 -0700
Cc: Joel Jaeggli <joelja at bogus.com>, opsec at ietf.org, tcpm at ietf.org
Delivered-to: tcpm at core3.amsl.com
In-reply-to: <4A2EB9B7.80907 at gont.com.ar>
List-archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-help: <mailto:tcpm-request@ietf.org?subject=help>
List-id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-post: <mailto:tcpm@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
References: <C304DB494AC0C04C87C6A6E2FF5603DB221318F5E8 at NDJSSCC01.ndc.nasa.g ov><49E36AB9.40507 at isi.edu> <49E384E9.1050106 at gont.com.ar><49E3878C.9080200 at isi.edu> <49E39119.1060902 at gont.com.ar> <B01905DA0C7CDC478F42870679DF0F1004BC4176D0 at qtdenexmbm24.AD.QINTRA.COM> <49E3A88F.9060301 at gont.com.ar> <49E3ABC0.1050601 at isi.edu> <49E3B9BF.1060901 at gont.com.ar> <49E3BED9.1030701 at isi.edu> <C9E987CC-0213-4C67-BA0A-11C736772EE7 at nokia.com> <49E4D257.40504 at gont.com.ar> <49E4E233.9040609 at earthlink.net> <EC5F7E6A-0393-41CC-B4DF-BCD134FF4EF5 at nokia.com> <49E5F36D.7020808 at earthlink.net> <A9D3331F-FDE6-4500-8650-3F94B0A78C2E at nokia.com> <49EE1873.1090907 at gont.com.ar> <88ACD16A-1137-4E55-871F-8F0C992D7A63 at nokia.com> <4A24626E.90805 at gont.com.ar> <4A26E173.6040802 at bogus.com> <4A2E1008.4060303 at gont.com.ar> <4A2E66C3.6040701 at isi.edu> <4A2EB9B7.80907 at gont.com.ar>
User-agent: Thunderbird 2.0.0.21 (Windows/20090302)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Fernando Gont wrote:
> Joe Touch wrote:
> 
>>>> 	The diligent blacksmith knows that hardening a tool also
>>>> 	makes it more brittle...
>>> This is a nice quote, but... I'd like examples. e.g., start discussing
>>> about which specific hardening proposal makes TCP more brittle.
>> 1) any security mechanism that increases complexity - of actions, state,
>> or message exchanges - any of which increases the potential for
>> implementation error
> 
> Agreed.
> 
> 
> 
>> 2) any security mechanism that has false positives, i.e., that discards
>> messages deemed a security threat when they were sent for legitimate reasons
> 
> Why would this make e.g., TCP more brittle?

It makes a TCP that used to work not work anymore.

> In any case, the actual response to such packets may vary (e.g., in the
> case of ICMP hard errors, discard vs. process as soft errors). I believe
> that no matter what the recommended response is, it is important to
> discuss these issues, and try to get consensus on what's the right thing
> to do in each case.

Agreed. In a document that aimes to describe just what has been
implemented, there's no goal of gaining community consensus, though.
There is still utility, however, in providing the alternate viewpoint on
the potential impacts of implementations.

>> #1 includes basically everything, from TCP MD5 (and TCP-AO) to tcpsecure
>> and ICMP filtering
> 
> ICMP filtering actually decreases complexity.

It requires more code to check that an ICMP is in-window than to not
check. Nearly everything requires more code, at least.

>> I.e., AFAICT, *everything* that makes TCP more secure also makes it
>> brittle, by definition (ditto for metal hardening, FWIW). The key issue
>> is "when/where is the benefit worth the cost".
> 
> As I said before, I'd like to have concrete examples from the tcp
> security i-d that are deemed to make TCP more brittle.

I did above in both cases.

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFKLsDME5f5cImnZrsRAlGWAKCzYpIm7avI7zCezK/qr6+YOmLzogCg+hQe
miDFj33au36GsANaWpxiM4w=
=6lOt
-----END PGP SIGNATURE-----

References:
- Re: [tcpm] draft-gont-tcp-security
  - From: Joe Touch
- Re: [tcpm] draft-gont-tcp-security
  - From: Fernando Gont
- Re: [tcpm] draft-gont-tcp-security
  - From: Joe Touch
- Re: [tcpm] draft-gont-tcp-security
  - From: Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Smith, Donald
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Joe Touch
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Joe Touch
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Lars Eggert
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Todd Glassey
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Lars Eggert
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Todd Glassey
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Lars Eggert
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Lars Eggert
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Joel Jaeggli
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Fernando Gont
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Joe Touch
- Re: [tcpm] [OPSEC] draft-gont-tcp-security
  - From: Fernando Gont

Prev by Date: Re: [tcpm] [OPSEC] draft-gont-tcp-security
Next by Date: [tcpm] comments on draft-ietf-tcpm-icmp-attacks-05
Previous by thread: Re: [tcpm] [OPSEC] draft-gont-tcp-security
Next by thread: Re: [tcpm] [OPSEC] draft-gont-tcp-security
Index(es):
- Date
- Thread

Re: [tcpm] [OPSEC] draft-gont-tcp-security

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.