Key Change Strategies for TCP-MD5
draft-bellovin-keyroll2385-04
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2012-08-22
|
04 | (System) | post-migration administrative database adjustment to the No Objection position for Jari Arkko |
|
2007-01-11
|
04 | (System) | IANA Action state changed to No IC |
|
2007-01-10
|
04 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
|
2007-01-09
|
04 | Amy Vezza | IESG state changed to Approved-announcement sent |
|
2007-01-09
|
04 | Amy Vezza | IESG has approved the document |
|
2007-01-09
|
04 | Amy Vezza | Closed "Approve" ballot |
|
2007-01-08
|
04 | Russ Housley | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Russ Housley |
|
2007-01-08
|
04 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
|
2007-01-08
|
04 | (System) | New version available: draft-bellovin-keyroll2385-04.txt |
|
2007-01-08
|
04 | Jari Arkko | [Ballot Position Update] Position for Jari Arkko has been changed to No Objection from Discuss by Jari Arkko |
|
2006-12-27
|
04 | Jari Arkko | [Ballot discuss] > There is a problem if the unchanged machine is a "silent host" -- a > host that has nothing to say, and … [Ballot discuss] > There is a problem if the unchanged machine is a "silent host" -- a > host that has nothing to say, and hence does not transmit. The best > way to avoid this is for an upgraded machine to try a variety of keys > in event of repeated unacknowledged packets, as discussed earlier. I re-read the relevant parts of the draft and was considering removing my Discuss entirely, since the text in Section 2.2 covers most of what I wanted to say. But I would still suggest changing the The best way to avoid this is for an upgraded machine to try a variety of keys in event of repeated unacknowledged packets, as discussed earlier. to The best way to avoid this is for an upgraded machine to try a variety of keys in event of repeated unacknowledged packets, and to probe for new unused keys under silent periods, as discussed in Section 2.2. |
|
2006-11-17
|
04 | Samuel Weiler | Request for Telechat review by SECDIR Completed. Reviewer: Love Astrand. |
|
2006-11-17
|
04 | (System) | Removed from agenda for telechat - 2006-11-16 |
|
2006-11-16
|
04 | Amy Vezza | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza |
|
2006-11-16
|
04 | Ross Callon | [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon |
|
2006-11-16
|
04 | Ross Callon | [Ballot comment] A minor point: First paragraph of section 2.1: A receiver has a list of valid keys. Each key has a (conceptual) … [Ballot comment] A minor point: First paragraph of section 2.1: A receiver has a list of valid keys. Each key has a (conceptual) timestamp associated with it. When a segment arrives, each key is tried in turn. The segment is discarded if and only if it cannot be validated by any key in the list. In my reading of the document, the timestamp doesn't actually do anything wrt receiving the packet, but does have an effect on sending the packet, in that the timestamp is the earliest time that you will use the key in sending a packet, but you will use any of the configured keys in checking received packets. I think that this could be stated a bit more explicitly up front, and it seems odd that if the timestamp is only used for sending, it is described in the receiving section. One option would be to move this section ahead of the 2.1 heading, so that it becomes part of section 2, and then update it to clearly make this point. This might then make the beginning of section 2 (up to the 2.1 heading) to read: 2. The Algorithm A receiver has a list of valid keys that may be used for both transmission and reception. Each key has a (conceptual) timestamp associated with it which specifies the earliest time that it can be used for transmission. Separate algorithms are necessary for transmission and reception. Reception is easier; we explain it first. 2.1. Reception When a segment arrives, each key is tried in turn (without regard for the timestamp). The segment is discarded if and only if it cannot be validated by any key in the list. In principle,... A very minor nit: second paragraph of section 2.1, last sentence says: On the other hand, validating that a received segment is putatively legal, by checking its sequence number against the advertised window, can help avoid denial of service attacks. I think here that the word "avoid" should be "minimize the impact of", since strictly speaking this strategy doesn't completely avoid DOS attacks, it just allows you to discard some invalid packets with a relatively quick method (check sequence number) rather than a slower method (check the authentication). |
|
2006-11-16
|
04 | David Kessens | [Ballot Position Update] New position, No Objection, has been recorded by David Kessens |
|
2006-11-16
|
04 | Jari Arkko | [Ballot discuss] > There is a problem if the unchanged machine is a "silent host" -- a > host that has nothing to say, and … [Ballot discuss] > There is a problem if the unchanged machine is a "silent host" -- a > host that has nothing to say, and hence does not transmit. The best > way to avoid this is for an upgraded machine to try a variety of keys > in event of repeated unacknowledged packets, as discussed earlier. The machine cannot be silent, if it is expected to have a persistent TCP session with its peer, such as is the case with BGP use of TCP MD5. There will be ACKs. Or are you referring to a situation where the two hosts are not communicating at all, and will bring up TCP only on a per-need basis? If yes, the draft probably needs to talk about delaying any key change actions until there has been communication. |
|
2006-11-16
|
04 | Jari Arkko | [Ballot Position Update] New position, Discuss, has been recorded by Jari Arkko |
|
2006-11-16
|
04 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded by Bill Fenner |
|
2006-11-15
|
04 | Mark Townsley | [Ballot Position Update] New position, No Objection, has been recorded by Mark Townsley |
|
2006-11-15
|
04 | Brian Carpenter | [Ballot comment] No IANA considerations. Author suggests: There are no IANA actions required. The TCP-MD5 option number … [Ballot comment] No IANA considerations. Author suggests: There are no IANA actions required. The TCP-MD5 option number is defined in [RFC2385], and is currently listed by IANA. |
|
2006-11-15
|
04 | Brian Carpenter | [Ballot Position Update] New position, No Objection, has been recorded by Brian Carpenter |
|
2006-11-15
|
04 | Magnus Westerlund | [Ballot Position Update] New position, Yes, has been recorded by Magnus Westerlund |
|
2006-11-14
|
04 | Dan Romascanu | [Ballot comment] It is not clear to me what the following text in Section 3 means: 'Any monitoring mechanism can be used; most likely, it … [Ballot comment] It is not clear to me what the following text in Section 3 means: 'Any monitoring mechanism can be used; most likely, it will be a combination of a MIB entry and a command-line display.' I assume that by MIB entry the author means a MIB object or entry in a table in a standard MIB module. What command-line has to do here? Or does he mean that the current practice or recommendation for monitoring involves some mix of management interfaces out of which MIB objects accessed by SNMP and CLI are more obvious? It would be good to clarify this part of the text. |
|
2006-11-14
|
04 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
|
2006-11-14
|
04 | Cullen Jennings | [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings |
|
2006-11-13
|
04 | Ted Hardie | [Ballot Position Update] New position, No Objection, has been recorded by Ted Hardie |
|
2006-11-08
|
04 | (System) | Request for Telechat review by SECDIR is assigned to Love Astrand |
|
2006-11-08
|
04 | (System) | Request for Telechat review by SECDIR is assigned to Love Astrand |
|
2006-10-27
|
04 | Russ Housley | Placed on agenda for telechat - 2006-11-16 by Russ Housley |
|
2006-10-27
|
04 | Russ Housley | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Russ Housley |
|
2006-10-27
|
04 | Russ Housley | [Ballot Position Update] New position, Yes, has been recorded for Russ Housley |
|
2006-10-27
|
04 | Russ Housley | Ballot has been issued by Russ Housley |
|
2006-10-27
|
04 | Russ Housley | Created "Approve" ballot |
|
2006-10-26
|
04 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
|
2006-10-03
|
04 | Yoshiko Fong | IANA Last call Comment: NO IANA Considerations Section. We understand this document to have no IANA Actions. |
|
2006-09-28
|
04 | Amy Vezza | Last call sent |
|
2006-09-28
|
04 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
|
2006-09-28
|
04 | Russ Housley | State Changes to Last Call Requested from AD Evaluation by Russ Housley |
|
2006-09-28
|
04 | Russ Housley | Last Call was requested by Russ Housley |
|
2006-09-28
|
04 | (System) | Ballot writeup text was added |
|
2006-09-28
|
04 | (System) | Last call text was added |
|
2006-09-28
|
04 | (System) | Ballot approval text was added |
|
2006-09-28
|
03 | (System) | New version available: draft-bellovin-keyroll2385-03.txt |
|
2006-09-26
|
04 | Russ Housley | State Changes to AD Evaluation from Publication Requested by Russ Housley |
|
2006-09-26
|
04 | Russ Housley | Draft Added by Russ Housley in state Publication Requested |
|
2006-09-25
|
02 | (System) | New version available: draft-bellovin-keyroll2385-02.txt |
|
2006-07-17
|
01 | (System) | New version available: draft-bellovin-keyroll2385-01.txt |
|
2006-06-26
|
00 | (System) | New version available: draft-bellovin-keyroll2385-00.txt |