BCP38 - Internet Death Penalty

• Previous message (by thread): BCP38 - Internet Death Penalty
• Next message (by thread): BCP38 - Internet Death Penalty
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

(Mobile device)

On Mar 26, 2013, at 11:06 AM,Valdis.Kletnieks at vt.edu wrote:

> On Tue, 26 Mar 2013 10:51:45 -0400, Jay Ashworth said:
> 
>> Do we need to define a flag day, say one year hence, and start making the
>> sales pitch to our Corporate Overlords that we need to apply the IDP to
>> edge connections which cannot prove they've implemented BCP38 (or at very
>> least, the source address spoofing provisions thereof)?
> 
> How would one prove this?  (In particular, consider the test "have them
> download the spoofer code from SAIL and run it" - I'm positive there will
> be sites that will put in a /32 block for the test machine so it "fails"
> to spoof but leave it open for the rest of the net).

Well, I'm not sure this is what's being suggested by Jay, but many peering agreements/policies have something in them that say "prevent spoofing to best effort". Such statements could be strengthened in a global effort, and then spoofed source addresses could lead to depeering much faster/harder than what happens today. It would be reactionary rather than proactive, but still better than what we have now where spoofing is kind of like "it can't be helped".

-- 
Darius Jahandarie

• Previous message (by thread): BCP38 - Internet Death Penalty
• Next message (by thread): BCP38 - Internet Death Penalty
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]