Fergie wrote: > First, sorry for any duplicates, but we wanted to reach all > interested parties. > > After several discussions with many different folks last week > at IETF 67 in San Diego, as well as various people over the > course of the past few months, Dan Senie and I have decided to > undertake an effort to "update" RFC2827/BCP38 [1]. > > I know that I'm not the only person who has heard various > discussions in the past couple of years that concluded that > (paraphrased), "BCP38 needs to be updated." > > Now is your chance to speak up. :-) > > We would very much like to solicit comments & suggestions from the > community-at-large on areas where you feel BCP38 is lacking, or in > areas where you feel it does not properly address with regards to > prohibiting source-spoofed traffic from any given administrative > network boundary, given that some technical aspects of the Internet > may have changed since it's publication. > > While we acknowledge that a uniform application of a source address > verification architecture/ingress filtering scheme will not mitigate > _all_ "unwanted traffic" [2] in the Internet, it will most certainly > address the issue of hosts which attempt to source-spoof traffic into > the Internet.
Sorry for the cross-reply, but since it's not clear where to engage this discussion: Perhaps you can elaborate on this. I.e., verification /filtering both require global participation; any locale that does not participate becomes an ingress for spoofed traffic from that locale's sources. Since global deployment is not a likely scenario, why will this "address the issue of hosts that attempt to source-spoof"? > I have not set up a mailing list for this yet, but if there is > enough discussion/input, I will make an effort to do so (or perhaps > the SAVA mailing list [3] might be a good place for discussion). In > the interim, you can contact me or Dan directly: > > Paul Ferguson: fergdawg(at)netzero.net > Dan Senie: dts(at)senie.com > > > Thanks, > > fergie & dan > > > p.s. Also, for anyone who might be interesting in related work, > there is an effort to bring some additional work into the IETF > called SAVA, or Source Address Validation Architecture [4]. > > > [1] http://www.rfc-editor.org/rfc/rfc2827.txt > [2] http://www.iab.org/about/workshops/unwantedtraffic/index.html > [3] http://www.nrc.tsinghua.edu.cn/mailman/listinfo/sava > [4] > http://www.nrc.tsinghua.edu.cn/pipermail/sava/2006-September/000004.html > > > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawg(at)netzero.net > ferg's tech blog: http://fergdawg.blogspot.com/ > > -- ---------------------------------------- Joe Touch Sr. Network Engineer, USAF TSAT Space Segment
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
