Ok, so we seem to have a general agreement that anti-spoof & BGP prefix filtering on all standard customer edge links is a worthwhile practice.
actually, we don't. what we've achieved is that gray area / middle ground where the people who don't think it's important are mostly afraid to speak out against it. while this is an important milestone, it's not nearly the same as general agreement.
Now what? Is there any hope of this ever happening on a very large scale without somehow being mandated? (Not that it necessarily should be mandated.)
there is no way to mandate it. even if it were somehow a full standard in the ietf, network owners who didn't want to do it wouldn't have to do it.
How much success have Barry Green and co. had? Is there something the rest of us could be doing?
i'm thinking we may need some kind of branding campaign, so that rfp authors can refer to a set of "good practices" like terminating spammers, not writing "pink contracts", not hosting spamvertised web sites, publishing in the radb, filtering customer routes by rir, running full uprf on customer-facing links, and so on down the line. i'm not sure that we (isc) would be the best people to run an isp branding/certification programme, so i'm hoping someone else steps up, like maybe the rirs or isp/c or maps or whatever. but once the sales people inside isp's have to contend with this as a checklist item in incoming rfp's, it'll see fast deployment even in bankrupt high-inertia "backbone" networks like uunet. -- Paul Vixie