Certain "Backbone Networks" _are_ the edge (dialup, single-homed customers,
web-hosting) and yet still don't do anything. loose RPF is available on
all but the most crippled gear from the major vendors, which I wouldn't want
to go advertising that I had nothing but crippled equipment.
Certain "Backbone Networks" require their customers to provide them
lists of networks, which could certainly be used with a contact leadtime
and customer notice for filling in Strict+Acl.
Also, you mentioned RFC1918 as it related to loose RPF. Vendor J does linerate
acls. Vendor C (with the compiled acls option) does as close to linerate
as that gear is ever likely to do.
The "my gear can't do these things" excuse is getting quite threadbare
at this point. It comes down to not wanting to do these things, and not
wanting to do these things just isn't acceptable.
As Paul stated, there are requirements one can make of peers and customers.
There are requirements one can make of vendors.
As some Shoe company has said, "Get out there and _do_ something"
There are requirements one can make of vendors.
These have been made, several times 
In fact there is an IETF working
group pushing these requirments now, Mr. Bush could provide the details
that have slipped my addled brain.
As some Shoe company has said, "Get out there and _do_ something"
This is also the case, things are being done for most networks...
There are requirements one can make of vendors.
These have been made, several times In fact there is an IETF working
group pushing these requirments now, Mr. Bush could provide the details
that have slipped my addled brain.
it is not a wg. but there is a draft being actively worked, see
draft-jones-opsec-00.txt.
As some Shoe company has said, "Get out there and _do_ something"
This is also the case, things are being done for most networks...
and for those who are not, darwin is a worthy read
randy
Randy Bush wrote:
>> There are requirements one can make of vendors.
> These have been made, several times In fact there is an IETF working
> group pushing these requirments now, Mr. Bush could provide the details
> that have slipped my addled brain.
it is not a wg. but there is a draft being actively worked, see
draft-jones-opsec-00.txt.
Closing in on -01 draft....target was this week, but sleep and
USENIX securtity (often incompatable) have conspired to
slow it down.
If you're interested, pull the current draft and subscribe
to the mailing list
echo "subscribe opsec" | mail majordomo@ops.ietf.org
I'm currently integrating IETF BOF and mailing list feedback,
but once once -01 is out, I would like feedback from nanog
(don't spend *too* many cycles on -00 major changes/additions/
section renumbering in -01 "soon")
Thanks,
---George Jones