We are fast approaching a state where the *majority* of Internet traffic is either the result of misconfiguration (see the CAIDA report where it has reached 98% for at least one root nameserver), or malicious action (spam, Smurf attacks, Klez/Sircam/etc, and so on). For a number of reasons (most notably cluelessness at the edge host, so it won't get fixed there, and the fact that all this traffic is billable if you're a transit provider, so there's little economic incentive to fix it, particularly in the wake of the dot-bomb bubble), there is little hope that this situation will miraculously correct itself.
Should the IESG require that standards track protocols be analyzed for
their resilience in situations where the majority of requests are either
malicious or broken? RFC3426, sections 9 and 10, already discusses this, but
it is merely "Informational".
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
msg09612/pgp00000.pgp
Description: PGP signature
