On Sun, 4 Aug 2002, Dave Crocker wrote:
These are technical operations matters. Seems like there might be some benefit in formulating consensus views within the technical operations community.
Any chance that an IETF BCP would be possible and helpful?
There is a difference between technical/operational matters and policy matters. I respectfully disagree this can be treated as a technical problem. For example, Bellcore wrote the technical standard for Caller-ID, but Caller-ID policy varies widely throughout the telephone system. Ever notice how telemarketers never seem to have valid Caller-ID. That is not a really technical problem. Likewise Internet source address validation has a technical part, and a policy part. For the technical parts the IETF has RFC2827. The policy questions are how should it be enforced, by whom? Since the end of "connected status" there hasn't really been a way to control who can use what addresses to connect to the Internet. One issues is the RFCs aren't written as regulations. It would be a bad idea to attempt to enforce them as written. They are useful as guidance to network operators, but as anyone who has ever tried to write a TCP/IP stack from scratch using nothing but the RFCs (yes, people have tried), it doesn't work.
Diverse input to a government process can be good for learning about choices, but consensus views should be helpful for making them.
What group is the best forum for developing consensus views on Internet operation policy issues? One of the Mr. Clarke's complaints in his speech was there is no group the government can go to find out what the consensus view of Internet operators is. IETF doesn't appear to want to take on that role. NANOG isn't structured to develop policies for ISPs. IOPS, ICANN, ISPSEC, etc have issues. ATIS, ITU, NRIC, NSTAC would love to take on the role. The National Cybersecurity Plan (or whatever the final name ends up) will be announced in September. The next NANOG meeting is October 27-29. The next IETF meeting is November 17-21.