Hi! Thank you for the follow-up response. I have entered an ABSTAIN position.
I few responses to your clarifications are added below (that I didn't include in my ballot). > -----Original Message----- > From: Eric Vyncke (evyncke) <[email protected]> > Sent: Wednesday, July 5, 2023 11:41 AM > To: Roman Danyliw <[email protected]>; The IESG <[email protected]> > Cc: [email protected]; [email protected]; > [email protected]; [email protected] > Subject: Re: Roman Danyliw's Discuss on draft-ietf-opsec-probe-attribution-07: > (with DISCUSS and COMMENT) > > Hello Roman, > > Thank you for your review. > > My understanding of your DISCUSS ballot is that this I-D is worse than the > cure. > > If the above statement is correct, then there is probably a disconnect between > your view and the actual purpose of this I-D, which is more like "if you > bumped > into another car on a parking lot, then please leave a message on the damaged > car windshield with your contact information". I.e., propose a reasonably > sensible way to contact the researcher(s) sending those probes. I concur that there is a disconnect. In my view, this document aspires to define a mechanism that will only be used by "researchers with good intentions" but provides no mechanisms to enforce that. It expects circumstances on the internet which are inconsistent with the internet threat model (RFC3552) that explicitly cautions against assuming that entities on a path have "good intentions." > Those probe research are not common; I know about 5 teams doing (and > counting me twice) such probing over the public Internet over a period of 10 > years... And a vast majority of them (if not all) have applied similar > mechanisms, so let's document them in an *informational* document that > starts with "This document suggests some simple techniques". I may have misunderstood the expected deployment. Respectfully, if this mechanism is only need by a few times every decade, I question why a specification is required. > More background: I was contacted only *once* in those 2 measurement > campaigns of mine, and it proved really useful as it allowed a forensic > analyst > to contact me in a matter of hours (more information in a private / > confidential > discussion if you want). This was really critical and valuable in that case, > therefore the suggestions in this I-D, while not perfect, are rather useful. Are there any experimental results which support the thesis of this approach -- that is, including of this in-band or out-of-band signaling improves the efficacy of these probing experiments? [I-D.draft-vyncke-v6ops-james] was cited as using the in-band-technique. This would make a compelling argument. Regards, Roman _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
