-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Jan 24, 2009 at 6:05 PM, Mark Andrews <Mark_Andrews@isc.org> wrote:
BCP 38 isn't a license, it's a technique.
There are plenty of cases in common law where as a owner of something and you havn't taken reasonable steps to protect or prevent injury that, were well known, you will be proved to be negligent.
BCP 38 is falling into that sort of category.
Every operator here should be worried about what will happen when someone decides to sue them to recover damaged caused by spoofed traffic. It's just a matter of time before this happens. Remember every router inspects packets to the level required to implement BCP 38. This is not deep packet inspection. This is address inspection which every router performs.
Did you know about "BCP 38"? What steps did you take to implement "BCP 38"?
I suspect that a lawyer will be able to demonstrate to a judge that even as a common carrier that a operator should have been deploying BCP 38.
I think each point above is true -- BCP38 is indeed a technique, but failure to universally implement it defaults to (almost) a tragedy of the commons. After ~10 years, it is surreal to me that we, as a community, are still grappling with issues where it could be beneficial for the Internet community at-large. I mean, it _is_ a BCP. - - ferg p.s. Even when Dan Senie and I drafted RFC2827/BCP38, we were doing nothing more than documenting what everyone (well, maybe not everyone) already knew anyway -- that we all need to bite the bullet and just do it. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFJe8qeq1pz9mNUZTMRAmXvAJ4h2V/p6Ak+woMbT9BTCOYrEKMlXACdFaFe icfmMA4432St/zl5j3yfQiA= =iWAr -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/