Re: [OPSEC] WGLC: draft-ietf-opsec-urpf-improvements-02

Amir Herzberg <amir.lists@gmail.com> Tue, 16 April 2019 01:23 UTC

Return-Path: <amir.herzberg@gmail.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE6D31202F8 for <opsec@ietfa.amsl.com>; Mon, 15 Apr 2019 18:23:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CVvzWO2s7N6R for <opsec@ietfa.amsl.com>; Mon, 15 Apr 2019 18:23:42 -0700 (PDT)
Received: from mail-it1-x134.google.com (mail-it1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB7A01202E5 for <opsec@ietf.org>; Mon, 15 Apr 2019 18:23:41 -0700 (PDT)
Received: by mail-it1-x134.google.com with SMTP id y134so30371187itc.5 for <opsec@ietf.org>; Mon, 15 Apr 2019 18:23:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=RtmAna7wH1gC3dPdlqIo3zNGn2F3uDqrj0hwwRFYnYc=; b=k3Fcv+Uawa0QPOEpi4KHoxUV78y+NTCjFSXV1WaTczJD7WVCCHjnG5Na9n/vbpVHlW U7gvzAlPpHE892Nb4JZU9vSFHyQl/vqFXjczmqaIX0HY210Ec0Lb2F6SQEwvGSycK8t/ aMQ13Aj89q1Enocd6Bsnyni4qPfAgUoUPJnrt2ffZZTgRBHOSzU/Oa7ctHNkzT1mHr5W 4O9Vj6E8mqDz42qRg7bn/OYVVgndYJY4FZEFnVT/HK1d/SGRipiRbLO1M2mvcTWaFI6T qbIIsB/n+jSa+iv0R5tbvp7u6Au5eDdvmFb77p4SEIOEQpIBdVXSI8L5RXDsQG7q5IOt S/dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=RtmAna7wH1gC3dPdlqIo3zNGn2F3uDqrj0hwwRFYnYc=; b=FFCbV+sasMnYB3slpzf9gquZIGhN8/39gc74RjwIj9uUdgjjY0PUBaCT7IH/CJkwRl HIHG8e1l6FLd661FLbYQ7jGduSJe14s8yd2oh3cjORxCxS39wCPKbdCX8JdF9ordNfqS wq0BmfWzxIY+ukP5V+Oq/fTBJZ5y/HGGbbM/7v0o0ysjDYlbT4knyDyC9Z2romdFq7tL h7/Z/Pxr61glm0eTWpTUyf+1r21wdLg1MyfA1B/5MwkFgbFzKcJAim11kv3P5JBY2rt3 wmfbUICjVL0xUsVnOu22AOqqXzWzbGnjI3Ku6CpWLcWuOvTLCWG1+y1mM6ZQG3QIfL41 k70Q==
X-Gm-Message-State: APjAAAUZJrsWX3QfatkXwLHZqHOcISzeV+PfHOyWKeTD2PBH6/hG9G2r 26nBTHLl7UG0MmI62dnUV6xIV8SdbtqnaP45QP7MaKe/
X-Google-Smtp-Source: APXvYqzn1igdktWOpnJBmqYLZpVmkNPdaVtX63od69g8xT9n9VeCZrcIashZ7a1Aw9UpwrmYLBXTPXxnuvt5rgrRsMU=
X-Received: by 2002:a24:791:: with SMTP id f139mr26717837itf.73.1555377820797; Mon, 15 Apr 2019 18:23:40 -0700 (PDT)
MIME-Version: 1.0
From: Amir Herzberg <amir.lists@gmail.com>
Date: Mon, 15 Apr 2019 21:23:27 -0400
Message-ID: <CAHBw0M8pDGQCTUnY=ATy3Ko94caHjp25B2dO_UnWtU-mptOrAg@mail.gmail.com>
To: opsec@ietf.org
Content-Type: multipart/alternative; boundary="00000000000080114d05869b9eeb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/6veetP5Hhc_7wbcE8sqP3ePf9Hc>
Subject: Re: [OPSEC] WGLC: draft-ietf-opsec-urpf-improvements-02
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2019 01:23:44 -0000

Dear opsec,

I have reviewed the updated draft `Enhanced Feasible-Path Unicast Reverse
Path Filtering' (draft-ietf-opsec-urpf-improvements-02).
This is a well written document and I believe the proposed method is
certainly a more practical and effective way of implementing Source Address
Validation. I believe that this document will be a valuable Best Current
Practice to operators. I support advancing the document.

BTW, I'm covering SAV in general, and uRPF in particular, in my
`foundations of cybersecurity' lectures - and this would also be in the
text, although I believe that the relevant chapter is still in very early
shape. But the lecture is available... follow link below if you are
interested, comments welcome.
-- 
Amir Herzberg
Comcast professor for security innovation
Dept. of Computer Science and Engineering, University of Connecticut

Foundations of Cybersecurity:
https://www.researchgate.net/project/Lecture-notes-on-Introduction-to-Cyber-Security

Homepage: https://sites.google.com/site/amirherzberg/home