On Fri, 27 Oct 2006, Stephane Bortzmeyer wrote: > I have a reservation which may be addressed in -03 by an editorial > change. The draft repeats many (too many) times that "the only truly > real solution, the wide-scale deployment of ingress filtering". In > computer and network security, sentences such as "the only truly real > solution" are meaningless and should be used only by marketeers. (For > instance, BCP 38 does not prevent attacks when the attacker and the > victim are on the same side of the filters, for instance when they are > customers of the same ISP, and this ISP deploys filtering only at its > borders.)
While I agree that the text need not necessarily be so absolute, I would not consider the ingress filtering proper or wide-scale deployment. Better than nothing, to be sure, but not enough. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
