-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As a follow-up to my previous message re: "RFC2827-bis comments solicitation", we now have a dedicated mailing list for discussion of bringing BCP38 up-to-date: [snip] ietf-bcp38bis mailing list The ietf-bcp38bis mailing list is for discussing an update to BCP 38, "Network Ingress Filtering". To subscribe to the mailing list, send a message to: ietf-bcp38bis-request@vpnc.org ...with the single word 'subscribe' in the body of the message. [snip] The web site for this mailing list is sponsored by the VPN Consortium. If you have any suggestions for additions or corrections to this web page, please send them to paul.hoffman(at)vpnc.org. Many thanks to Paul Hoffman for hosting the list. - - ferg
First, sorry for any duplicates, but we wanted to reach all interested parties.
After several discussions with many different folks last week at IETF 67 in San Diego, as well as various people over the course of the past few months, Dan Senie and I have decided to undertake an effort to "update" RFC2827/BCP38 [1].
I know that I'm not the only person who has heard various discussions in the past couple of years that concluded that (paraphrased), "BCP38 needs to be updated."
Now is your chance to speak up. :-)
We would very much like to solicit comments & suggestions from the community-at-large on areas where you feel BCP38 is lacking, or in areas where you feel it does not properly address with regards to prohibiting source-spoofed traffic from any given administrative network boundary, given that some technical aspects of the Internet may have changed since it's publication.
While we acknowledge that a uniform application of a source address verification architecture/ingress filtering scheme will not mitigate _all_ "unwanted traffic" [2] in the Internet, it will most certainly address the issue of hosts which attempt to source-spoof traffic into the Internet.
I have not set up a mailing list for this yet, but if there is enough discussion/input, I will make an effort to do so (or perhaps the SAVA mailing list [3] might be a good place for discussion). In the interim, you can contact me or Dan directly:
Paul Ferguson: fergdawg(at)netzero.net Dan Senie: dts(at)senie.com
Thanks,
fergie & dan
p.s. Also, for anyone who might be interesting in related work, there is an effort to bring some additional work into the IETF called SAVA, or Source Address Validation Architecture [4].
[1] http://www.rfc-editor.org/rfc/rfc2827.txt [2] http://www.iab.org/about/workshops/unwantedtraffic/index.html [3] http://www.nrc.tsinghua.edu.cn/mailman/listinfo/sava [4] http://www.nrc.tsinghua.edu.cn/pipermail/sava/2006-September/000004.html
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.1 (Build 1557) wj8DBQFFXgK9q1pz9mNUZTMRArqOAKDzeVk2VCfD/Ru0OtrgtNLyJ90MqACePChS 2dqaaWAbXonj185jAtwnZ8Q= =jieX -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/