Re: peering requirements (Re: DDOS anecdotes)

[Randy Bush <randy () psg com>]

> > maybe if we come up with a clear statement of the technical issue at hand,
> > those technical folk who manage to get along with their business folk can
> > make some forward progress.  it maybe be a bit premature to throw the baby
> > out with the bath-water.
>
> ok, let's try it your way.  anyone who wants to seriously discuss upgrading
> the general minimum peering agreement in use by their network so that it can
> include requirements about (a) not allowing spoofed source addresses to come
> from their network and (b) only peering, after date $TBD, with those networks
> who do likewise, should send me their PGP key.  if i know you or if someone
> i know knows you, i'll add you to a private mailing list (@vix.com, not at my
> day job @paix.net).  if you know that the right person to discuss this isn't
> a NANOG reader, then please forward my note internally and be prepared to (1)
> teach somebody pgp and (2) sign their key.
>
> (randy, i'm betting that the number of respondants will be a single digit.)

odd that your response to a request for a technical problem statement is a
request to form a private clique and a pre-made value judgement on the
meaning that nobody excspt clique groupies will want to join.  imiho, very
few social problems have technical solutions, and vice versa.

do i correctly glean that you are want peering agreements to require that
peers not allow packets with spoofed source addresses?  this would not seem
too socially unreasonable as long as we know that it is not technically
unreasonable.  to test the latter, could we please enumerate
  o the technical means for a peer to achieve this, e.g. i suspect that
    2827 is one piece
  o how thoroughly we think they could achieve this
  o how we can test that it has been achieved

randy