Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
Roland Dobbins <rdobbins@cisco.com> Wed, 21 January 2009 04:07 UTC
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD77C3A69B3; Tue, 20 Jan 2009 20:07:25 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5FEAD3A69B3 for <opsec@core3.amsl.com>; Tue, 20 Jan 2009 20:07:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.2
X-Spam-Level:
X-Spam-Status: No, score=-6.2 tagged_above=-999 required=5 tests=[AWL=-0.400, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AAt338OyA+d2 for <opsec@core3.amsl.com>; Tue, 20 Jan 2009 20:07:24 -0800 (PST)
Received: from ind-iport-1.cisco.com (ind-iport-1.cisco.com [64.104.129.195]) by core3.amsl.com (Postfix) with ESMTP id B9FAC3A684C for <opsec@ietf.org>; Tue, 20 Jan 2009 20:07:23 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.37,298,1231113600"; d="scan'208";a="41144189"
Received: from hkg-dkim-1.cisco.com ([10.75.231.161]) by ind-iport-1.cisco.com with ESMTP; 21 Jan 2009 04:07:05 +0000
Received: from hkg-core-1.cisco.com (hkg-core-1.cisco.com [64.104.123.94]) by hkg-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n0L474Bg031075 for <opsec@ietf.org>; Wed, 21 Jan 2009 12:07:04 +0800
Received: from [10.74.6.110] (sin-vpn-client-16-186.cisco.com [10.68.16.186]) by hkg-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id n0L472Vp029849 for <opsec@ietf.org>; Wed, 21 Jan 2009 04:07:03 GMT
Message-Id: <19805DE9-0FB7-46C6-8984-DD82A6BB11E4@cisco.com>
From: Roland Dobbins <rdobbins@cisco.com>
To: opsec wg mailing list <opsec@ietf.org>
In-Reply-To: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Wed, 21 Jan 2009 12:07:01 +0800
References: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net>
X-Mailer: Apple Mail (2.930.3)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1288; t=1232510824; x=1233374824; c=relaxed/simple; s=hkgdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rdobbins@cisco.com; z=From:=20Roland=20Dobbins=20<rdobbins@cisco.com> |Subject:=20Re=3A=20[OPSEC]=20draft-ietf-opsec-blackhole-ur pf-00 |Sender:=20; bh=78+2Qd7ihu7t01Ehtl0M0eOHVQ2J5a8CtDqHS64up30=; b=QlnSdeqMg2H2uSo8c7LPCI+yRUFrQeB5xDvIrYuiRFpF/8d8ETRznKVRb/ RdIe7xt338T+U61E+lK+cKgvuJ3IrooHUk6LwBvJ4GsbTFDgNwoi24Re4Obp 88tY3tCCrbCZq/VF4INEp5wV8F6i0B0iKx4hctE54UaOBah1xzPDw=;
Authentication-Results: hkg-dkim-1; header.DKIM-Signature=rdobbins@cisco.com; dkim=fail ( DNS lookup for cisco.com/hkgdkim1002 failed; cisco.com/hkgdk im1002 fail; ); header.From=rdobbins@cisco.com; dkim=neutral
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org On Jan 21, 2009, at 2:21 AM, Warren Kumari wrote:
> I'd like to keep the registered community -- while different > providers will support different subsets of this, having a well > known way to enable this seems good to me. The problem with this is that it lacks granularity, and if this were to come to pass and you tagged your announcement accordingly, you don't know what the result will be, nor where, nor how. We've all seen instances of uncoordinated mitigation which have gone awry and made things worse, not better. Any kind of inter-provider signaling of this type should only be undertaken/work after an explicit mutual understanding has been reached regarding expectations and actual behavior. Given the fact that various operators have implemented various communities for various purposes over time, and given the situationally-specific nature of the blackholing mechanisms themselves, I think that while this is a noble goal, that it simply isn't practical in this particular milieu and should probably be removed. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@cisco.com> // +852.9133.2844 mobile All behavior is economic in motivation and/or consequence. _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
- [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Warren Kumari
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Danny McPherson
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Roland Dobbins
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Roland Dobbins
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Christopher Morrow
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Warren Kumari
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Smith, Donald
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Ryan Mcdowell (rymcdowe)
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Ryan Mcdowell (rymcdowe)
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Joel Jaeggli
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Joel Jaeggli
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Smith, Donald