new ID on TCP antispoofing

Hi, all,

The following ID will appear shortly (available at 
www.isi.edu/touch/pubs/draft-touch-tcp-antispoof-00.txt in the 
meantime), and is an attempt to summarize the April TCP spoofing attacks 
on BGP and the set of possible solutions. The topic was raised in the 
TCPM WG this past April in response to a proposed solution based on a 
TCP modification.

Because this draft covers the set of solutions, some involving TCP mods, 
and others not, but focuses on the vulnerability of TCP to spoofing more 
generally, IMO it would be more useful to discuss it further at the 
TSVWG meeting in San Diego.

Joe

PS - the bulk of this doc appeared previously as 
draft-touch-anonsec-00.txt; that draft is being updated and 
draft-touch-anonsec-01 now (or by next Monday  focuses specifically 
on the need for anonymous security, and is scheduled to be presented at 
SAAG (security open area meeting) in San Diego.

-------------------------

Network Working Group                                           J. Touch
Internet-Draft                                                   USC/ISI
Expires: January 8, 2005                                   July 10, 2004

                  Defending TCP Against Spoofing Attacks
                        draft-touch-tcp-antispoof

New ID on RSVP Aggregate Bandwidth Reduction announced

Hey

Wanted to point to a new Internet Draft that was just announced on a 
proposed new RSVP extension to address an optimization that we believe is 
possible when dealing with RSVP Aggregates.

The new ID can be found at:

http://www.ietf.org/internet-drafts/draft-polk-rsvp-aggregate-reduction-00.txt

Comments are requested

Here is the Abstract:

    This document proposes an extension to the Resource Reservation
    Protocol (RSVP) that allows an aggregated reservation to be
    partially preempted. Currently, when a higher priority reservation
    request arrives and sufficient bandwidth is unavailable to meet
    that request, a lower priority aggregated reservation may be
    preempted in whole, whether or not the entire bandwidth is
    required. This document describes a method where the lower priority
    aggregated reservation is preempted only to the extent to which its
    bandwidth is required for the higher priority request. This allows
    the aggregator to fail only a portion of the individual sessions
    that is aggregated and allow the rest of the sessions to continue
    unaffected.

cheers,
James

Fwd: I-D ACTION:draft-baker-diffserv-basic-classes-03.txt

FYI.
As discussed during the TSVWG Session in the Seoul IETF (59th), March 2004;
need to have more review of this draft by the members of TSVWG WG.

This version of the draft incorporated the comments received via the TSVWG 
mailing
list and from E-Mail/discussions sent to the authors.

This version have also improved the content and English writing of the 
draft (we think :)).

Please review and provide comments (especially the official reviewers).

Thanks!
-- Kwok Ho Chan --

>To: i-d-announce <at> ietf.org
>From: Internet-Drafts <at> ietf.org
>Date: Fri, 09 Jul 2004 11:27:58 -0400
>Subject: I-D ACTION:draft-baker-diffserv-basic-classes-03.txt
>X-BeenThere: i-d-announce <at> ietf.org
>X-Mailman-Version: 2.1.5
>Reply-To: internet-drafts <at> ietf.org
>List-Id: i-d-announce.ietf.org
>List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/i-d-announce>,
>         <mailto:i-d-announce-request <at> ietf.org?subject=unsubscribe>
>List-Post: <mailto:i-d-announce <at> ietf.org>
>List-Help: <mailto:i-d-announce-request <at> ietf.org?subject=help>
>List-Subscribe: <https://www1.ietf.org/mailman/listinfo/i-d-announce>,
>         <mailto:i-d-announce-request <at> ietf.org?subject=subscribe>

RFC 3828 on The Lightweight User Datagram Protocol (UDP-Lite)

A new Request for Comments is now available in online RFC libraries.

        RFC 3828

        Title:      The Lightweight User Datagram Protocol (UDP-Lite)
        Author(s):  L-A. Larzon, M. Degermark, S. Pink,
                    L-E. Jonsson, Ed., G. Fairhurst, Ed.
        Status:     Standards Track
        Date:       July 2004
        Mailbox:    lln <at> csee.ltu.se, micke <at> cs.arizona.edu,
                    steve <at> cs.arizona.edu,
                    lars-erik.jonsson <at> ericsson.com,
                    gorry <at> erg.abdn.ac.uk
        Pages:      12
        Characters: 27193
        Updates/Obsoletes/SeeAlso:    None

        I-D Tag:    draft-ietf-tsvwg-udp-lite-02.txt

        URL:        ftp://ftp.rfc-editor.org/in-notes/rfc3828.txt

This document describes the Lightweight User Datagram Protocol
(UDP-Lite), which is similar to the User Datagram Protocol (UDP) (RFC
768), but can also serve applications in error-prone network
environments that prefer to have partially damaged payloads delivered
rather than discarded.  If this feature is not used, UDP-Lite is
semantically identical to UDP.

This document is a product of the Transport Area Working Group of the

New ID on TCP anti-spoofing

Hi, all,

A new ID is now available:
	draft-touch-tcp-antispoof-00.txt

For those on TCPM, this doc is the core of the previous 
draft-touch-anonsec-00.txt. Here's the difference:

	antispoof:	focuses on the spectrum of TCP antispoofing
			solutions, and explains why the recent attacks
			have become more significant (threat goes as
			square of bandwidth increase)

	anonsec-01:	discusses the use of IPsec and TCP/MD5 for
			anonymous client access, including existing
			configurations and some extensions that may
			be useful for even simpler configuration and
			higher performance

antispoof is intended to be of general transport-area interest, but will 
be presented at TCPM in San Diego to continue the thread created there 
by the IESG.

anonsec-01 will be presented separately at the security open area 
meeting (SAAG) in San Diego. FYI, that draft has not yet been posted (it 
focuses on the anonsec-specific portions of anonsec-00).

FYI - both docs are under 3667's "no derivative works, no mods" clause. 
If accepted for further development by an IETF WG, those clauses will be 
emended as required.

Re: [tcpm] New ID on TCP anti-spoofing

Joe:

>
> FYI - both docs are under 3667's "no derivative works, no mods" 
> clause. If accepted for further development by an IETF WG, those 
> clauses will be emended as required.

Any particular reason why you don't want the ietf to change your
documents on the way to becoming an RFC? (or am I reading
that section wrong of 3667?)?? Or are you stating in the second
sentence that if someone takes it on as a wg item you will
remove the "no derivative/no mod" clause from the drafts??

R

--

-- 
Randall R. Stewart
ITD - Transport Technologies
803-345-0369(o) or 815-342-5222(c)

Re: [tcpm] New ID on TCP anti-spoofing

Randall Stewart (cisco) wrote:

> Joe:
> 
>>
>> FYI - both docs are under 3667's "no derivative works, no mods" 
>> clause. If accepted for further development by an IETF WG, those 
>> clauses will be emended as required.
> 
> Any particular reason why you don't want the ietf to change your
> documents on the way to becoming an RFC?  (or am I reading
> that section wrong of 3667?)?? Or are you stating in the second
> sentence that if someone takes it on as a wg item you will
> remove the "no derivative/no mod" clause from the drafts??

That's what I'm stating in the second sentence. I.e., if the IETF 
doesn't take them on, I retain edit rights, e.g., if they are instead 
published as individual RFCs or published elsewhere.

> R

_______________________________________________
tsvwg mailing list
tsvwg <at> ietf.org
https://www1.ietf.org/mailman/listinfo/tsvwg

SCTP chunk authentication

Dear all,

I've just submitted a new version of the ID describing
an extension for SCTP which can be used for chunk
authentication.

You can also get it from:
http://www.sctp.de/internet-drafts/draft-tuexen-sctp-auth-chunk-01.txt

The major change is that we have included a mechanism for
key agreement based on DH.

Best regards
Michael

Re: Next Generation TCP/IP Open Source Technology Downloads Link

_______________________________________________
tsvwg mailing list
tsvwg <at> ietf.org
https://www1.ietf.org/mailman/listinfo/tsvwg

Re: Next Generation TCP/IP Open Source Technology Downloads Link

We've given you notice before that advertisement of trial software
is inappropriate use of this mailing list.

Do not send a message like this again.

Allison Mankin

Co-Chair TSVWG Working Group

> 
> Date:    Sun, 18 Jul 2004 08:14:39 EDT
> To:      sliang <at> dsg.stanford.edu
> cc:      tsvwg <at> ietf.org
> From:    Laconsults <at> aol.com
> Subject: Re: [Tsvwg] Next Generation TCP/IP Open Source Technology Downloads Li
>      ***nk
> 
> Return-Path: tsvwg-bounces <at> ietf.org
> Delivery-Date: Sun Jul 18 12:29:29 2004
> Return-path: <tsvwg-bounces <at> ietf.org>
> MIME-Version: 1.0
> X-Mailer: 7.0 for Windows sub 540
> X-BeenThere: tsvwg <at> ietf.org
> X-Mailman-Version: 2.1.5
> Precedence: list
> List-Id: Transport Area Working Group <tsvwg.ietf.org>
> List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>,
> 	 <mailto:tsvwg-request <at> ietf.org?subject=unsubscribe>
> List-Post: <mailto:tsvwg <at> ietf.org>
> List-Help: <mailto:tsvwg-request <at> ietf.org?subject=help>
> List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>,
> 	 <mailto:tsvwg-request <at> ietf.org?subject=subscribe>
> Sender:  tsvwg-bounces <at> ietf.org
> Errors-To: tsvwg-bounces <at> ietf.org
> X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on psg.com
> X-Spam-Status: No, hits=0.1 required=5.0 tests=AWL,BAYES_44,CLICK_BELOW_CAPS,
> 	 FREE_TRIAL,HTML_LINK_CLICK_CAPS,HTML_LINK_CLICK_HERE,HTML_MESSAGE,
> 	 NO_REAL_NAME,UPPERCASE_25_50 autolearn=no version=2.63
> X-Spam-Level: 
> 
> 
> --===============0599756369==
> Content-Type: multipart/alternative;
> 	boundary="part1_1e1.258c63b0.2e2bc3af_boundary"
> 
> 
> --part1_1e1.258c63b0.2e2bc3af_boundary
> Content-Type: text/plain; charset="US-ASCII"
> Content-Transfer-Encoding: 7bit
> 
> 15 March 2004 NEWS FLASH : Independent tests by IPv6 Research Group now 
> confirmed TCP Expert's Technology Report below ... " ... Not a single packet 
> dropped on tests performed, but heavy load is placed on the router"
> 
> DOWNLOAD TEST REPORT CLICK HERE TO DOWNLOAD NEXT GENERATION LINUX TCP FREE 
> TRIAL SOFTWARE OPEN SOURCE UPGRADE (& complete Technology Guide) FOR INSTANT 
> PSTN QUALITY GUARANTEED SERVICE VoIP/ MULTIMEDIA ON YOUR CORPORATE PRIVATE 
> NETWORKS/ WAN/ LAN, UP & RUNNING WITHIN HOURS. Free GPL-like Perpetual Patent 
> License for usage within Finland, Norway, Sweden, Russia and China 
> 
> OR VISIT HTTP//IWXCHANGE.COM TO DOWNLOAD
> 
> ANNOUNCEMENT : NEXT GENERATION TCP/IP TECHNOLOGY Instant Guaranteed Service 
> TCP Technology 
> 
> all packets (both raw data & audio-visual) arrive well within perception 
> tolerance time period 200ms max from source to destination on Internet + possib
> ly 
> not a single packet ever gets dropped   
> 
> needs just a few very simple lines of Linux TCP open source code 
> modifications, & bye-bye to the "world wide wait"
> 
> THE DECADES OLD's WORLD R&D HOLY GRAIL of TOTALLY CONGESTION FREE REAL TIME 
> MULTIMEDIA INTERNET IS NOW HERE
> 
>  
> 
> 
> 
> 
> --part1_1e1.258c63b0.2e2bc3af_boundary
> Content-Type: text/html; charset="US-ASCII"
> Content-Transfer-Encoding: quoted-printable
> 
> <HTML><FONT FACE=3Darial,helvetica><HTML><FONT  SIZE=3D2 PTSIZE=3D10 FAMILY=
> =3D"SANSSERIF" FACE=3D"Arial" LANG=3D"0"><B>15 March 2004 NEWS FLASH : Indep=
> endent tests by IPv6 Research Group now confirmed TCP Expert's Technology Re=
> port below ... " ... Not a single packet dropped on tests performed, but hea=
> vy load is placed on the router"<BR>
> <BR>
> <A HREF=3D"http://members.aol.com/magicbrowser/IndependentLabTest.doc">DOWNL=
> OAD TEST REPORT </A><A HREF=3D"http://members.aol.com/magicbrowser/NextGenLi=
> nuxTCP.zip">CLICK HERE TO DOWNLOAD NEXT GENERATION LINUX TCP FREE TRIAL SOFT=
> WARE OPEN SOURCE UPGRADE (&amp; complete Technology Guide) FOR INSTANT PSTN=20=
> QUALITY GUARANTEED SERVICE VoIP/ MULTIMEDIA ON YOUR CORPORATE PRIVATE NETWOR=
> KS/ WAN/ LAN, UP &amp; RUNNING WITHIN HOURS. Free GPL-like Perpetual Patent=20=
> License for usage within Finland, Norway, Sweden, Russia and China </A><BR>
> <BR>
> OR VISIT HTTP//IWXCHANGE.COM TO DOWNLOAD<BR>
> <BR>
> ANNOUNCEMENT : NEXT GENERATION TCP/IP TECHNOLOGY Instant Guaranteed Service=20=
> TCP Technology <BR>
> <BR>
> </B>all packets (both raw data &amp; audio-visual) arrive well within percep=
> tion tolerance time period 200ms max from source to destination on Internet=20=
> + possibly not a single packet ever gets dropped&nbsp;&nbsp; <BR>
> <BR>
> needs just a few very simple lines of Linux TCP open source code modificatio=
> ns, &amp; bye-bye to the "world wide wait"<BR>
> <BR>
> <B>THE DECADES OLD's WORLD R&amp;D HOLY GRAIL of TOTALLY CONGESTION FREE REA=
> L TIME MULTIMEDIA INTERNET IS NOW HERE<BR>
> <BR>
>  </B><BR>
> <BR>
> <BR>
> <BR>
> </FONT></HTML>
> --part1_1e1.258c63b0.2e2bc3af_boundary--
> 
> 
> --===============0599756369==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> _______________________________________________
> tsvwg mailing list
> tsvwg <at> ietf.org
> https://www1.ietf.org/mailman/listinfo/tsvwg
> 
> --===============0599756369==--
>