We are fast approaching a state where the *majority* of Internet traffic is
either the result of misconfiguration (see the CAIDA report where it has
reached 98% for at least one root nameserver), or malicious action (spam, Smurf
attacks, Klez/Sircam/etc, and so on). For a number of reasons (most notably
cluelessness at the edge host, so it won't get fixed there, and the fact that
all this traffic is billable if you're a transit provider, so there's little
economic incentive to fix it, particularly in the wake of the dot-bomb bubble),
there is little hope that this situation will miraculously correct itself.
Should the IESG require that standards track protocols be analyzed for
their resilience in situations where the majority of requests are either
malicious or broken? RFC3426, sections 9 and 10, already discusses this, but
it is merely "Informational".
Computer Systems Senior Engineer
Description: PGP signature