We are fast approaching a state where the *majority* of Internet traffic is either the result of misconfiguration (see the CAIDA report where it has reached 98% for at least one root nameserver), or malicious action (spam, Smurf attacks, Klez/Sircam/etc, and so on). For a number of reasons (most notably cluelessness at the edge host, so it won't get fixed there, and the fact that all this traffic is billable if you're a transit provider, so there's little economic incentive to fix it, particularly in the wake of the dot-bomb bubble), there is little hope that this situation will miraculously correct itself. Should the IESG require that standards track protocols be analyzed for their resilience in situations where the majority of requests are either malicious or broken? RFC3426, sections 9 and 10, already discusses this, but it is merely "Informational". -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
pgp00160.pgp
Description: PGP signature