North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: If you have nothing to hide

  • From: Sean Donelan
  • Date: Sun Aug 04 06:34:25 2002

I encourage network operators (or IX operators, DNS operators, etc) to let
the government know what you think.  Mr. Clarke's crew is writing the
plan, and taking input from many sources.  If you think RPF (or some other
source address validation) is a solution let them know.  If you think
S-BGP is a solution, let them know.  If you think network operator managed
firewalls on every DSL/Cable modem is a solution, let them know. On the
other hand, if to think some of those things are not a solution (or a
really bad idea), tell them that.

I have my opinion, and I've told the government what I think.  But I'm
certainly not smart enough to get everything right (or even most things
right).  Its not a matter of cutting Mr. Clark some slack, but getting
good information from (many?) network operators.

On 4 Aug 2002, Paul Vixie wrote:
> Don't dismiss this concern.  We know why multipath (core) RPF is hard and
> why most BGP speakers don't do it yet.  But unipath (edge) RPF has been easy
> for five years and possible for ten, and yet it is in use almost nowhere.
>
> The blame for that lays squarely, 100%, no excuses, with the edge ISP's.
> Whether Microsoft or the rest of the people CERT has named over the years
> with various buffer overflows are also to blame for making hosts vulnerable
> is debatable.  But whether edge ISP's are grossly negligent for not doing
> edge RPF since at least 1996 is not debatable.  Cut Mr. Clark *that* slack,
> even if you must (righteously, I might add) blast him on other issues.