On Tue, 19 Sep 2006, James Kempf wrote:
If the primary issue is how to get operators to universally deploy source
filters, which isn't a technical issue, then is there really anything
that IETF can do?
Well, we could try to figure out whether there are {better, more reliable}
solutions for deploying source filtering between ISPs. I'm not sure if we
could be successful in that, but that might create an incentive if a
network could get effectively filtered by its peers and upstreams even if
it didn't filter itself.
--
Here's an idea (which, BTW, I'm not adovocating). ISPs agree that if they
detect spoofed packets from someone they cut off forwarding to/from that AS
until the problem is fixed. Really simple and modestly straightforward to
deploy, but not a technical solution. It requires the RIRs and operator
associations to issue a policy, and the operators to agree to it. Maybe the
RIRs also have a policy of yanking someone's address space allocation if
there are repeated violations, as an enforement mechanism. Lots of incentive
for operators to deploy. But there's really no role for IETF in this, unless
there is need for some technical solution to propagate information on
malfactors around, or to terminate forwarding.
The problem is, most Internet types don't like this kind of thing. It smacks
of "regulation" (in fact, it is a kind of regulation, self regulation).
Personally, I think the Internet is better off without a lot of regulation.
If and when a significant chunk of national economic activity moves online
such that these kinds of problems end up negatively impacting national GDP,
the problem will fix itself. Governments will step in, maybe the ITU will
get involved to ensure that the bad guys can't escape. I hope I'm not around
when that happens.
jak
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
