BCP38 - Internet Death Penalty

• Previous message (by thread): BCP38 - Internet Death Penalty
• Next message (by thread): BCP38 - Internet Death Penalty
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message -----
> From: "Valdis Kletnieks" <Valdis.Kletnieks at vt.edu>

> On Tue, 26 Mar 2013 10:51:45 -0400, Jay Ashworth said:
> 
> > Do we need to define a flag day, say one year hence, and start making the
> > sales pitch to our Corporate Overlords that we need to apply the IDP to
> > edge connections which cannot prove they've implemented BCP38 (or at very
> > least, the source address spoofing provisions thereof)?
> 
> How would one prove this? (In particular, consider the test "have them
> download the spoofer code from SAIL and run it" - I'm positive there
> will be sites that will put in a /32 block for the test machine so it
> "fails" to spoof but leave it open for the rest of the net).

An excellent question.  I suspect the largest collection of problem
networks are cable/DSL eyeball networks; certainly a cabal of network
ops types could be formed, anonymously to the carriers, who could run
test software from home...

I'm sure there are a bunch of ways that could reasonably give you a heads
up that it's time to investigate.  Due process is certainly called for,
but clearly, lesser threats (if any have been made) aren't solving the
problem.

Are you conceding that BCP38 *will* solve the problem?  Cause that's 
Question One.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274

• Previous message (by thread): BCP38 - Internet Death Penalty
• Next message (by thread): BCP38 - Internet Death Penalty
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]