Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof-05.txt (Ends 2 Feb 2007)

On Fri, 2 Feb 2007, Joe Touch wrote:
>>    As a result, address filtering is not a local solution that can be
>>     deployed to protect communicating pairs, but rather relies on a
>>     distributed infrastructure of trusted gateways filtering forged
>>     traffic where it enters the network.  It is not feasible for local,
>>     incremental deployment, and relies heavily on distributed
>>     cooperation.  Although useful to reduce the load of spoofed traffic,
>>     it is insufficient to protect particular connections from attack
>>     [29].
...
>>  But a smaller delta to the current text might also be OK even if it is
>>  less explicit, for example:
>>
>>     As a result, address filtering is not a local solution that can be
>>     deployed to protect communicating pairs, but rather relies on a
>>     distributed infrastructure of trusted gateways filtering forged
>>     traffic where it enters the network.  It is not feasible as a
>>     general solution due to the lack universal deployment, but
>>     may be applicable to connections among those inside the protected
>>     border in some scenarios.  Applying filtering also reduces
>>     the load of spoofed traffic [29].
>
> I agree with the second sentence, which might be useful to include. As to the 
> last sentence, this document focuses on endpoint mechanisms for defense, and 
> doesn't address upstream load reduction.

I don't care about the last sentence, and it could be removed or 
reworded.  It was just an attempt to rephrase the last sentence in the 
original (above) so that reference [29] is preserved.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm