Source Address Validation in Intra-domain and Inter-domain Networks
charter-ietf-savnet-01
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2023-03-29
|
01 | Amy Vezza | Responsible AD changed to Jim Guichard from Alvaro Retana |
2022-06-17
|
01 | Cindy Morgan | New version available: charter-ietf-savnet-01.txt |
2022-06-17
|
00-05 | Cindy Morgan | State changed to Approved from External Review (Message to Community, Selected by Secretariat) |
2022-06-17
|
00-05 | Cindy Morgan | IESG has approved the charter |
2022-06-17
|
00-05 | Cindy Morgan | Closed "Approve" ballot |
2022-06-17
|
00-05 | Cindy Morgan | WG action text was changed |
2022-06-17
|
00-05 | Cindy Morgan | New version available: charter-ietf-savnet-00-05.txt |
2022-06-17
|
00-04 | Cindy Morgan | Added charter milestone "Submit operations and management for Inter-domain networks document to the IESG for publication", due March 2025 |
2022-06-17
|
00-04 | Cindy Morgan | Added charter milestone "Adopt operations and management for Inter-domain networks document", due November 2024 |
2022-06-17
|
00-04 | Cindy Morgan | Added charter milestone "Submit the Inter-Domain Architecture document to the IESG for publication", due November 2024 |
2022-06-17
|
00-04 | Cindy Morgan | Added charter milestone "Submit operations and management for Intra-domain networks document to the IESG for publication", due July 2024 |
2022-06-17
|
00-04 | Cindy Morgan | Added charter milestone "Adopt the Inter-Domain Architecture document", due March 2024 |
2022-06-17
|
00-04 | Cindy Morgan | Added charter milestone "Adopt operations and management for Intra-domain networks document", due March 2024 |
2022-06-17
|
00-04 | Cindy Morgan | Added charter milestone "Submit the Intra-Domain Architecture document to the IESG for publication", due March 2024 |
2022-06-17
|
00-04 | Cindy Morgan | Added charter milestone "Adopt the Intra-Domain Architecture document", due July 2023 |
2022-06-17
|
00-04 | Cindy Morgan | Added charter milestone "Adopt the Problem Statement, Use Cases, and Requirements document", due November 2022 |
2022-06-16
|
00-04 | Alvaro Retana | New version available: charter-ietf-savnet-00-04.txt |
2022-06-16
|
00-03 | Éric Vyncke | [Ballot Position Update] Position for Éric Vyncke has been changed to Yes from No Objection |
2022-06-16
|
00-03 | Lars Eggert | [Ballot comment] # GEN AD review of charter-ietf-savnet-03 CC @larseggert ## Comments ### Paragraph 2 ``` The "Source Address Validation in Intra-domain and Inter-domain … [Ballot comment] # GEN AD review of charter-ietf-savnet-03 CC @larseggert ## Comments ### Paragraph 2 ``` The "Source Address Validation in Intra-domain and Inter-domain Networks (SAVNET)" working group will define routing protocol-independent architectures and procedures to accurately determine the valid incoming router interfaces for specific source prefixes. The accuracy of the new SAV mechanisms is expected to improve upon the current ones. The WG will not work on extending existing mechanisms. ``` Should publication of any new mechanisms be contingent on improving on the current ones? ### "WG", paragraph 0 ``` The scope of the SAVNET WG includes the SAV function for both intra-domain and inter-domain networks and the validation of both IPv4 and IPv6 addresses. The WG will address intra-domain solutions first and focus on routing protocol- based mechanisms. ``` While the text says the "WG will address intra-domain solutions first", what does this mean in practice and how will it be enforced? There is nothing gating work on inter-domain solutions on the completion of the intra-domain ones. The proposed milestones below only express an aspirational order of work. ### "WG", paragraph 8 ``` After each of the items above has reached WG consensus, a discussion about whether it is appropriate to continue must occur. ``` I don't know what is meant by this. When something reaches WG consensus, shouldn't it be obvious that the WG has decided that the item is appropriate to continue work on (towards completing it?) ## Nits All comments below are about very minor potential issues that you may choose to address in some way - or ignore - as you see fit. Some were flagged by automated tools (via https://github.com/larseggert/ietf-reviewtool), so there will likely be some false positives. There is no need to let me know what you did with these suggestions. ### Typos #### Paragraph 1 ``` - (SAVNET)" working group will define routing protocol-independent architectures - ^ + (SAVNET)" working group will define routing-protocol-independent architectures + ^ ``` ## Notes This review is in the ["IETF Comments" Markdown format][ICMF], You can use the [`ietf-comments` tool][ICT] to automatically convert this review into individual GitHub issues. Review generated by the [`ietf-reviewtool`][IRT]. [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md [ICT]: https://github.com/mnot/ietf-comments [IRT]: https://github.com/larseggert/ietf-reviewtool |
2022-06-16
|
00-03 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded for Lars Eggert |
2022-06-16
|
00-03 | Francesca Palombini | [Ballot Position Update] New position, No Objection, has been recorded for Francesca Palombini |
2022-06-15
|
00-03 | Robert Wilton | [Ballot Position Update] New position, Yes, has been recorded for Robert Wilton |
2022-06-15
|
00-03 | Roman Danyliw | [Ballot Position Update] New position, No Objection, has been recorded for Roman Danyliw |
2022-06-15
|
00-03 | Paul Wouters | [Ballot Position Update] New position, Yes, has been recorded for Paul Wouters |
2022-06-15
|
00-03 | Zaheduzzaman Sarker | [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker |
2022-06-14
|
00-03 | Erik Kline | [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline |
2022-06-12
|
00-03 | Murray Kucherawy | [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy |
2022-06-12
|
00-03 | Éric Vyncke | [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke |
2022-06-09
|
00-03 | Alvaro Retana | [Ballot Position Update] New position, Yes, has been recorded for Alvaro Retana |
2022-06-09
|
00-03 | Alvaro Retana | New version available: charter-ietf-savnet-00-03.txt |
2022-06-03
|
00-02 | Cindy Morgan | Telechat date has been changed to 2022-06-16 from 2022-06-02 |
2022-06-03
|
00-02 | Cindy Morgan | WG new work message text was changed |
2022-06-03
|
00-02 | Cindy Morgan | WG review text was changed |
2022-06-03
|
00-02 | Cindy Morgan | WG new work message text was changed |
2022-06-03
|
00-02 | Cindy Morgan | WG review text was changed |
2022-06-03
|
00-02 | Cindy Morgan | WG review text was changed |
2022-06-03
|
00-02 | Cindy Morgan | WG review text was changed |
2022-06-03
|
00-02 | Cindy Morgan | Created "Approve" ballot |
2022-06-03
|
00-02 | Cindy Morgan | Closed "Ready for external review" ballot |
2022-06-03
|
00-02 | Cindy Morgan | State changed to External Review (Message to Community, Selected by Secretariat) from Start Chartering/Rechartering (Internal Steering Group/IAB Review) |
2022-06-02
|
00-02 | Roman Danyliw | [Ballot Position Update] New position, No Objection, has been recorded for Roman Danyliw |
2022-06-02
|
00-02 | Alvaro Retana | New version available: charter-ietf-savnet-00-02.txt |
2022-06-02
|
00-01 | Robert Wilton | [Ballot Position Update] New position, No Objection, has been recorded for Robert Wilton |
2022-06-02
|
00-01 | Éric Vyncke | [Ballot comment] Thanks for addressing my concerns about restricting the work items to routing protocols extensions. I would appreciate it though if the charter was … [Ballot comment] Thanks for addressing my concerns about restricting the work items to routing protocols extensions. I would appreciate it though if the charter was even more restrictive by stating that the WG won't work in the neighbour discovery / address selection parts (i.e., DHCP, NDP, ARP). |
2022-06-02
|
00-01 | Éric Vyncke | [Ballot Position Update] Position for Éric Vyncke has been changed to No Objection from Block |
2022-06-02
|
00-01 | Zaheduzzaman Sarker | [Ballot comment] With the recent updates due to IESG review, the charter looks much better. One simple thing - it says : The WG … [Ballot comment] With the recent updates due to IESG review, the charter looks much better. One simple thing - it says : The WG Chairs will define the specific criteria and determine that rough consensus has been reached before continuing. The WG may be rechartered or closed if rough consensus is not reached. isn't it the regular process of rechartering? if yes, then why do we need to spell it out for this WG and charter? |
2022-06-02
|
00-01 | Zaheduzzaman Sarker | [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker |
2022-06-01
|
00-01 | Murray Kucherawy | [Ballot comment] I concur with Martin's second point. At first glance it feels like (2) and (3) in that list could possibly be combined. |
2022-06-01
|
00-01 | Murray Kucherawy | [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy |
2022-06-01
|
00-01 | Erik Kline | [Ballot comment] # Internet AD comments for {charter-ietf-savnet-00-01} CC @ekline ## Comments * Here's hoping: no more wikis. Maybe a git repo … [Ballot comment] # Internet AD comments for {charter-ietf-savnet-00-01} CC @ekline ## Comments * Here's hoping: no more wikis. Maybe a git repo would be an option instead. ;-D |
2022-06-01
|
00-01 | Erik Kline | [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline |
2022-06-01
|
00-01 | Alvaro Retana | New version available: charter-ietf-savnet-00-01.txt |
2022-05-31
|
00-00 | Martin Duke | [Ballot comment] It was not entirely clear to me from the charter if this work would authenticate addresses for data plane packets, control plane packets, … [Ballot comment] It was not entirely clear to me from the charter if this work would authenticate addresses for data plane packets, control plane packets, or both. Also, I'm disinclined to have 3 architecture & requirements documents delivered to the IESG. Can some of these be working documents? I'd be be happy with zero being submitted, but certainly 3 seems excessive. |
2022-05-31
|
00-00 | Martin Duke | [Ballot Position Update] New position, No Objection, has been recorded for Martin Duke |
2022-05-31
|
00-00 | Alvaro Retana | Responsible AD changed to Alvaro Retana |
2022-05-30
|
00-00 | Lars Eggert | [Ballot comment] # GEN AD review of charter-ietf-savnet-00 CC @larseggert ## Comments ### Paragraph 2 ``` Source address validation (SAV) is one important way … [Ballot comment] # GEN AD review of charter-ietf-savnet-00 CC @larseggert ## Comments ### Paragraph 2 ``` Source address validation (SAV) is one important way to mitigate source address spoofing attacks. Therefore, it is desirable to deploy SAV in intra-domain and inter-domain networks. However, existing SAV mechanisms like uRPF-related technologies may improperly permit spoofed traffic or block legitimate traffic. ``` I thought the existing SAV work in the IETF was only specified for intra-domain usage, and that one of the main motivations for SAVNET was to extend this to inter-domain usage. If so, the paragraph above should make this much more clear, and other text (e.g., the following paragraph) could also be improved. ### Paragraph 1 ``` The "Source Address Validation in Intra-domain and Inter-domain Networks (SAVNET)" working group will define protocol-independent architectures and procedures whose accuracy improves upon current SAV mechanisms. Specifically, the SAVNET WG will define mechanisms to accurately determine valid incoming physical or virtual router interfaces for specific source prefixes. ``` What does "protocol-independent" mean here? IP-version-agnostic? Also, I'd appreciate a few more words on what kinds of improvements to SAV are in scope. "Protocol-independent architectures and procedures whose accuracy improves upon current SAV mechanisms" is much more general than "mechanisms to accurately determine valid incoming physical or virtual router interfaces for specific source prefixes". Is only the latter in scope? Or is it given as an example of the much broader first sentence? ## Notes This review is in the ["IETF Comments" Markdown format][ICMF], You can use the [`ietf-comments` tool][ICT] to automatically convert this review into individual GitHub issues. Review generated by the [`ietf-reviewtool`][IRT]. [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md [ICT]: https://github.com/mnot/ietf-comments [IRT]: https://github.com/larseggert/ietf-reviewtool |
2022-05-30
|
00-00 | Lars Eggert | Ballot comment text updated for Lars Eggert |
2022-05-30
|
00-00 | Éric Vyncke | [Ballot block] I was about to ballot a YES on this important piece of work for the security of the global Internet but the changes … [Ballot block] I was about to ballot a YES on this important piece of work for the security of the global Internet but the changes in SAVNET charter from the original BoF changed my ballot in a "BLOCK" position, which should be easy to address with some clarifications. My blocking issue is about adding intra-domain in SAVNET after SAVI WG is completed and many SAVI mechanisms are successfully deployed in the access at least. IMHO, there must be a mention in the charter that the intra-domain part is beyond the access layer. Else, there is ambiguity whether NDP/ARP/DHCP are to be handled/modified by SAVNET, i.e., INT area should also be included in the discussion. This should be easy to clarify. This is important, so, please continue the work once the above is addressed. |
2022-05-30
|
00-00 | Éric Vyncke | [Ballot comment] Like Lars, I find "protocol-independent architectures" a little unclear. In "incoming physical or virtual router interfaces", should there really be a difference in … [Ballot comment] Like Lars, I find "protocol-independent architectures" a little unclear. In "incoming physical or virtual router interfaces", should there really be a difference in physical vs. virtual ? Isn't it implicit ? s/a threat model of the proposed architecture/a threat model addressed by the proposed architecture/ |
2022-05-30
|
00-00 | Éric Vyncke | [Ballot Position Update] New position, Block, has been recorded for Éric Vyncke |
2022-05-30
|
00-00 | Lars Eggert | [Ballot comment] # GEN AD review of charter-ietf-savnet-00 CC @larseggert ## Comments ### Paragraph 2 ``` Source address validation (SAV) is one important way … [Ballot comment] # GEN AD review of charter-ietf-savnet-00 CC @larseggert ## Comments ### Paragraph 2 ``` Source address validation (SAV) is one important way to mitigate source address spoofing attacks. Therefore, it is desirable to deploy SAV in intra-domain and inter-domain networks. However, existing SAV mechanisms like uRPF-related technologies may improperly permit spoofed traffic or block legitimate traffic. ``` I thought the existing SAV work in the IETF was only specified for inter-domain usage, and that one of the main motivations for SAVNET was to extend this to intra-domain usage. If so, the paragraph above should make this much more clear, and other text (e.g., the following paragraph) could also be improved. ### Paragraph 1 ``` The "Source Address Validation in Intra-domain and Inter-domain Networks (SAVNET)" working group will define protocol-independent architectures and procedures whose accuracy improves upon current SAV mechanisms. Specifically, the SAVNET WG will define mechanisms to accurately determine valid incoming physical or virtual router interfaces for specific source prefixes. ``` What does "protocol-independent" mean here? IP-version-agnostic? Also, I'd appreciate a few more words on what kinds of improvements to SAV are in scope. "Protocol-independent architectures and procedures whose accuracy improves upon current SAV mechanisms" is much more general than "mechanisms to accurately determine valid incoming physical or virtual router interfaces for specific source prefixes". Is only the latter in scope? Or is it given as an example of the much broader first sentence? ## Notes This review is in the ["IETF Comments" Markdown format][ICMF], You can use the [`ietf-comments` tool][ICT] to automatically convert this review into individual GitHub issues. Review generated by the [`ietf-reviewtool`][IRT]. [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md [ICT]: https://github.com/mnot/ietf-comments [IRT]: https://github.com/larseggert/ietf-reviewtool |
2022-05-30
|
00-00 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded for Lars Eggert |
2022-05-23
|
00-00 | Cindy Morgan | Placed on agenda for telechat - 2022-06-02 |
2022-05-23
|
00-00 | Alvaro Retana | [Ballot Position Update] New position, Yes, has been recorded for Alvaro Retana |
2022-05-23
|
00-00 | Alvaro Retana | WG action text was changed |
2022-05-23
|
00-00 | Alvaro Retana | WG review text was changed |
2022-05-23
|
00-00 | Alvaro Retana | WG review text was changed |
2022-05-23
|
00-00 | Alvaro Retana | Created "Ready for external review" ballot |
2022-05-23
|
00-00 | Alvaro Retana | State changed to Start Chartering/Rechartering (Internal Steering Group/IAB Review) from Not currently under review |
2022-05-13
|
00-00 | Alvaro Retana | New version available: charter-ietf-savnet-00-00.txt |