[For brevity, this is intended as a message in support of Joe's position. I think my original got eaten in the earlier mail server event announced on ietf@, so apologies for any duplicates.]
On Tue, Sep 02, 2008 at 03:46:48PM -0400, Joe Abley wrote: > My point is that there are a large number of distributed denial of > service attacks happening every day, on a scale large enough to > involve multiple providers and cross-organisational teams for > mitigation. For informational purposes, I'd like to point out that yesterday on the NANOG mailing list, it was asserted that DNS Amplification attacks are being observed by one security worker (Gadi Evron) on a seemingly daily basis, frustrated by the lack of adoption of BCP 38 (which is proposed as the root cause). [1] Let me say that it is entirely right to suggest that in this case, if you are engaged in a dialogue of logical deduction, then in the face of the claim that something does not exist, the responsibility of argument is to prove that thing does exist, on the basis that one cannot reasonably prove non-existence of any physical object (or event) with Aristotelian tenacity. Which is problematic because such a proof (with Aristotelian tenacity) in this case would require publishing of normally witheld and guarded data in provably unaltered forms. This may not even be possible. This would appear then to be an impasse if the IETF required such tenacity. Fortunately, the IETF works on a basis of consensus among practicioners, not on a basis of Aristotelian deductive proofs of draft contents and volunteers' opinions. I'm content to agree with the other WG participants that DNS Amplification attacks do persist in the modern day, and that it is useful to write and publish a document that seeks mitigation. I hope that the WG's consensus will be so measured by the chairs. [1] - http://www.merit.edu/mail.archives/nanog/msg11131.html -- Ash bugud-gul durbatuluk agh burzum-ishi krimpatul. Why settle for the lesser evil? https://secure.isc.org/store/t-shirt/ -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
pgpSNWpTlJTMr.pgp
Description: PGP signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
