Joe Touch wrote:
The consensus seems to be that the current state of affairs is something
like: "a mess". Even if you do care to produce a resilient
implementation, that task is going to be much harder than necessary. You
don't know the amount of cycles we spent in producing
draft-gont-tcp-security.... let alone the time it would take to move the
advice in an actual implementation.
Advice in making a hardened version of TCP would be useful to the
implementation community.
To a large extent this is what draft-gont-tcp-security is about.
However, if you're saying that TCP specs in general are a mess, yes they
are. That's why we created a roadmap document, and why it needs to be
maintained. If you're suggesting we need a clean single documentation of
what TCP is, I might even agree. However:
1) TCPM is not the place that would generate it
(IMO, that'd be TSVWG)
2) this document is not a step in that direction
The tcp roadmap is a roadmap to the documents that the IETF has
published. There's lots of stuff that has not been published by the IETF
and that therefore is not discussed in the tcp roadmap.
This is another area in which this document tries to help.
You've produced a summary of issues you feel would harden TCP. I feel
that some of them make TCP more brittle, and some make TCP unnecessarily
complex, and in both cases the mods are not needed in the general
Internet.
Is there nothing in the document with which you agree?
TCPsecure is a good example; it has caveats in its ID that
indicate where it is useful and where it is not -- it is NOT a general
solution for the entire Internet (the WG basically agreed to that with
the wording for its use cases).
c'mon Joe.. IMO, tcpsecure needed to include those statements about
usefulness in large part because it was IPR-encumbered, and in part as a
political workaround that would avoid further waste of time in endless
discussions.
In many cases the lack of a straight answer may have to do with us being
unable to get to consensus and get something published in a timely
fashion. e.g., the last round on ICMP attacks against TCP was circa
2004. At that point an I-D was published on the subject (now
draft-ietf-tcpm-icmp-attacks). Yet we're still nitpicking on it, when
everybody did something about it five years ago.
Uh, well, we're deciding whether we agree with what's been deployed.
Deploying some of these changes hasn't always been a good idea; if it
were, we'd be agreeing to it.
Some people prefer to get work done instead of committing/wasting lots
of cycles in endless discussions.
It becomes harder to get s staright answer when it's impossible for a
vendor to point to a counter-measure that is supposed to be the result
of a thorough review process, in a *timely* fashion.
Can you be as specific here as you want us to be? What exactly does a
vendor want that isn't provided by IPsec, TCP MD5, etc., or the existing
known countermeasures?
What's "the existing known counter-measures"?
I'm aware there's an effort in the vendor community to improve the
resiliency of TCP basedon the document published by UK CPNI. Yet we're
still debating whether to ignore it or not.... maybe so that we can
publish an RFC in the future tagging those implementations as
non-compliant... or maybe to allow tcp vulnerabilities to be
"rediscovered" every few years.
If the vendors are following this doc already, then we REALLY need to
ensure it's updated with advice appropriate to the context in which it
is deployed.
FWIW, vendors are following the UK CPNI document. The idea of bringing
those results to the IETF is so that these results/advice can be further
discussed, more eyes look into them, and the doc is modified if it is
felt necessary.
Running around saying the sky is falling for everyone isn't
going to help.
Who did that? We worked on this document very silently for a couple of
years. If we had wanted that "sky is falling" approach, we would have
gone to the press before showing anything (like quite a few folks have
been doing in the recent past). Or we could have announced part of this
stuff as "vulnerabilities" to the press..
That wasn't the case.
I tried to get many people to review the document, and have the document
be as objective as possible. At least for the ip-security counterpart, I
recall asking you to have a look at it before publication, even when I
knew that you'd most likely disagree with large parts of the document.
This project is already done.... but nevertheless I'm still spending
some cycles to bring this to the IETF, because I truly believe the IETF
should work on it. Neither me nor UK CPNI have IPRs or anything on the
material covered in our document... so there's no hidden motivation in
all this.
Honestly, I'm not sure why you always have to knock down others' efforts
on a "by default" basis, and prejudge the motivation behind those efforts.
Kind regards,
--
Fernando Gont
e-mail: fernando(_at_)gont(_dot_)com(_dot_)ar || fgont(_at_)acm(_dot_)org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf