Re: [tcpm] tcp-security: More feedback requested for the document outline

To: Joe Touch <touch at ISI.EDU>
Subject: Re: [tcpm] tcp-security: More feedback requested for the document outline
From: Fernando Gont <fernando at gont.com.ar>
Date: Wed, 09 Sep 2009 04:27:47 -0300
Cc: "tcpm-chairs at tools.ietf.org" <tcpm-chairs at tools.ietf.org>, "tcpm at ietf.org" <tcpm at ietf.org>
Delivered-to: tcpm at core3.amsl.com
In-reply-to: <4AA74891.4000407 at isi.edu>
List-archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-help: <mailto:tcpm-request@ietf.org?subject=help>
List-id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-post: <mailto:tcpm@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
Openpgp: id=D076FFF1
References: <4AA74452.7060409 at gont.com.ar> <4AA74891.4000407 at isi.edu>
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

Hi, Joe,

> It also distinguishes between protocol weaknesses (places where the
> protocol creates a vulnerability, regardless of implementation - e.g.,
> ICMP attacks), implementation choice issues (places where a choice left
> to implementers can cause problems if poorly chosen - e.g., how some
> SHOULDs turn into "don't do this in a secure implementation"), and
> implementation vulnerabilities (implementation issues not related to
> choices in the spec that create problems - e.g., searching the TIME-WAIT
> list linearly).
> 
> Regardless of how we proceed, I believe that this latter issue should be
> considered in the presentation of solutions.

Yes. I think somebody else (David Borman?) already raised this issue.

As we start discussing the technical stuff, I will make sure it is clear
whether it's a protocol issue, an implementation issue, etc., whether
the specs mandate the behavior as a MUST, SHOULD (or whatever), and
whether the countermeasures comply with the specs or go against them.

Thanks!

Kind regards,
-- 
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

References:
- [tcpm] tcp-security: More feedback requested for the document outline
  - From: Fernando Gont
- Re: [tcpm] tcp-security: More feedback requested for the document outline
  - From: Joe Touch

Prev by Date: Re: [tcpm] tcp-security: More feedback requested for the document outline
Next by Date: Re: [tcpm] tcp-security: More feedback requested for the document outline
Previous by thread: Re: [tcpm] tcp-security: More feedback requested for the document outline
Next by thread: Re: [tcpm] tcp-security: More feedback requested for the documentoutline
Index(es):
- Date
- Thread

Re: [tcpm] tcp-security: More feedback requested for the document outline

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.