[168242] in North American Network Operators' Group
Re: OpenNTPProject.org
daemon@ATHENA.MIT.EDU (Pierre Lamy)
Thu Jan 16 09:16:04 2014
Date: Thu, 16 Jan 2014 09:15:39 -0500
From: Pierre Lamy <pierre@userid.org>
To: fergdawgster@mykolab.com, Saku Ytti <saku@ytti.fi>
In-Reply-To: <52D5597A.1090601@mykolab.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
BCP38 will only ever get implemented if governments and ruling 'net
bodies force deployment. There's otherwise very little benefit seen by
the access network providers, since the targets are other orgs and the
attacks are happening in a different backyard.
On 14/01/2014 10:36 AM, Paul Ferguson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 1/13/2014 11:18 PM, Saku Ytti wrote:
>
>> On (2014-01-13 21:33 +0000), Bjoern A. Zeeb wrote:
>>
>>>> BCP38! I am always surprised when people need crypto if they
>>>> fail the simple things.
>> Saying that BCP38 is solution to the reflection attacks is not
>> unlike 5 year old wishing nothing but world peace for christmas,
>> endearing, but it's not going to change anything. BCP38 is
>> completely unrealistic, many access networks are on autopilot,
>> many don't have HW support for BCP38, one port configured has
>> low-benefit, only that machine can stop attacking (but whole
>> world).
> That does *not* make it an unworthy goal, nor should it stop people
> from encouraging it's implementation.
>
> - - ferg (co-author of BCP38)
>
>
> - --
> Paul Ferguson
> PGP Public Key ID: 0x54DC85B2
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iF4EAREIAAYFAlLVWXoACgkQKJasdVTchbIrtAD/T2bNNAgZOnnlniBPd6sEquxJ
> v01mmrhJxFTIDFq7EIkA/3vQbiwtEwBeVyCtc3coEkz50zSDh3j9QQjT+TQWCNVs
> =Al3Y
> -----END PGP SIGNATURE-----
