If folks think it might be helpful I can get an instance of "allourideas <https://allourideas.org/planyc_example?guides=true>" running. We can deploy one for either (1) gathering ideas on what to work on or (2) aggregating best practices. The apps are helpful in (1) gathering ideas and (2) providing a way of getting prioritized rankings of norms/practices.
On Fri, Aug 2, 2024 at 12:15 PM Compton, Rich via NANOG <nanog@nanog.org> wrote: > Hi, I would like to volunteer to help with bullet two: “DDoS mitigation. > BCP38, communities for RTBH, packet scrubbing, etc. What can we do > collectively?”. > > > > -Rich > > > > > > *From: *NANOG <nanog-bounces+rich_compton=comcast....@nanog.org> on > behalf of Howard, Lee via NANOG <nanog@nanog.org> > *Date: *Friday, August 2, 2024 at 12:05 PM > *To: *NANOG list <nanog@nanog.org> > *Subject: *Norms and Standards > > Last October at NANOG89 in San Diego, John Curran exhorted us to work > together > <https://urldefense.com/v3/__https:/youtu.be/U1Ip39Qv-Zk?feature=shared__;!!CQl3mcHX2A!CvvxNrHPzj7sjlrV8-3YxEA2AbO8sy-5tG4p2CFqz-PvU2jJTkdbz4Ag3lNojuxp5O9PagUfwH2LFVMcXQ$> > to document best practices before governments developed their own. > > > > John pointed out that in many industries, technical requirements and > standards inform public policy goals, and vice versa. Then, when regulation > is enacted, it refers to the standards developed by those technical > experts. For example, the policy goal of protecting people from house fires > is promoted through building codes (laws) which reference fire and > electrical codes developed by standards bodies. > > > > Governments are instituted by people to provide national defense, perform > public services, protect children and vulnerable people, safeguard privacy > and freedom, and prosecute those who transgress the above[1]. However, > governments don’t operate the Internet, so when there are threats to or > violations of the governmental role, they look to us. As John notes, they > are increasingly looking at their roles with respect to the Internet. > > > > If we don’t work together to provide tools to enable governments to > fulfill their legitimate role, they will do what they think is best. > > > > If we have agreed on some norms and standards, then they can point to > those and say, “This looks like best practice.” In many cases, that gives > us a *safe harbor* against additional action from governments—if I can > show I’m following accepted best practices, I’m less of a target than my > non-compliant competitors. > > > > What should we work on together? > > - We already have MANRS, KINDNS, some anti-spam (no open relays, block > port 25, etc.). > - DDoS mitigation. BCP38, communities for RTBH, packet scrubbing, etc. > What can we do collectively? > - Infrastructure protection. Best practices for protecting your > devices and services. > - Critical infrastructure protection. Do we have a role in protecting > power plants, hospitals, etc., more than others? > - Net neutrality. Is there more than just “don’t inspect above L3”? Do > CDNs or caches privilege some content unfairly? > - IPv6? The government angle is mostly anti-CGN, but this is a greater > problem outside this region. > - Other ideas? > > > > If a group of people can pick one topic and start documenting best > practices, we may be able to do something good. I’m not worried about > process yet: content first. > > > > Is there a topic above, or another one, on which folks would like to > collaborate to describe best practices? > > > > Lee > > > > [1] Even if you disagree that there is a legitimate role for governments, > they think they have these roles, and they have the power to compel. > > >
