Iljitsch,
I think that this is a fair question, and I apologize for taking so long
to answer it.
The SAVA WG seeks to develop some mechanism by which network equipment
can determine the degree of trust that it places in the validity of a
packet's source address. Having determined that level of trust, the
network will forward the packet as per its security policy. The
following is an example of a security policy that relies upon source
address validation:
During periods of normal operation, the network will forward all packets
without regard to source address validation status. However, during
periods of congestion cause by malicious attacks, the network will grant
preferential treatment to packets, depending upon the degree of trust
that the network has in the source address.
Ron
Iljitsch van Beijnum wrote:
> On 15-sep-2006, at 17:08, Ron Bonica wrote:
>
>> Ideally, SAVA would address all attacks that require the attacker to
>> spoof its source address.
>
>
> Can someone P L E A S E tell me what this wg is trying to accomplish
> with source address validation?
>
> Without a goal there is no way to measure success.
>
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
