[107609] in North American Network Operators' Group
Re: an effect of ignoring BCP38
daemon@ATHENA.MIT.EDU (Paul Vixie)
Mon Sep 8 10:07:37 2008
To: nanog@merit.edu
From: Paul Vixie <vixie@isc.org>
Date: Mon, 08 Sep 2008 14:07:02 +0000
In-Reply-To: <48C4F9AB.60200@psg.com> (Randy Bush's message of "Mon\,
08 Sep 2008 19\:08\:43 +0900")
X-Vix-MailScanner-From: vixie@isc.org
Errors-To: nanog-bounces@nanog.org
bmanning@vacation.karoshi.com wrote:
> yes, but would it work if we all did BCP38 filtering?
randy@psg.com (Randy Bush) writes:
> i think kc said it all well enough
i'd be satisfied if bcp38 were widely enough deployed so that experiments
based on ip spoofing wouldn't be scientifically valid due to sample size
and population size issues.
i know there's no way to force or enforce, nor any way to prove, universal
bcp38 compliance, and so i know that all apps, protocols, firewalls, and
ops staff will have to live with ip spoofing as a real possibility forever.
in spite of that i would like ip spoofing to become an unreliable service.
--
Paul Vixie
