[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BCP38 - Internet Death Penalty
- Subject: BCP38 - Internet Death Penalty
- From: jra at baylink.com (Jay Ashworth)
- Date: Tue, 26 Mar 2013 11:09:21 -0400 (EDT)
- In-reply-to: <[email protected]>
----- Original Message -----
> From: "Valdis Kletnieks" <Valdis.Kletnieks at vt.edu>
> On Tue, 26 Mar 2013 10:51:45 -0400, Jay Ashworth said:
>
> > Do we need to define a flag day, say one year hence, and start making the
> > sales pitch to our Corporate Overlords that we need to apply the IDP to
> > edge connections which cannot prove they've implemented BCP38 (or at very
> > least, the source address spoofing provisions thereof)?
>
> How would one prove this? (In particular, consider the test "have them
> download the spoofer code from SAIL and run it" - I'm positive there
> will be sites that will put in a /32 block for the test machine so it
> "fails" to spoof but leave it open for the rest of the net).
An excellent question. I suspect the largest collection of problem
networks are cable/DSL eyeball networks; certainly a cabal of network
ops types could be formed, anonymously to the carriers, who could run
test software from home...
I'm sure there are a bunch of ways that could reasonably give you a heads
up that it's time to investigate. Due process is certainly called for,
but clearly, lesser threats (if any have been made) aren't solving the
problem.
Are you conceding that BCP38 *will* solve the problem? Cause that's
Question One.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274