On Fri, 15 Jul 2016, joel jaeggli wrote:
I'm sympathic generally to this draft, section 5 implementation details could be rewriten more cleanly to suggest how it is implemented. e.g.
I also read this document. I am also sympathetic to this draft, but I tried to find what kind of attacks can be performed using the technique mentioned in the document, but apart from the US-CERT reference from 2005, I came up empty.
I would like to see more references to documents describing what can happen if the proposed mechanism isn't implemented, ie list of attack vectors.
Apart from that I like the document. I have doubts about how widely this mechanism will actually get implemented since it's like uRPF; it doesn't protect the implementor from the Internet, it protects the Internet from the implementors' customers.
But it makes a lot of sense to document this problem and recommend that this kind of filtering is done.
-- Mikael Abrahamsson email: [email protected] _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
