-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Jan 24, 2009 at 6:05 PM, Mark Andrews <mark_andr...@isc.org> wrote:
>> BCP 38 isn't a license, it's a technique. > > There are plenty of cases in common law where as a owner > of something and you havn't taken reasonable steps to protect > or prevent injury that, were well known, you will be proved > to be negligent. > > BCP 38 is falling into that sort of category. > > Every operator here should be worried about what will happen > when someone decides to sue them to recover damaged caused > by spoofed traffic. It's just a matter of time before this > happens. Remember every router inspects packets to the > level required to implement BCP 38. This is not deep packet > inspection. This is address inspection which every router > performs. > > Did you know about "BCP 38"? > What steps did you take to implement "BCP 38"? > > I suspect that a lawyer will be able to demonstrate to a > judge that even as a common carrier that a operator should > have been deploying BCP 38. > I think each point above is true -- BCP38 is indeed a technique, but failure to universally implement it defaults to (almost) a tragedy of the commons. After ~10 years, it is surreal to me that we, as a community, are still grappling with issues where it could be beneficial for the Internet community at-large. I mean, it _is_ a BCP. - - ferg p.s. Even when Dan Senie and I drafted RFC2827/BCP38, we were doing nothing more than documenting what everyone (well, maybe not everyone) already knew anyway -- that we all need to bite the bullet and just do it. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFJe8qeq1pz9mNUZTMRAmXvAJ4h2V/p6Ak+woMbT9BTCOYrEKMlXACdFaFe icfmMA4432St/zl5j3yfQiA= =iWAr -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/