In message <20140205002905.57856.qmail@joyce.lan>, "John Levine" writes:
Why does it have to be hard? Restricting the filter to addresses which (A) the customer asserts are theirs
How does the customer do that in a way that scales?
You implement SIDR to the extent where you issue your multi homed customers CERTs for the address space you allocated to them. The customer can then just send signed requests to a automated service at the other ISPs along with the CERT which then builds the filters based on that information after verifying the CERTs authenticity. Now all of the above is completely automatable including the CERT generation. Yes, it requires someone to write a implementation and integrate it with the existing systems.
I don't think any of this is rocket science, but it apparently is a real block to BCP38/84 implementatin.
No, this isn't rocket science. It just requires a little co-ordination.
R's, John -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org