[dns-operations] Storm on the DNS
ggm at apnic.net
Mon Dec 21 01:56:53 UTC 2015
One way to motivate people is to make them pay the consequences of their
damage. So if we had processes to sheet home the cost of mitigation, it
would very quickly pay (sorry) to not be one.
Another way to motivate people is to incent them.
Both of these things lie in the hands of regulators. Because as an industry
we've trashed the concept of public utility regulation and claim industry
self regulation as the norm, we now have a huge walk back to some sense of
public interest in the process. The industry as a whole has no motivation
to self-regulate here, demonstrated at this time.
If the regulators required that BCP38 was enacted to maintain (for example)
common carrier legal defence status, I suspect people would do it in
economies where they have it. Or, if access to bilats offshore demanded it,
or a number of other places of potential pressure. Thats exactly how it
works for other public utilities like gas and electricity. Much though I'd
like to, I cannot just wire a pipe from my dogs bottom up to the town gas
supply, there has to be a bit of paperwork first (I don't keep a dog btw.
this is a hypothetical internet dog, as full of gas as I am)
Certainly, in the electricity supply business, not providing mandated
voltage or current, or having unsafe wiring, winds up with unavoidable
costs, and consequences. Maybe we need to think about that?
(for those of you not foaming at the mouth because I invoked the R- word,
regulators do incent and obligate. They get their government to give tax
offsets, subsidies, grants, and level playing fields)
But no. We pretend as technologists we know better, and can do better than
anything else. Which we can't, but nobody ever let that get in the way of
continuing to run the net just as we did, back when it was ARPAnet.
On 21 December 2015 at 11:25, Joe Abley <jabley at hopcount.ca> wrote:
> Hi there,
> On Dec 20, 2015, at 20:10, Yonghua Peng <pyh at cloud-china.org> wrote:
> > BCP 38 is nice, but it's a passive way of defense against DDoS.
> I presume what you mean is that it's an absolute defence against
> attacks that rely upon being able to spoof source addresses.
> The trouble with BCP 38 is not its utility, but the fact that to date
> nobody has found a reliable way to motivate everybody to deploy it,
> for operationally-sufficient values of "everybody".
> > There is a Chinese old saying, 靠人不如靠己.
> You can lead a horse to water, but maybe it didn't come from where you
> thought it did and quite possibly it's not even a horse.
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> dns-jobs mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations