Skip to main content

TCP Increased Security
charter-ietf-tcpinc-01

Revision differences

Document history

Date Rev. By Action
2018-01-30
01 Amy Vezza Responsible AD changed to Mirja Kühlewind from Martin Stiemerling
2014-06-30
01 Cindy Morgan New version available: charter-ietf-tcpinc-01.txt
2014-06-30
01 Cindy Morgan State changed to Approved from IESG review
2014-06-30
01 Cindy Morgan IESG has approved the charter
2014-06-30
01 Cindy Morgan Closed "Approve" ballot
2014-06-30
01 Cindy Morgan Closed "Ready for external review" ballot
2014-06-30
00-06 Cindy Morgan WG action text was changed
2014-06-30
00-05 Cindy Morgan WG action text was changed
2014-06-30
00-05 Cindy Morgan New version (00-06) to fix line spacing.
2014-06-30
00-06 Cindy Morgan New version available: charter-ietf-tcpinc-00-06.txt
2014-06-27
00-05 Martin Stiemerling New version available: charter-ietf-tcpinc-00-05.txt
2014-06-26
00-04 Alia Atlas [Ballot Position Update] New position, Yes, has been recorded for Alia Atlas
2014-06-26
00-04 Jari Arkko [Ballot Position Update] New position, Yes, has been recorded for Jari Arkko
2014-06-25
00-04 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2014-06-25
00-04 Ted Lemon [Ballot Position Update] New position, No Objection, has been recorded for Ted Lemon
2014-06-25
00-04 Pete Resnick [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick
2014-06-25
00-04 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2014-06-24
00-04 Kathleen Moriarty [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty
2014-06-24
00-04 Brian Haberman [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman
2014-06-24
00-04 Spencer Dawkins [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins
2014-06-23
00-04 Alissa Cooper [Ballot Position Update] Position for Alissa Cooper has been changed to Yes from No Objection
2014-06-23
00-04 Alissa Cooper
[Ballot comment]
I'd like to try again to soften this a little so that you don't end up with a requirement you can't meet:

must …
[Ballot comment]
I'd like to try again to soften this a little so that you don't end up with a requirement you can't meet:

must allow the initiator of the connection to avoid fingerprinting

How about:

must allow the initiator of the connection to avoid being fingerprinted as a result of using the protocol
2014-06-23
00-04 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2014-06-21
00-04 Stephen Farrell [Ballot comment]

Fine thing.
2014-06-21
00-04 Stephen Farrell [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell
2014-06-21
00-04 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel
2014-06-18
00-04 Barry Leiba [Ballot Position Update] New position, Yes, has been recorded for Barry Leiba
2014-06-17
00-04 Martin Stiemerling [Ballot Position Update] New position, Yes, has been recorded for Martin Stiemerling
2014-06-17
00-04 Martin Stiemerling Created "Approve" ballot
2014-06-17
00-04 Martin Stiemerling State changed to IESG review from External review
2014-06-10
00-04 Martin Stiemerling Telechat date has been changed to 2014-06-26 from 2014-06-12
2014-06-05
00-04 Cindy Morgan Telechat date has been changed to 2014-06-12 from 2014-05-29
2014-06-05
00-04 Cindy Morgan State changed to External review from Internal review
2014-06-05
00-04 Cindy Morgan WG review text was changed
2014-06-05
00-03 Cindy Morgan WG review text was changed
2014-06-05
00-04 Martin Stiemerling New version available: charter-ietf-tcpinc-00-04.txt
2014-06-05
00-03 Martin Stiemerling -00-03 has no changed text, but alignment to 80 characters width in order to get the diff for any future version pretty.
2014-06-05
00-03 Martin Stiemerling New version available: charter-ietf-tcpinc-00-03.txt
2014-05-29
00-02 Kathleen Moriarty [Ballot comment]
I like Stephen's edit suggestion, it would be good if they could be incorporated.
2014-05-29
00-02 Kathleen Moriarty [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty
2014-05-29
00-02 Spencer Dawkins [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins
2014-05-28
00-02 Jari Arkko [Ballot Position Update] New position, Yes, has been recorded for Jari Arkko
2014-05-28
00-02 Richard Barnes [Ballot Position Update] New position, Yes, has been recorded for Richard Barnes
2014-05-28
00-02 Benoît Claise
[Ballot comment]
I have not seen any answer to my questions on the IESG/IAB mailers, so let me ask again here.

- I was wondering …
[Ballot comment]
I have not seen any answer to my questions on the IESG/IAB mailers, so let me ask again here.

- I was wondering whether Multipath TCP is in scope?
Multipath TCP appears only once in the charter, and it's not to clear (to me)

- "It should work over the vast majority of paths that unmodified TCP"
What does "unmodified TCP" mean?

And no milestones (I'll keep repeating this point for every new charter till the end of times)
2014-05-28
00-02 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2014-05-28
00-02 Alia Atlas [Ballot Position Update] New position, Yes, has been recorded for Alia Atlas
2014-05-28
00-02 Ted Lemon
[Ballot comment]
Editorial nits only:

s/may not be changed/may not be able to be changed/;
s/e.g., like configure/e.g. configuring/
OLD:
- The protocol must be …
[Ballot comment]
Editorial nits only:

s/may not be changed/may not be able to be changed/;
s/e.g., like configure/e.g. configuring/
OLD:
- The protocol must be usable by unmodified applications.  This effort is
complementary to other security protocols developed in the IETF (such as TLS) as
it protects those applications and protocols that are difficult to change or may
even not be changed in a backward compatible way.  It also provides some
protection in scenarios where people are unwilling to do any change just for the
sake of security (e.g., like configure encryption in an application).
NEW:
- The protocol must be usable by unmodified applications.  This effort is
complementary to other security protocols developed in the IETF (such as TLS) as
it protects those applications and protocols that are difficult to change or may
even not be able to be changed in a backward compatible way. 
It also provides some
protection in scenarios where people are unwilling to do any change just for the
sake of security (e.g., configuring encryption in an application).

s/would be present for/would be the case for/
OLD:
- must allow the initiator of the connection to avoid fingerprinting: some
initiators may want to avoid appearing as the same endpoint when connecting to a
remote peer on subsequent occasions. This should either be the default or some
mechanism should be available for initiators to drop or ignore shared state to
avoid being fingerprintable any more than would be present for a cleartext
session.
NEW:
- must allow the initiator of the connection to avoid fingerprinting: some
initiators may want to avoid appearing as the same endpoint when connecting to a
remote peer on subsequent occasions. This should either be the default or some
mechanism should be available for initiators to drop or ignore shared state to
avoid being fingerprintable any more than would be the case for a cleartext
session.

I don't strongly care if you make these changes, but I think they improve the readability of the charter slightly.
2014-05-28
00-02 Ted Lemon [Ballot Position Update] New position, No Objection, has been recorded for Ted Lemon
2014-05-28
00-02 Adrian Farrel
[Ballot comment]
Good to see this happening.

Maybe a surfeit of words :-) For example:
"This work is part of the IETF effort to harness …
[Ballot comment]
Good to see this happening.

Maybe a surfeit of words :-) For example:
"This work is part of the IETF effort to harness the Internet architecture"

In...
"The working group is looking to produce experimental documents specifying the required TCP extensions and any additional documents needed."
...I think that "any additional documents needed" could be a little open-ended especially as the text later identifies precisely three documents.
2014-05-28
00-02 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel
2014-05-26
00-02 Alissa Cooper
[Ballot comment]
I'm glad this is moving forward. Couple of comments:

"It also provides some
protection in scenarios where people are unwilling to do any …
[Ballot comment]
I'm glad this is moving forward. Couple of comments:

"It also provides some
protection in scenarios where people are unwilling to do any change just for the
sake of security (e.g., like configure encryption in an application)."

I think it's important to specify who the "people" are, since the work that this group proposes to do certainly requires one group of people to make changes (i.e., implementers of TCP stacks) in order to be successful, but not other groups (e.g., applications developers). So I think what is meant here is:

It also provides some protection in scenarios where application developers are unwilling to change their applications (e.g., by configuring encryption) solely for the sake of improving security.

s/must allow the initiator of the connection to avoid fingerprinting/must not increase the initiator's susceptibility to fingerprinting/
(The initiator could still be fingerprinted in by the remote peer in other ways, so "avoid" doesn't seem quite right.)
2014-05-26
00-02 Alissa Cooper [Ballot Position Update] New position, Yes, has been recorded for Alissa Cooper
2014-05-24
00-02 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2014-05-23
00-02 Brian Haberman [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman
2014-05-22
00-02 Barry Leiba
[Ballot comment]
We should definitely do this, and the substance of the charter is good.

I have a bunch of mostly editorial comments:

I found …
[Ballot comment]
We should definitely do this, and the substance of the charter is good.

I have a bunch of mostly editorial comments:

I found this sentence very awkward and hard to parse:

OLD
Because we are
dealing with unprotected connections, we are more focussed on improving from
baseline of no security than achieving the high standard of security that is
already available to users of TLS.

NEW
This work will deal
with unprotected connections, and therefore will focus more on improvements
from a baseline of no security than on achieving the high standard of security
that is already available to users of authenticated TLS.

END

This sentence is *way* too long and convoluted:

OLD
Providing unauthenticated encryption and
integrity protection at the TCP layer will provide a set of features that cannot
be achieved with existing tools, namely, encryption and integrity protection
without modifications to the upper ayers (no API changes), encryption and
integrity protection with forward secrecy with a per-connection granularity,
simple NAT and firewall traversal capabilities, key rollover without significant
impact to the TCP connection, lower overhead compared to solutions relying in
stacking multiple protocols to achieve different features, no manual
configuration required.

Maybe this?:
NEW
Unauthenticated encryption and integrity protection at the TCP layer will
provide a set of features that cannot be achieved with existing tools.  Those
features include
- encryption and integrity protection without API changes or other modifications
  to the upper layers,
- encryption and integrity protection with forward secrecy with per-connection
  granularity,
- simple NAT and firewall traversal capabilities,
- key rollover without significant impact to the TCP connection,
- lower overhead compared to solutions that rely on stacking multiple protocols
  to achieve different features, and
- no requirement for manual configuration.

END

About the above list: is "forward secrecy" sufficiently well defined?

This is a charter, so it needs to say what *will* happen, not what you hope might happen:

OLD
The working group is looking to produce experimental documents specifying the
required TCP extensions and any additional documents needed.

NEW
The working group will produce experimental documents specifying the
required TCP extensions and any additional documents needed.

END

That said, why do you need to specify "experimental" here in the charter?  Shouldn't the target status be determined by the work?  Or do you really want to limit it to Experimental, and have to re-charter in order to make it Standards Track?  (And if so, why?)

In the "high-level requirements" list, the first bullet should break into two sentences, by changing "works over, in particular it must be" to "works over. In particular, it must be".  Also, make the final ";" into a ".".

In the second bullet, I can't pull this sentence apart: "It also provides some protection in scenarios where people are unwilling to do any change just for the sake of security (e.g., like configure encryption in an application)."  Please rephrase it (and probably split it into two sentences).

"Must gracefully fall-back to TCP" should be "The protocol must gracefully fall-back to TCP", to be parallel with the other items.  There should be a "." at the end of the bullet.

The next bullet should end with a "." instead of with a comma.

In the next bullet, "Should attempt to use" is missing a subject; please add the appropriate one.

Similarly, the next bullet is also missing a subject ("Must not require"); please add.

The bullets that follow "When encryption is enabled, then the protocol:" should probably each end with a period.  That's not strictly right, but it's better than trying to tweak things otherwise.
2014-05-22
00-02 Barry Leiba [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba
2014-05-21
00-02 Stephen Farrell
[Ballot comment]

We should do this. FWIW, two years ago I thought that we should not and that TLS was plenty, but
I've changed my …
[Ballot comment]

We should do this. FWIW, two years ago I thought that we should not and that TLS was plenty, but
I've changed my opinion (since I was wrong:-).
2014-05-21
00-02 Stephen Farrell [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell
2014-05-21
00-02 Martin Stiemerling [Ballot Position Update] New position, Yes, has been recorded for Martin Stiemerling
2014-05-21
00-02 Martin Stiemerling New version available: charter-ietf-tcpinc-00-02.txt
2014-05-21
00-01 Martin Stiemerling New version available: charter-ietf-tcpinc-00-01.txt
2014-05-21
00-00 Martin Stiemerling Ballot writeup was generated
2014-05-21
00-00 Martin Stiemerling Notification list changed to marcelo@it.uc3m.es from marcelo@it.uc3m.es, stephen.farrell@cs.tcd.ie
2014-05-21
00-00 Martin Stiemerling Notification list changed to marcelo@it.uc3m.es, stephen.farrell@cs.tcd.ie
2014-05-21
00-00 Martin Stiemerling Responsible AD changed to Martin Stiemerling
2014-05-21
00-00 Martin Stiemerling Placed on agenda for telechat - 2014-05-29
2014-05-21
00-00 Martin Stiemerling WG action text was changed
2014-05-21
00-00 Martin Stiemerling WG review text was changed
2014-05-21
00-00 Martin Stiemerling Created "Ready for external review" ballot
2014-05-21
00-00 Martin Stiemerling State changed to Internal review from Informal IESG review
2014-05-21
00-00 Martin Stiemerling Initial review time expires 2014-05-28
2014-05-21
00-00 Martin Stiemerling State changed to Informal IESG review from Not currently under review
2014-05-21
00-00 Martin Stiemerling New version available: charter-ietf-tcpinc-00-00.txt