[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BCP38 - Internet Death Penalty

----- Original Message -----
> From: "Valdis Kletnieks" <Valdis.Kletnieks at vt.edu>

> On Tue, 26 Mar 2013 10:51:45 -0400, Jay Ashworth said:
> > Do we need to define a flag day, say one year hence, and start making the
> > sales pitch to our Corporate Overlords that we need to apply the IDP to
> > edge connections which cannot prove they've implemented BCP38 (or at very
> > least, the source address spoofing provisions thereof)?
> How would one prove this? (In particular, consider the test "have them
> download the spoofer code from SAIL and run it" - I'm positive there
> will be sites that will put in a /32 block for the test machine so it
> "fails" to spoof but leave it open for the rest of the net).

An excellent question.  I suspect the largest collection of problem
networks are cable/DSL eyeball networks; certainly a cabal of network
ops types could be formed, anonymously to the carriers, who could run
test software from home...

I'm sure there are a bunch of ways that could reasonably give you a heads
up that it's time to investigate.  Due process is certainly called for,
but clearly, lesser threats (if any have been made) aren't solving the

Are you conceding that BCP38 *will* solve the problem?  Cause that's 
Question One.

-- jra
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274