The PILC PEP document, with a few minor exceptions, does not talk about the
right way to implement a PEP. This was very intentional because the IETF does
not want to encourage the development of PEPs, in general (or perhaps at
all). While I can see some possibility in the dim future of standardizing
PEPs as potentially being meaningful work within the IETF (assuming things go
a certain way with the work (which is not even in a working group yet) re
discovering middle boxes and we can figure out a way to authenticate PEPs as a
service), we are definitely not there yet.
On the other hand, a case could be made that an informational document
describing the "right" way to implement a PEP is of interest to the Internet
community. (Not a standard but a set of guidelines.) Such a document does
not belong in any IETF working group (in my opinion) but it might be
appropriate as an independent submission. However, despite the preceeding
sentences (and the fact that I sometimes work on PEPs myself), I, personally,
am not convinced yet that such a document is appropriate. But, if such a
document does get produced, I will very much care that it is written
"correctly". (And, this includes having some big pointers to the implications
discussion in the PILC PEP document.)
John
[email protected] wrote:
>
> Manish-
>
> At the time we discussed this issue during the formation of TCPSAT and PILC
> there was no support in the IETF to standardize ways of spoofing TCP. Our
> compromise, and I thought it was a good one, was to write a document
> desribing the ways that people spoofed TCP, why they felt they needed to do
> it, and to document the risks associated with different mechanisms. This
> document has been developed in the PILC working group, has finished working
> group last call, and is in review by the IESG for publication as an
> Informational RFC -- not an IETF standard. You can find a copy at
> http://www.ietf.org/internet-drafts/draft-ietf-pilc-pep-05.txt.
>
> --aaron
>
> > -----Original Message-----
> > From: Manish Karir [mailto:[email protected]]
> > Sent: Monday, January 15, 2001 1:38 PM
> > To: [email protected]
> > Subject: spoofing standard??
> >
> >
> >
> > I think there is probably enough support on this list and real
> > implementation experience to generate some sort of a spoofing
> > standard?
> >
> > if nothing else an informational document which summarizes the
> > most "correct" way of implementing this. I know there have been
> > papers and descriptions of this before, but something which has the
> > blessings of more than just the authors would be quite
> > useful...that way
> > we would atleast have a common base to argue about :)
> >
> > does anyone else agree on the need for such a document??
> >
> > manish karir
> >
> >
> >
This archive was generated by hypermail 2b29 : Tue Jan 16 2001 - 11:02:35 EST