IETF Logo Mail Archive

Re: [OPSEC] Reminder: Call for WG adoption of draft-sriram-opsec-urpf-improvements

Amir Herzberg <amir.lists@gmail.com> Wed, 18 April 2018 03:11 UTC

Return-Path: <amir.herzberg@gmail.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A907A129C51 for <opsec@ietfa.amsl.com>; Tue, 17 Apr 2018 20:11:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kJ0wnd8QB7Kg for <opsec@ietfa.amsl.com>; Tue, 17 Apr 2018 20:11:23 -0700 (PDT)
Received: from mail-io0-x22f.google.com (mail-io0-x22f.google.com [IPv6:2607:f8b0:4001:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2DDA129C6B for <opsec@ietf.org>; Tue, 17 Apr 2018 20:11:22 -0700 (PDT)
Received: by mail-io0-x22f.google.com with SMTP id a7-v6so682890ioc.12 for <opsec@ietf.org>; Tue, 17 Apr 2018 20:11:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=+M7Gnc1O+AuoOQiCLFQS6rVSc1AYiQp0ueA9CT/g0KU=; b=MIt8KxiqTo/9WyzyYNQcByMwvFcYLmRc1KaPpKXcyYx16fa2dGhqrBdBjEXpdUAizP rAELoXcU8zJVTUCHgtAxedYgK7Wzm3myZPY0BEuj6iAJGd0sSxYWdFwXFZ6z6lQotAqh RTdNHqeiVg6lveSAoRa/leZDxr7FrL4rqS5Efs1xspnAz8U3t4Wh7ouB7yojrfMdC8hV 3yk8lu+l811wS81qgxgS0sYh3OeuhnIuTYgqsFh/gsRYP6IhoQugIEG3ZeXtEFvq6kT0 OxwJEV/sDNdvd+ugDyZFfcUTmw4YI2lzdMzWbzFVhT5kXwcVqRl38t8Y4SwoiUUSF4H3 aHpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=+M7Gnc1O+AuoOQiCLFQS6rVSc1AYiQp0ueA9CT/g0KU=; b=QegTa+3mqV86lVQs4EMarYslhmUoF0s8Rv//eexbuzINkmz+7KnPmO/ge2v0S3KocB zX/TkblehCm9/7DHjx0AVQnXRIUtCViYni2mU0qgm+5r/0wyMXFj6CxeAUtn/w5+yIzN XavdCW0E0VkLfchsGacC3oXFWQJHu4Spl7B54zpA4W+UXsvgLq1sWsiQpTa2O+tqqUAd jFzxtQ+YDxwHbQz6TZchQDCQrTl51Bf+38RF2HkBZodeuywm4MOQYPmyzjihoYCec9fo eOpIdL0cAb7qJZkFLHKOoE3ZyYRbHMhF0k+OZP/iaAsP69QSVqkfersj1mNwemjtxPHh yW7g==
X-Gm-Message-State: ALQs6tA9WDS4bzMtaovklA9qmB1IV075m4MMrzLqQ9flgDtouTmPUe5b MM+gR67A3cPHZKQevFgDzkVuAQEilM2QM0l8hsbK6KPn
X-Google-Smtp-Source: AB8JxZrg2U2M6yoveZmSV3Rj9LVej2dQsYibizHTJfmg4ZxaeR8d17CAztDp5PhXYufsxk9w0mqWLcuM6AGiDJ4GVv0=
X-Received: by 2002:a6b:1dd5:: with SMTP id d204-v6mr274734iod.205.1524021081739; Tue, 17 Apr 2018 20:11:21 -0700 (PDT)
MIME-Version: 1.0
Sender: amir.herzberg@gmail.com
Received: by 2002:a4f:bb0c:0:0:0:0:0 with HTTP; Tue, 17 Apr 2018 20:11:01 -0700 (PDT)
From: Amir Herzberg <amir.lists@gmail.com>
Date: Tue, 17 Apr 2018 23:11:01 -0400
X-Google-Sender-Auth: TwqgnbKzh5OJzBr8BqjU35Y7smU
Message-ID: <CAHBw0M_o-HeqjOd2vCY0nhzn4cc-Ahe1-6M7kzB2v_HRTXypKw@mail.gmail.com>
To: opsec@ietf.org
Content-Type: multipart/alternative; boundary="0000000000003514bf056a16cf2e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/je0nMomalk8E-rz_-WPfDfRp9pk>
Subject: Re: [OPSEC] Reminder: Call for WG adoption of draft-sriram-opsec-urpf-improvements
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2018 03:11:25 -0000

I support the adoption of "draft-sriram-opsec-urpf-improvements" as an
OPSEC Working Group document.

This is based on my review of the draft and the IETF 101 presentation.

Let me mention that I think the WG should also consider potential use of
RPKI as a complementary mechanism to improve uRPF. Namely, if there is an
ROA for the prefix-origin pair, it should be allowed (even if the
(enhanced/preferred)uRPF check fails. In a future (fantasy?) where RPKI is
widely deployed, this solution may have even been better. I'm aware that
this is, unfortuately, far cry from current situation, hence I definitely
support moving forward with this draft. My comment can be discussed as part
of this or separately (or not at all).

thanks, Amir
-- 
Amir Herzberg
Comcast professor for security innovation
Dept. of Computer Science and Engineering, University of Connecticut

Publications:
https://www.researchgate.net/profile/Amir_Herzberg/contributions
<https://www.researchgate.net/profile/Amir_Herzberg/publications>
Lecture notes in intro to cyber-security:
https://www.researchgate.net/project/Lecture-notes-on-Introduction-to-Cyber-Security

v2.23.0 | Report a Bug | By Email