> > > 1. Require all providers install and manage firewalls on all subscriber > > > connections enforcing source address validation. > > > > i can see how the end to end principle applies in cases 2 and 3, but not 1. > > I didn't make any of these up. They've all been proposed by serious, > well-meaning people.
i recommend caution with your choice of words. apparently not everyone treats "well meaning" as the compliement that it is. > If you have 2 and 3, why do you need to waste global addresses on 1. i don't believe that 2 or 3 will ever happen, for simple market reasons -- it is harder to make money if you do 2 or 3. however, 1 only costs a small bit of ops expense, and has no market impact at all, so it's practical in simple economic terms. > Its a mis-understanding of what source address validation is. Some folks > think it should work like ANI, where the telephone company writes the > "correct" number on the call at the switch. ouch. i guess you're right. perhaps a copy of BCP38 should come with every router sold?