Re: BCP38 - Internet Death Penalty

[Darius Jahandarie <djahandarie () gmail com>]

(Mobile device)

On Mar 26, 2013, at 11:06 AM,Valdis.Kletnieks () vt edu wrote:

> On Tue, 26 Mar 2013 10:51:45 -0400, Jay Ashworth said:
>
> > Do we need to define a flag day, say one year hence, and start making the
> > sales pitch to our Corporate Overlords that we need to apply the IDP to
> > edge connections which cannot prove they've implemented BCP38 (or at very
> > least, the source address spoofing provisions thereof)?
>
> How would one prove this?  (In particular, consider the test "have them
> download the spoofer code from SAIL and run it" - I'm positive there will
> be sites that will put in a /32 block for the test machine so it "fails"
> to spoof but leave it open for the rest of the net).

Well, I'm not sure this is what's being suggested by Jay, but many peering agreements/policies have something in them 
that say "prevent spoofing to best effort". Such statements could be strengthened in a global effort, and then spoofed 
source addresses could lead to depeering much faster/harder than what happens today. It would be reactionary rather 
than proactive, but still better than what we have now where spoofing is kind of like "it can't be helped".

-- 
Darius Jahandarie