On May 9, 2018, at 11:38 AM, Dave O'Reilly <[email protected]> wrote: > Indeed, I would go further and assert that the IETF is on a developmental > trajectory that actively seeks to eliminate evidence (and attribution of > online activity in particular). I cite, for example, the work that has been > done in the area of privacy addresses for IPv6 SLAAC.
There's something that frustrates me about this discussion, which is not entirely on-topic for intarea, but which I'm going to mention anyway because the discussion has been happening here. The reality is that what you are saying is sort of true, but also that a lot of internet crime exists because there are no consequences for network mismanagement. If I set up an ISP that doesn't follow BCP 38, I will experience no consequences. I will still be able to peer. There will not even be BCP 38 filtering at the peering point. There certainly need not be BCP 38 filtering internally. Nobody is going to ding me for not implementing SAVI. Why is this? Because internet regulators aren't interested in making the system work better. They have a problem, and they want a narrow solution to that specific problem. Rather than doing something about the systemic problems of the Internet, they want a point solution that makes things worse generally, but addresses their specific need. So yes, I understand where you are coming from here, but in fact the IETF has done a pretty good job of giving network management and operations advice, which is generally not followed. And governments that could be setting standards like "if you don't do BCP 38, you will not be permitted to continue operating" do not. And people lose really large amounts of money to DDoS attacks because of this. So when you hear people like me pushing back on standardizing port logging, part of what's going on is that we are genuinely disgusted with being asked to rubber-stamp point solutions when the same organizations that are asking for these point solutions have no interest in actually supporting systemic solutions to real problems. TBH I'm not really comfortable with governments mandating BCP 38 support. But the fact that they don't even know about BCP 38 and never talk about it is a problem. Instead we see loud engagement demanding things that aren't nearly as obviously beneficial, and that have clear downsides.
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
