[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BCP38 - Internet Death Penalty
- Subject: BCP38 - Internet Death Penalty
- From: jra at baylink.com (Jay Ashworth)
- Date: Tue, 26 Mar 2013 10:51:45 -0400 (EDT)
Ok, let's haul this up out of the other thread.
It seems consensus that the anti-source-address-spoofing provisions (at
least) of BCP38 have long since become critical to mitigating (and eventually
preventing) UDP attacks like DNS reflection and such, and that such attacks
are uniformly considered Bad Things.
It also seems that, with 13 years to get it done, even if equipment makers
have put usable working knobs into their edge routers and concentrators,
sufficient numbers of IAPs have not started turning them on.
The problem here is, of course, one of externalities and the Common Good,
hard sales to make in a business environment.
But have we reached the point where it's time to start trying?
Do we need to define a flag day, say one year hence, and start making the
sales pitch to our Corporate Overlords that we need to apply the IDP to
edge connections which cannot prove they've implemented BCP38 (or at very
least, the source address spoofing provisions thereof)? Put this in
contracts and renewals, with the same penalty?
Do the engineering heads at the top 10 tier-1/2 carriers carry enough water
to make that sale to the CEOs?
-- jr 'will rouse rabble for food' a
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274