Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof-05.txt (Ends 2 Feb 2007)
Pekka Savola <pekkas@netcore.fi> Sat, 03 February 2007 06:50 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HDEj8-0001wF-2n; Sat, 03 Feb 2007 01:50:22 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HDEj7-0001wA-3I for tcpm@ietf.org; Sat, 03 Feb 2007 01:50:21 -0500
Received: from eunet-gw.ipv6.netcore.fi ([2001:670:86:3001::1] helo=netcore.fi) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HDEj5-00072z-Is for tcpm@ietf.org; Sat, 03 Feb 2007 01:50:21 -0500
Received: from localhost (pekkas@localhost) by netcore.fi (8.12.11.20060614/8.12.11) with ESMTP id l136o9jV031839; Sat, 3 Feb 2007 08:50:10 +0200
Date: Sat, 03 Feb 2007 08:50:09 +0200
From: Pekka Savola <pekkas@netcore.fi>
To: Joe Touch <touch@ISI.EDU>
Subject: Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof-05.txt (Ends 2 Feb 2007)
In-Reply-To: <45C42E9F.3000107@isi.edu>
Message-ID: <Pine.LNX.4.64.0702030848100.31792@netcore.fi>
References: <20070118012440.GC1540@hut.isi.edu> <20070126174742.GF44355@hut.isi.edu> <20070202185415.GC35900@hut.isi.edu> <Pine.LNX.4.64.0702022117390.18960@netcore.fi> <45C42E9F.3000107@isi.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Virus-Scanned: ClamAV 0.88.7/2517/Fri Feb 2 18:47:59 2007 on otso.netcore.fi
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL, BAYES_00, NO_RELAYS autolearn=ham version=3.1.7
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on otso.netcore.fi
X-Spam-Score: -2.8 (--)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
Cc: tcpm@ietf.org, Ted Faber <faber@ISI.EDU>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
On Fri, 2 Feb 2007, Joe Touch wrote: >> As a result, address filtering is not a local solution that can be >> deployed to protect communicating pairs, but rather relies on a >> distributed infrastructure of trusted gateways filtering forged >> traffic where it enters the network. It is not feasible for local, >> incremental deployment, and relies heavily on distributed >> cooperation. Although useful to reduce the load of spoofed traffic, >> it is insufficient to protect particular connections from attack >> [29]. ... >> But a smaller delta to the current text might also be OK even if it is >> less explicit, for example: >> >> As a result, address filtering is not a local solution that can be >> deployed to protect communicating pairs, but rather relies on a >> distributed infrastructure of trusted gateways filtering forged >> traffic where it enters the network. It is not feasible as a >> general solution due to the lack universal deployment, but >> may be applicable to connections among those inside the protected >> border in some scenarios. Applying filtering also reduces >> the load of spoofed traffic [29]. > > I agree with the second sentence, which might be useful to include. As to the > last sentence, this document focuses on endpoint mechanisms for defense, and > doesn't address upstream load reduction. I don't care about the last sentence, and it could be removed or reworded. It was just an attempt to rephrase the last sentence in the original (above) so that reference [29] is preserved. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof-05.… Ted Faber
- Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof… Wesley Eddy
- Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof… Ted Faber
- [tcpm] AD review of draft-ietf-tcpm-tcp-antispoof… Lars Eggert
- Re: [tcpm] AD review of draft-ietf-tcpm-tcp-antis… Joe Touch
- Re: [tcpm] AD review of draft-ietf-tcpm-tcp-antis… Lars Eggert
- Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof… Ted Faber
- Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof… Pekka Savola
- Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof… Joe Touch
- Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof… Pekka Savola
- Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof… Joe Touch
- Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof… Lars Eggert
- Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof… Ted Faber
- Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof… Joe Touch
- Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof… Joe Touch
- Re: [tcpm] WGLC for draft-ietf-tcpm-tcp-antispoof… Mark Allman