[Re: Abstract of proposed Internet Draft for Best Current Practice (please comment)]

Thank you Josh, please see inline comments which let me clarify points

is there a forthcoming section on criterium for demonstrating reformation
by the sp and/or 'offending' user?

The criterion is stated: no more complaints

the proposal does not take in to account the global differences in sp
business models or ideals. are the same standards to be applied to
developing countries, or will they have a less rigorous set of criteria,
a la current environment policies?

The Internet is worldwide so the same behavioral standard should apply,
just as do the same technical standards. An RFC-compliant SMTP
message is the same at every point on the compass

if there were 1000 compromised nodes that took place in a ddos, would you
accept the larger dos caused by blacklisting those networks/hosts?

The only get blacklisted until they fix their spew. Could take a
couple of hours. First step is RTFM which most don't.


long would the sp's be expected to shoulder the 'collateral damage'
caused by the blacklisting (see first question)?

They'd be expected to be blacklisted until they ceased being a
danger to the internet, just as dangerous planes aren't allowed to
take off until they pass the inspection checklist, and bad risks
can't borrow money until they develop sound financial behavior.
Same principle.

suppose that the next

day, 500 nodes took place in another ddos, the policy imposed dos becomes
even larger. a skillful hacker could potentially cause a larger, and
longer lasting dos.

Sounds like a good reason to get going on the problem.

legislating morality does not work (think of the 'drug war' in america).
you cannot correct social ills with a purely technical solution.

Well I don't understand the relevance of the above comment. I propose
no legislation and indeed specifically state that legislation is
useless and unnecessary.

I also say this is not a technical solution. All technical solutions
will fail, always, because the spammers are as smart as the anti-
spammers but more motivated. This is a behavioral solution. It is
the only one that will work. Everything else will fail.

Jeffrey Race