network reputation [was: IP is...]

Hash: SHA1

Security is a strong supporter of privacy as much as it is misused

as an excuse for infringing upon it.

Very well stated. I agree completely.

Considering possibilities, other than avoiding spoofing, what would

network reputation which is reliable help us do operationally?

Having now worked on both IP source-spoofing issues [0] (e.g RFC2827)
and more recently dealing IP (and domain) reputation issues (Trend
Micro acquired the original MAPS spam RBL reputation service [1]), I
think I have a couple of thoughts on this that have relevance.

The one thing that merits attention with the MAPS/Trend RBL+ is
that we allow ISPs to literally "whitelist" dynamic address space,
which most people know as the DUL list [2].

The only real "ownership" issues that we pay attention to [3] are
the owners of the IP address space which source (via AS) the prefix,
and still allow ISPs to work within that framework (via the DUL, and
legitimate dynamic allocations).

Having said all that, it is my personal opinion that there is merit
in the notion that IP address can, and do, provide personally
identifiable information -- but the I suppose the jury is really
"out" on that, per se, in the United States.

And whether or not that is "bad" is reflects a larger, more political
question that we probably can't resolve on the mailing list.


- - ferg