Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

deprecating BCP38 and similar

  • From: Edward B. Dreger
  • Date: Mon Oct 11 10:20:53 2004

I think I'll change my position on BCP38.  It's pointless to try
blocking spoofed source addresses because:

* It doesn't solve every single problem
* It means more effort for service providers
* It requires more CPU processing power
* Using it will generate smarter "black hats".

I also think everyone should drop all forms of IP ACLs and
password checking.  Neither of those have solved every Internet
problem, they require more effort and CPU, and smarter crackers
have surfaced as a result of their deployment.  These measures
are ineffective, and it is silly to waste time with them.

Anyone from Microsoft listening?  I suggest you terminate your
Trustworthy Computing Initiative.  Not every problem is caused by
a buffer overrun or race condition, and you're wasting billions
of dollars.  I suggest you post regularly to NANOG, helping
educate the masses that anything less than a silver bullet is

Eddy, who hopes everyone recognizes hyperbole and sarcasm
Everquick Internet -
A division of Brotsman & Dreger, Inc. -
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
DO NOT send mail to the following addresses: -*- -*-
Sending mail to spambait addresses is a great way to get blocked.

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.