Re: WG Review: Source Address Validation in Intra-domain and Inter-domain Networks (savnet)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Hi Alvaro,

On 03/06/2022 20:59, Alvaro Retana wrote:

On June 3, 2022 at 3:18:15 PM, Stephen Farrell wrote:


Hi Stephen!

I hope you're doing well.



I oppose the creation of this working group on the basis
that it makes no mention of privacy. Extending the kind
of privacy-unfriendly source address validation mechanisms
(unwisely IMO) used, to something deployed at Internet-scale,
could be a major error.


The WG won't be chartered to extend existing mechanisms.

If there's text that gives that impression we should fix it.


I guess I read it the same way as Adrian (it may be better
to pursue that in that thread).


In this case, IMO the *first* and only step so far should be
a privacy analysis including the potential ill effects of
current schemes even when only deployed in smaller networks.
And when that stage is completed, there should be a decision
point as to whether to abandon the effort entirely if it
remains privacy-unfriendly.


The charter already includes decision points after every step.  We can
explicitly add privacy as a specific item to consider.


The only text that is sort-of-related is this mention under item #2:

    Each document must also include the threat model addressed by the
    proposed architecture and a comparison to existing SAV mechanisms.

I'm assuming you would want to see a privacy analysis of the proposed
solutions (and a comparison with any existing mechanisms) before any
extensions are defined -- right?

Would this text address your concern?

NEW>
    Each document must also include a privacy analysis, the threat model
    addressed by the proposed architecture, and a comparison to existing
    SAV mechanisms.


My problem with the above is that it'd allow privacy as
an afterthought whereas I find it hard to believe that
there really can be a useful privacy-friendly Internet-scale
mechanism based on source address validation - those descriptives just seem to inevitably impose mutually 
exclusive requirements to me. Is there even any research
that indicates such schemes could exist?

Thanks,
S.





Please let me know if I missed your point or if you have better text.

Thanks!

Alvaro.

Attachment: OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux