One area of focus for SAVA is to actually create stronger incentives to operators to apply source filters.
I think this is the key issue. Until there are stronger incentives to put source filters in place (or, shall we say, stronger disincentives to not put them in place), there will always be some percentage of operators who just don't do it. The incentives have to be really strong, though, if you want to get 100% coverage.
A second focus is to come up with a system which works if coverage does not approach 100%. BCP38 does not work because if 25% of the network is not covered, then the blackhats can just choose where to launch the attack from.
IMO, address spoofing is not really a technical problem, it is a social/political/legal/regulatory one, given there is a known solution. It's possible that there might be a technical solution that doesn't require 100% coverage, but it is likely to be much more complicated, making it even less likely to get deployed.
If the primary issue is how to get operators to universally deploy source filters, which isn't a technical issue, then is there really anything that IETF can do?
jak
_______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
