The TCP Authentication Option
draft-ietf-tcpm-tcp-auth-opt-11

[Ballot discuss]
This is a good document.
I have one probably pedantic and trivial to address comment, but I would like to fully understand the implication of the following text before recommending approval of this document:

10. Obsoleting TCP MD5 and Legacy Interactions

  TCP-AO obsoletes TCP MD5. As we have noted earlier:

  >> TCP implementations MUST support TCP-AO.

Does this mean that the document should include the appropriate "Updates: " field at the top?

[Ballot comment]
Give this disables much of ICMP, particularly destination unreachable, would it be worth mentioning in the applicability statement of situations when it was not appropriate to use it or timing consideration changes that needed to be made to applications using it?

[Ballot discuss]
The drafts says

    TCP implementations MUST support TCP-AO.

This would require this draft to be an "update"  to the base TCP spec.

Given that this does not work with NATs, I think it is too much to expect all implementations to support it. Many devices are nearly 100% deployed behind NATs and have close to no need for the security this provides. Is there some discussion on some list I should go read about this to get an idea of the Consensus for this?

[Ballot discuss]
I have reviewed draft-ietf-tcpm-tcp-auth-opt-10, and have one concern
that I'd like to discuss before recommending approval of the document:

It seems TCP-AO is mainly useful for places where TCP-MD5 is used
today (i.e., routers), and most hosts on the Internet would never
need it. Given this, "TCP implementations MUST support TCP-AO" does
not sound reasonable to me.

[Ballot comment]
The Gen-ART Review by Wassim Haddad on 2010-03-09 included some
  editorial comments.  Please consider them if an update to this
  document is needed for any reason.

[Ballot discuss]
The Gen-ART Review by Wassim Haddad on 2010-03-09 raised two minor
  issues:

  - Page 13, Figure 3: traffic keys derived show two "Send_Other_key"
    in all 3 boxes.  Shouldn't be Rcv_Other_key?

  - Page 37: sub-section 2: a) Privacy: "TCP exposes "only" the MKT
    IDs, MAC, and overall option.  Question: is "only" really needed?

  I think the first one ought to be corrected.  Please consider the
  second one as well.

[Ballot comment]
Thanks for this document. General sigh of "at last" :-)

A few small wrinklettes...

ISN is used in Section 1 without expansion.
(although it is subsequently expanded multiple times)

---

Section 4.2

      >> The Length value MUST be consistent with the TCP header length;
      this is a consistency check and avoids overrun/underrun abuse.
      When the Length value is invalid, TCP MUST discard the segment.

"MUST be consistent" is a little vague. I can only assume that you
mean that the length must not imply that the option extends beyond the
end of the header as specified by the header length.

---

MKT is used in Section 4.2 without expansion or reference.
Add a forward pointer to 5.1?

---

Semantic tautology.

I think the phrase "TCP-AO option" may include some redundancy.
Cf. the header to Section 4.2.

---

Section 9.1
s/implmentation/implementation/

[Ballot comment]
4.2. The TCP-AO Option

  o  RNextKeyID: An unsigned 1-byte field indicating the MKT that the
      sender is ready use to receive authenticated segments, i.e., the

"ready use to receive"?

      desired 'receive next' keyID.

14. IANA Considerations

  [NOTE: This section be removed prior to publication as an RFC]

I don't think this note is correct, the section is non empty.

[Ballot discuss]
This is a good document.
I have one probably pedantic and trivial to address comment, but I would like to fully understand the implication of the following text before recommending approval of this document:

10. Obsoleting TCP MD5 and Legacy Interactions

  TCP-AO obsoletes TCP MD5. As we have noted earlier:

  >> TCP implementations MUST support TCP-AO.

Does this mean that the document should include the appropriate "Updates: " field at the top?

[Ballot comment]
4.2. The TCP-AO Option

  o  RNextKeyID: An unsigned 1-byte field indicating the MKT that the
      sender is ready use to receive authenticated segments, i.e., the

"ready use to receive"?

      desired 'receive next' keyID.

14. IANA Considerations

  [NOTE: This section be removed prior to publication as an RFC]

I don't think this note is correct, the section is non empty.

[Ballot discuss]
This is a good document.
I have one probably pedantic and trivial to address comment, but I would like to fully understand the implication of the following text before recommending approval of this document:

10. Obsoleting TCP MD5 and Legacy Interactions

  TCP-AO obsoletes TCP MD5. As we have noted earlier:

  >> TCP implementations MUST support TCP-AO.

Does this mean that the document should include the appropriate "Updates" field at the top?

[Ballot comment]
4.2. The TCP-AO Option

  o  RNextKeyID: An unsigned 1-byte field indicating the MKT that the
      sender is ready use to receive authenticated segments, i.e., the

"ready use to receive"?

      desired 'receive next' keyID.

14. IANA Considerations

  [NOTE: This section be removed prior to publication as an RFC]

I don't think this note is correct, the section is non empty.

IANA comments:

Upon approval of this document, IANA will make the following assignment
in the "TCP Option Kind Numbers" registry at
http://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtml

Kind Length Meaning Reference
----- ------ --------- ---------
TBD N Authentication Option [RFC-ietf-tcpm-tcp-auth-opt-10.txt]

We understand the above to be the only IANA Action for this document.

  (1.a) Who is the Document Shepherd for this document? Has the
        Document Shepherd personally reviewed this version of the
        document and, in particular, does he or she believe this
        version is ready for forwarding to the IESG for publication?


Wesley Eddy (Wesley.M.Eddy@nasa.gov) is the document shepherd.  He
has personally reviewed this version and believes it is ready for
forwarding to the IESG for publication.



  (1.b) Has the document had adequate review both from key WG members
        and from key non-WG members? Does the Document Shepherd have
        any concerns about the depth or breadth of the reviews that
        have been performed? 


The document has had review in the TCPM working group, as well as
explicit participlation from the IETF Security Area.  The document
has been the subject of energetic discussions for several years, both
in an initial design team, on the WG mailing list, in face-to-face WG
meetings, and additional discussions between some of the contributors
and reviewers in order to resolve issues.



  (1.c) Does the Document Shepherd have concerns that the document
        needs more review from a particular or broader perspective,
        e.g., security, operational complexity, someone familiar with
        AAA, internationalization or XML?


There are no concerns in this regard that the document shepherd has;
the security experts have been involved from the outset, and the
operational requirements have been considered and brought up from
that time too, given that the primary forseen users of this technology
are BGP and LDP deployments.



  (1.d) Does the Document Shepherd have any specific concerns or
        issues with this document that the Responsible Area Director
        and/or the IESG should be aware of? For example, perhaps he
        or she is uncomfortable with certain parts of the document, or
        has concerns whether there really is a need for it. In any
        event, if the WG has discussed those issues and has indicated
        that it still wishes to advance the document, detail those
        concerns here. Has an IPR disclosure related to this document
        been filed? If so, please include a reference to the
        disclosure and summarize the WG discussion and conclusion on
        this issue.


No personal concerns; however some TCPM working group participants
have expressed their dissatisfaction with the WG process on this
document, primarily in a thread beginning here:
http://www.ietf.org/mail-archive/web/tcpm/current/msg05030.html
This thread runs for several messages deep.
Many of the concerns, in my opinion, are debunked within that thread
as simply either misconceptions or forgetfulness about what the
mailing list convergences were on topics, but this is my personal
opinion and others have differing opinions.  I believe all of the
issues brought up regard WG participation and interaction rather
than technical issues about the document's content.

There was also some limited initial resistance to this work due to
its difference and incompatibility with another (already-deployed)
mechanism that was put into place by a quick action of several
vendors.  A number of those vendors seem to support the present WG's
product and expressed plans (or ongoing activities) to implement it
and transition away from the deployed mechanism (recognizing the
improvements that the WG made).


  (1.e) How solid is the WG consensus behind this document? Does it
        represent the strong concurrence of a few individuals, with
        others being silent, or does the WG as a whole understand and
        agree with it? 


Technically, there seems to be no opposition to this document in the
working group.  On the WG's process, there are complaints.  One of
the root causes of some opposition in the past, which subsequently
seemed to clear up through several meetings, is that the document
was created out of the merger of two earlier documents.  One of
these earlier documents was widely implemented and deployed, and
differs somewhat, to the point of incompatibility, with this document.
Through discussions, some vendors who had implemented the pre-WG spec
expressed solid desire and plans to adopt the WG's spec in this
document and participated actively in its definition.



  (1.f) Has anyone threatened an appeal or otherwise indicated extreme
        discontent? If so, please summarise the areas of conflict in
        separate email messages to the Responsible Area Director. (It
        should be in a separate email because this questionnaire is
        entered into the ID Tracker.)


No; appeal has not been mentioned, and the complaints noted above
do not seem to be "extreme".



  (1.g) Has the Document Shepherd personally verified that the
        document satisfies all ID nits? (See the Internet-Drafts Checklist
        and http://tools.ietf.org/tools/idnits/). Boilerplate checks are
        not enough; this check needs to be thorough. Has the document
        met all formal review criteria it needs to, such as the MIB
        Doctor, media type and URI type reviews?



There is one outdated reference, but no serious idnits are found on the
document.



  (1.h) Has the document split its references into normative and
        informative? Are there normative references to documents that
        are not ready for advancement or are otherwise in an unclear
        state? If such normative references exist, what is the
        strategy for their completion? Are there normative references
        that are downward references, as described in [RFC3967]? If
        so, list these downward references to support the Area
        Director in the Last Call procedure for them [RFC3967].


The references are properly split.



  (1.i) Has the Document Shepherd verified that the document IANA
        consideration section exists and is consistent with the body
        of the document? If the document specifies protocol
        extensions, are reservations requested in appropriate IANA
        registries? Are the IANA registries clearly identified? If
        the document creates a new registry, does it define the
        proposed initial contents of the registry and an allocation
        procedure for future registrations? Does it suggest a
        reasonable name for the new registry? See [RFC5226]. If the
        document describes an Expert Review process has Shepherd
        conferred with the Responsible Area Director so that the IESG
        can appoint the needed Expert during the IESG Evaluation?



The IANA Considerations are present.  The option number needed is
properly requested.



  (1.j) Has the Document Shepherd verified that sections of the
        document that are written in a formal language, such as XML
        code, BNF rules, MIB definitions, etc., validate correctly in
        an automated checker?


Not Applicable.



  (1.k) The IESG approval announcement includes a Document
        Announcement Write-Up. Please provide such a Document
        Announcement Write-Up? Recent examples can be found in the
        "Action" announcements for approved documents. The approval
        announcement contains the following sections:

    Technical Summary
        Relevant content can frequently be found in the abstract
        and/or introduction of the document. If not, this may be
        an indication that there are deficiencies in the abstract
        or introduction.


From abstract:

  This document specifies the TCP Authentication Option (TCP-AO), which
  obsoletes the TCP MD5 Signature option of RFC-2385 (TCP MD5). TCP-AO
  specifies the use of stronger Message Authentication Codes (MACs),
  protects against replays even for long-lived TCP connections, and
  provides more details on the association of security with TCP
  connections than TCP MD5. TCP-AO is compatible with either static
  master key tuple (MKT) configuration or an external, out-of-band MKT
  management mechanism; in either case, TCP-AO also protects
  connections when using the same MKT across repeated instances of a
  connection, using traffic keys derived from the MKT, and coordinates
  MKT changes between endpoints. The result is intended to support
  current infrastructure uses of TCP MD5, such as to protect long-lived
  connections (as used, e.g., in BGP and LDP), and to support a larger
  set of MACs with minimal other system and operational changes. TCP-AO
  uses a different option identifier than TCP MD5, even though TCP-AO
  and TCP MD5 are never permitted to be used simultaneously. TCP-AO
  supports IPv6, and is fully compatible with the proposed requirements
  for the replacement of TCP MD5.




    Working Group Summary
        Was there anything in WG process that is worth noting? For
        example, was there controversy about particular points or
        were there decisions where the consensus was particularly
        rough?

There was some initial controversy on this work due to the prior rushed
deployment of a similar mechanism which had not been reviewed by the WG.
The WG's decision to build an incompatible mechanism was not unanimous,
with strong initial resistance from one of the implementers of the prior
solution, however other implementors of that solution did come out in
support of the WG's product during the course of its evolution.


    Document Quality
        Are there existing implementations of the protocol? Have a
        significant number of vendors indicated their plan to
        implement the specification? Are there any reviewers that
        merit special mention as having done a thorough review,
        e.g., one that resulted in important changes or a
        conclusion that the document had no substantive issues? If
        there was a MIB Doctor, Media Type or other expert review,
        what was its course (briefly)? In the case of a Media Type
        review, on what date was the request posted?

Several widely-deployed implementations exist of a pre-WG protocol
which is not compatible with the WG's protocol, but very similar both
functionally and on the wire.  Some vendors have expressed strong
support for implementing the WG's product.  At one point, a Linux
implementation was being pursued of the WG draft, though its status
with regard to the current document is unknown.