> On Oct 21, 2015, at 4:50 PM, Peter Hessler <[email protected]> wrote: > > On 2015 Oct 21 (Wed) at 22:32:01 +0200 (+0200), Rob Janssen wrote: > :Majdi S. Abbas wrote: > :>On Wed, Oct 21, 2015 at 09:25:25PM +0200, Rob Janssen wrote: > :>>Also, providers should implement BCP38. The internet community > :>>should prepare a plan to turn it into an enforced standard. > :> Should, sure, but aren't incented to and nobody's got the > :>power to do that. How do you propose to 'enforce' such a thing? > :> > : > :When a sufficiently large part of the internet decides that enough is enough, > :they can just cut off the part that does not want to cooperate. Similar > action > :has been performed to cut off relaying mail servers and other spam senders. > > BTW, if any of you are going to RIPE71, there is a BoF planned for > exactly this problem, and likely to discuss pushing BCP38 on those that > can make a difference.
There’s a number of reasons that BCP-38 doesn’t work well unless done at the absolute network edge. I’ve tried for over a decade and ultimately have been forced to give up because the double lookups required are too much performance hit and ultimately provide more risk than the small percentage of spoofed traffic that might be blocked. I won’t be at the next RIPE meeting but happy to talk to people at IETF or privately. - Jared _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
