I support the adoption of "draft-sriram-opsec-urpf-improvements" as an OPSEC Working Group document.
This is based on my review of the draft and the IETF 101 presentation. Let me mention that I think the WG should also consider potential use of RPKI as a complementary mechanism to improve uRPF. Namely, if there is an ROA for the prefix-origin pair, it should be allowed (even if the (enhanced/preferred)uRPF check fails. In a future (fantasy?) where RPKI is widely deployed, this solution may have even been better. I'm aware that this is, unfortuately, far cry from current situation, hence I definitely support moving forward with this draft. My comment can be discussed as part of this or separately (or not at all). thanks, Amir -- Amir Herzberg Comcast professor for security innovation Dept. of Computer Science and Engineering, University of Connecticut Publications: https://www.researchgate.net/profile/Amir_Herzberg/contributions <https://www.researchgate.net/profile/Amir_Herzberg/publications> Lecture notes in intro to cyber-security: https://www.researchgate.net/project/Lecture-notes-on-Introduction-to-Cyber-Security
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
