On June 3, 2022 at 3:18:15 PM, Stephen Farrell wrote: Hi Stephen! I hope you're doing well. > I oppose the creation of this working group on the basis > that it makes no mention of privacy. Extending the kind > of privacy-unfriendly source address validation mechanisms > (unwisely IMO) used, to something deployed at Internet-scale, > could be a major error. The WG won't be chartered to extend existing mechanisms. If there's text that gives that impression we should fix it. > In this case, IMO the *first* and only step so far should be > a privacy analysis including the potential ill effects of > current schemes even when only deployed in smaller networks. > And when that stage is completed, there should be a decision > point as to whether to abandon the effort entirely if it > remains privacy-unfriendly. The charter already includes decision points after every step. We can explicitly add privacy as a specific item to consider. The only text that is sort-of-related is this mention under item #2: Each document must also include the threat model addressed by the proposed architecture and a comparison to existing SAV mechanisms. I'm assuming you would want to see a privacy analysis of the proposed solutions (and a comparison with any existing mechanisms) before any extensions are defined -- right? Would this text address your concern? NEW> Each document must also include a privacy analysis, the threat model addressed by the proposed architecture, and a comparison to existing SAV mechanisms. Please let me know if I missed your point or if you have better text. Thanks! Alvaro.
