My comment from September 11, 1996 (that's not a typo) http://www.cctec.com/maillists/nanog/historical/9609/msg00302.html But what's interesting is Paul Vixie is speaking about a very narrow requirement, but when it gets translated into government regulation talk, its very different than where we started. http://www.eweek.com/article2/0,3959,651686,00.asp "Meanwhile, U.S. government security officials are discussing the possibility of creating new regulations that would require federal agencies to buy Internet service only from ISPs that have DDoS protection on their networks, according to people familiar with the situation. Such a decision could place economic pressure on the other ISPs to follow suit, thereby improving Internet security."