I consider the IETF Best Current Practises label as intended specifically
for guidance in operations matters. Hence the suggestion to consider it.
You may be in the minority in you opinion here.
>One of the Mr. Clarke's complaints in his speech was there is no group
>the government can go to find out what the consensus view of Internet
>operators is. IETF doesn't appear to want to take on that role.
Hmmm. As soon as a policy becomes multi-operator, I'll bet it starts
looking like a technical spec.
To avoid RICO?
Dave Crocker <mailto:dave@tribalwise.com>
--bill
This is becoming ridiculous. Our rights have been eroded enough in the
course of fighting this "war on terrorism" ... Now they're coming after
our packets. While I'm certainly in favor of anything edge providers can
do to eliminate denial of service attacks based on source-routing,
I certainly don't want anything further.
If this trend isn't checked we're going to see efforts made to (as an
example) curb the use of encrption protocols, or whole countries being filtered,
and someone, somewhere that I didn't elect will be deciding what traffic
I can or cannot pass.
Maybe this is an exaggeration of the possibilities, but now that all
the pseudo-security-experts have jumped on the bandwagon, there is an
overwhelming level of hysteria being generated on "cyber attacks" and
bog knows what else with a push to limit what can and cannot be done
with the net.
The IETF/IAB/ISOC and other bodies historically have been all the
leadership the net needs, let's not be so quick to hand over the reigns to
people who don't have the best interest of the internet itself in mind.
Len
I wasn't aware that "we're going to" was a past-tense conjugation.
The IETF/IAB/ISOC and other bodies historically have been all the
leadership the net needs, let's not be so quick to hand over the reigns to
people who don't have the best interest of the internet itself in mind.
The above entities don't really have much to say about "leadership"
except in a very general way. Much like open-source programmers
operate, theres a certain amount of guidance by those who have
the patience, the ego or the visibility to direct a wildly diverse
group of people who want to contribute. These organizations
generally work because they are mostly composed of reasonable people
who want reasonable outcomes. Those who aren't reasonable are hopefully
shouted down.
The U.S. government would prefer to deal with something a little
more concrete than this.
I'm rather frightened that it will create the organization it wants
to deal with and impose it upon us.
"You know, there's quite a difference between source routing and
IP spoofing .."
As true as this statement is, the two walk hand in hand (especially during
certain attacks).
If I send an attack from a spoofed address to a victim, I can turn blue in
the face waiting for a response that will never come.
If I spoof an address and use loose source routing I can force the response
to return right through my network.
Also loose source routing can be used for Man-in-the-middle attacks by using
a loose source route you can force all traffic to pass through the attackers
network.
Strict source routing does not benefit an attacker, but as I said loose
source routing does.