Hi Alvaro, On 03/06/2022 20:59, Alvaro Retana wrote:
On June 3, 2022 at 3:18:15 PM, Stephen Farrell wrote: Hi Stephen! I hope you're doing well.I oppose the creation of this working group on the basis that it makes no mention of privacy. Extending the kind of privacy-unfriendly source address validation mechanisms (unwisely IMO) used, to something deployed at Internet-scale, could be a major error.The WG won't be chartered to extend existing mechanisms. If there's text that gives that impression we should fix it.
I guess I read it the same way as Adrian (it may be better to pursue that in that thread).
In this case, IMO the *first* and only step so far should be a privacy analysis including the potential ill effects of current schemes even when only deployed in smaller networks. And when that stage is completed, there should be a decision point as to whether to abandon the effort entirely if it remains privacy-unfriendly.The charter already includes decision points after every step. We can explicitly add privacy as a specific item to consider. The only text that is sort-of-related is this mention under item #2: Each document must also include the threat model addressed by the proposed architecture and a comparison to existing SAV mechanisms. I'm assuming you would want to see a privacy analysis of the proposed solutions (and a comparison with any existing mechanisms) before any extensions are defined -- right? Would this text address your concern? NEW> Each document must also include a privacy analysis, the threat model addressed by the proposed architecture, and a comparison to existing SAV mechanisms.
My problem with the above is that it'd allow privacy as an afterthought whereas I find it hard to believe that there really can be a useful privacy-friendly Internet-scalemechanism based on source address validation - those descriptives just seem to inevitably impose mutually
exclusive requirements to me. Is there even any research that indicates such schemes could exist? Thanks, S.
Please let me know if I missed your point or if you have better text. Thanks! Alvaro.
Attachment:
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature