Re: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-12.txt

To: "tcpm Extensions WG" <tcpm at ietf.org>
Subject: Re: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-12.txt
From: "Anantha Ramaiah (ananth)" <ananth at cisco.com>
Date: Mon, 14 Sep 2009 08:49:30 -0700
Authentication-results: sj-dkim-2; header.From=ananth at cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Cc: Fernando Gont <fernando at gont.com.ar>
Delivered-to: tcpm at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=3047; t=1252943371; x=1253807371; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth at cisco.com; z=From:=20=22Anantha=20Ramaiah=20(ananth)=22=20<ananth at cisco .com> |Subject:=20RE=3A=20[tcpm]=20I-D=20Action=3Adraft-ietf-tcpm -tcpsecure-12.txt |Sender:=20; bh=GVFgUS4AAXMqx+4B38zjsAuHvfwpMO8McBBERj66dVg=; b=gsYjWZunzdDdbA4EPmGdmzdPK7M3jalouU7E7owW4peY+JWTBZrMLF3kYm gkD7QS893kRvx/1j1+f0S5KN1wT4UNuPrmEixLjyK42vN/LYvudvXe0IbF14 Gvc1vtNb/v;
In-reply-to: <20090914153001.523FC3A68C8 at core3.amsl.com>
List-archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-help: <mailto:tcpm-request@ietf.org?subject=help>
List-id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-post: <mailto:tcpm@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
References: <20090914153001.523FC3A68C8 at core3.amsl.com>
Thread-index: Aco1UIrjoyIfPQzBQ+CHX3wOaaCoCQAAcxGg
Thread-topic: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-12.txt

 

This basically has :

The agreed upon Last Call comments incorporated.

   I have checked all the comments received and have incorporated the
ones which are agreed upon. Briefly :
 - new template
- No IPR disclsoures on IETF documents, the RFC editor would do what is
needed. Brian clarified this.
- Addressed the last call comments by Brian Carpenter.
- Fernando's Last call comments agreed upon (added references to RFC
1948 and port randomization). 
- Sandra Murphy's comments whichever has been agreed upon.
- misc (typos etc.,)

Thanks,
Anantha

> -----Original Message-----
> From: tcpm-bounces at ietf.org [mailto:tcpm-bounces at ietf.org] On 
> Behalf Of Internet-Drafts at ietf.org
> Sent: Monday, September 14, 2009 8:30 AM
> To: i-d-announce at ietf.org
> Cc: tcpm at ietf.org
> Subject: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-12.txt
> 
> A New Internet-Draft is available from the on-line 
> Internet-Drafts directories.
> This draft is a work item of the TCP Maintenance and Minor 
> Extensions Working Group of the IETF.
> 
> 
> 	Title           : Improving TCP's Robustness to Blind 
> In-Window Attacks
> 	Author(s)       : A. Ramaiah, et al.
> 	Filename        : draft-ietf-tcpm-tcpsecure-12.txt
> 	Pages           : 26
> 	Date            : 2009-09-14
> 
> TCP has historically been considered protected against 
> spoofed off- path packet injection attacks by relying on the 
> fact that it is difficult to guess the 4-tuple (the source 
> and destination IP addresses and the source and destination 
> ports) in combination with the 32 bit sequence number(s).  A 
> combination of increasing window sizes and applications using 
> longer term connections (e.g.  H-323 or Border Gateway 
> Protocol [RFC4271]) have left modern TCP implementations more 
> vulnerable to these types of spoofed packet injection attacks.
> 
> Many of these long term TCP applications tend to have 
> predictable IP addresses and ports which makes it far easier 
> for the 4-tuple (4-tuple is the same as the socket pair 
> mentioned in [RFC0793]) to be guessed.  Having guessed the 
> 4-tuple correctly, an attacker can inject a TCP segment with 
> the RST bit set, the SYN bit set or data into a TCP 
> connection by systematically guessing the sequence number of 
> the spoofed segment to be in the current receive window.  
> This can cause the connection to abort or cause data 
> corruption.  This document specifies small modifications to 
> the way TCP handles inbound segments that can reduce the 
> chances of a successful attack.
> 
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-12.txt
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> Below is the data which will enable a MIME compliant mail 
> reader implementation to automatically retrieve the ASCII 
> version of the Internet-Draft.
>

References:
- [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-12.txt
  - From: Internet-Drafts

Prev by Date: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-12.txt
Next by Date: Re: [tcpm] poll for adoption of long connectivity disruptions draft
Previous by thread: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-12.txt
Index(es):
- Date
- Thread

Re: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-12.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.