RE: draft-ietf-opsec-infrastructure-security-01 - InfrastructureHiding

["Fergie" <fergdawg@netzero.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- Pekka Savola <pekkas@netcore.fi> wrote:

>On Thu, 3 May 2007, Smith, Donald wrote:
>> When BCP38 was written in 2000 some ingress filtering concepts had 
>> been adopted by many ISPs but it was not the Best "Current" Practice 
>> nor the Best "Common" Practice. It has since been fairly widely 
>> adopted but I am not sure that today it has been implemented on more 
>> then 50% of the router interfaces. Would 50% adoption qualify it as 
>> a "common" practice?
>
>How does deploying BCP38 towards your customer cause bad effects to 
the customer?  Any loss of debuggability of network failures?
>
>(I'm excluding scenarios where the customer is using multiple prefixes 
from multiple ISPs here, because I doubt you'd be disabling that via 
uRPF in any case.)
>

Speaking of BCP38, I do hope you all saw this:

 http://www.ripe.net/ripe/maillists/archives/spoofing-tf/2007/msg00000.html

...but I digress. :-)

Having said that (and apologies for hijacking this thread), I would
like to solicit folks to join the discussion on a Source Address
Validation Architecture (SAVA) which I personally plan to enliven over
the weekend (since they've finally gotten the mailing list problems
resolved). Please feel free to contribute -- I think that, once
re-scoped, this might be a valuable effort to bring into the IETF.

Mailing list:
http://www.nrc.tsinghua.edu.cn/mailman/listinfo/sava

Minor note: Archives are now actually at:
http://mail.nrc.tsinghua.edu.cn/pipermail/sava/

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)

wj8DBQFGOtVSq1pz9mNUZTMRAiWIAKD4ts5rNS1yJV2MZf26n/rLr1MgIwCfZFGA
0E3xzjabLuxJpa0Y8adSCMk=
=v41X
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/