**Session Date/Time:** 06 Nov 2023 14:30 # secdispatch ## Summary The secdispatch session covered three topics: expected signed mail, on-network path validation, and a sub-DDoS architecture. The discussion on path validation raised concerns about the security benefits and appropriate venue for further work, resulting in a need for more discussion and a potential BAF. The presentation on signed mail focused on user experience challenges and potential solutions, with suggestions for lamps, a BAF, and consultation with the ART area. The sub-DDoS architecture presentation received feedback regarding deployment density and the need for clear use cases. ## Key Discussion Points * **Expected Signed Mail:** * The core issue is the poor user experience and lack of clear benefit for end-to-end signing of email. * Discussion focused on signaling recipient expectations for signed mail. * There was a discussion regarding the relationship to email encryption, user experience, and protocol design. * Molestation of emails in transit was raised as a challenge. * **On-Network Path Validation:** * The presentation explored adding trustworthiness to routing paths. * The core gap is the need for a proof of transit mechanism to verify forwarding integrity. * Concerns were raised about the applicability and potential security issues if trusted parties are not adjacent or if the "transit" proof is not complete. * Preventing spoofing was identified as a potential use case. * It was suggested that misconfiguration detection could be more valuable than security aspects. * **Sub-DDoS Architecture:** * The presentation explored a DDoS architecture leveraging source address validation techniques. * A key idea is the incremental deployment of sub-devices and sharing of spoofed source address information. * Concerns were raised about the necessary density of deployed sub-devices and attack traffic in those networks for the approach to be effective. * The need for clear and realistic use cases was emphasized. * It was mentioned that any such system needed to be evaluated whether it constitutes unacceptable pervasive passive monitoring. ## Decisions and Action Items * **On-Network Path Validation:** * **Decision:** Further discussion is needed before determining a suitable dispatch location. A BAF might be appropriate. * **Action Item:** Presenters will hold a side meeting on Tuesday evening and share the outcome on the sec-dispatch mailing list. * **Expected Signed Mail:** * **Decision:** No immediate dispatch decision. Further consultation is needed with the ART area and potential liaison with the MOG. * **Action Item:** Chairs will consult with ART and consider a BAF. * **Sub-DDoS Architecture:** * **Decision:** More discussion needed; no dispatch at this stage. * **Action Item:** Presenters will propose a clearly defined use case. ## Next Steps * Continue discussions on the sec-dispatch mailing list. * Explore potential BAFs for both On-Network Path Validation and Expected Signed Mail. * Consult with relevant parties (ART, MOG) to determine the best path forward for the discussed topics.