I think that this is useful and I am also in favor of adopting this. I did want to call out that there is an opportunity for this to open up a channel for reflection/amplification attacks, even without spoofing the source address, by including probe description URIs of the target of the attack. At minimum, the “Security considerations” should call out the possibility of this also being a way in which things can be misused in addition to malicious/incorrect attribution. The impact could certainly be much worse than just putting in someone else’s domain or contact information.
I think it will be worth looking at ways in which we include some basic verification mechanism. One option is combining both in band and out of band where a reverse DNS lookup can be used to verify whether the probe description URI matches in both the places. Thanks and Regards, Prapanch From: OPSEC <[email protected]> on behalf of Eric Vyncke (evyncke) <[email protected]> Date: Tuesday, 2 August 2022 at 10:35 AM To: Jen Linkova <[email protected]>, opsec WG <[email protected]> Cc: [email protected] <[email protected]>, OpSec Chairs <[email protected]> Subject: Re: [OPSEC] Adoption call for draft-vyncke-opsec-probe-attribution Without any surprise, as co-author (and no other hat), I am in favor of adopting this short document. -éric On 28/07/2022, 01:37, "Jen Linkova" <[email protected]> wrote: This email starts the adoption call for draft-vyncke-opsec-probe-attribution (https://datatracker.ietf.org/doc/draft-vyncke-opsec-probe-attribution/) The adoption call ends on Aug 14th, 23:59 UTC. Please read the draft and respond to this thread. stating your position re: adoption. Thank you! -- SY, Jen Linkova aka Furry _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
