[iab-chair@iab.org: Call for Review of draft-iab-filtering-considerations-06.txt, "Technical Considerations for Internet Service Blocking and Filtering"]
It's IETF stuff. Operator sanity check would probably be appreciated. :-) -- Jeff ----- Forwarded message from IAB Chair <iab-chair@iab.org> ----- Date: Wed, 29 Jan 2014 11:16:56 -0500 From: IAB Chair <iab-chair@iab.org> To: IETF Announce <ietf-announce@ietf.org> Cc: IAB <iab@iab.org>, IETF <ietf@ietf.org> Subject: Call for Review of draft-iab-filtering-considerations-06.txt, "Technical Considerations for Internet Service Blocking and Filtering" This is a call for review of "Technical Considerations for Internet Service Blocking and Filtering" prior to potential approval as an IAB stream RFC. The document is available for inspection here: https://datatracker.ietf.org/doc/draft-iab-filtering-considerations/ The Call for Review will last until 26 February 2014. Please send comments to iab@iab.org. On behalf of the IAB, Russ Housley IAB Chair ----- End forwarded message -----
On Wed, Feb 05, 2014 at 02:17:27PM -0500, Jeffrey Haas wrote:
It's IETF stuff. Operator sanity check would probably be appreciated. :-)
Speaking as a member of the IAB but not for the IAB, I would certainly appreciate that review. A -- Andrew Sullivan Dyn, Inc. asullivan@dyn.com v: +1 603 663 0448
This is a call for review of "Technical Considerations for Internet Service Blocking and Filtering" prior to potential approval as an IAB stream RFC.
The document is available for inspection here: https://datatracker.ietf.org/doc/draft-iab-filtering-considerations/
The Call for Review will last until 26 February 2014. Please send comments to iab@iab.org.
Howdy, Some initial thoughts: I'm not sure about the difference between network blocking and endpoint blocking, but I think differences between the three major types of network blocking are at least as significant as the difference between network blocking and rendezvous blocking. If the document calls out rendezvous blocking, it should call out all three types of network blocking as well. Each has very different characteristics which would be more effectively graded on the document's criteria if discussed separately. The three major types of networking blocking are: packet blocking - only packets meeting certain criteria are allowed, (e.g. IP destination address 10.0.0.1, inbound TCP with the ACK flag set) stateful connection blocking - only packets belonging to layer-4 connections meeting certain criteria are allowed (e.g. TCP initiated to port 80 outbound, TCP initiated to port 443 outbound) protocol blocking - only connections containing specific known protocols (e.g. http, ssl) are allowed, or alternately specific identifiable protocols are blacklisted The latter is a relatively new (within the last half decade) thing that has become widely implemented in large enterprises. It started out as deep packet inspection but has become much more. Also, section 4.1.3 treats asymmetric routing as if it was usually or always outside the control of the blocking entity. That's not reasonable. There are as many network blocking scenarios where the blocking authority can enforce symmetric routing as there are scenarios where it can't. The efficacy discussion should recognize that you have those two groups of scenarios and that the efficacy of network blocking varies in each. Further, the user's ability to tunnel around such blocks depends heavily on the type of network blocking. Packet blocking can generally be tunneled around given cooperating endpoints. When protocol blocking is active, that proves far more challenging. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On 05/02/2014 19:17, Jeffrey Haas wrote:
It's IETF stuff. Operator sanity check would probably be appreciated. :-)
Jeff, maybe run this past grow@ietf? Nick
----- Forwarded message from IAB Chair <iab-chair@iab.org> -----
Date: Wed, 29 Jan 2014 11:16:56 -0500 From: IAB Chair <iab-chair@iab.org> To: IETF Announce <ietf-announce@ietf.org> Cc: IAB <iab@iab.org>, IETF <ietf@ietf.org> Subject: Call for Review of draft-iab-filtering-considerations-06.txt, "Technical Considerations for Internet Service Blocking and Filtering"
This is a call for review of "Technical Considerations for Internet Service Blocking and Filtering" prior to potential approval as an IAB stream RFC.
The document is available for inspection here: https://datatracker.ietf.org/doc/draft-iab-filtering-considerations/
The Call for Review will last until 26 February 2014. Please send comments to iab@iab.org.
On behalf of the IAB, Russ Housley IAB Chair
----- End forwarded message -----
participants (4)
-
Andrew Sullivan
-
Jeffrey Haas
-
Nick Hilliard
-
William Herrin