----- Original Message -----
From: "Valdis Kletnieks" <Valdis.Kletnieks@vt.edu>
On Tue, 26 Mar 2013 10:51:45 -0400, Jay Ashworth said:
Do we need to define a flag day, say one year hence, and start making the sales pitch to our Corporate Overlords that we need to apply the IDP to edge connections which cannot prove they've implemented BCP38 (or at very least, the source address spoofing provisions thereof)?
How would one prove this? (In particular, consider the test "have them download the spoofer code from SAIL and run it" - I'm positive there will be sites that will put in a /32 block for the test machine so it "fails" to spoof but leave it open for the rest of the net).
An excellent question. I suspect the largest collection of problem networks are cable/DSL eyeball networks; certainly a cabal of network ops types could be formed, anonymously to the carriers, who could run test software from home... I'm sure there are a bunch of ways that could reasonably give you a heads up that it's time to investigate. Due process is certainly called for, but clearly, lesser threats (if any have been made) aren't solving the problem. Are you conceding that BCP38 *will* solve the problem? Cause that's Question One. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274