ietf
[Top] [All Lists]

Re: Sufficient email authentication requirements for IPv6

2013-03-29 06:37:55
On Fri, 29 Mar 2013, John Curran wrote:

This approach works fine if one presumes that the problem is always just the customer (i.e. their ISP is actively interested in helping solve the problem.) For ISPs who are not as interested (or may have an actual motivation to hinder resolution of the problem), this will not work.

Well, I would also like to see reputation done on per-ISP level. If an ISP doesn't care, then the reputation of all the customers behind that ISP is lower.

While the above situation has also been somewhat true with IPv4, it is definitely the case with IPv6, since the typical address space allocation sizes provide ample space for whitewashing customers into new prefixes. As a result, it is questionable whether any IPv6 address-based reputation system can be successful (at least those based on voluntary principles.)

This is absolutely a problem. I encourage all ISPs to give customers the same addresses all the time, and publish if they provide dynamic. This is one more factor which should be included in the publication (static/dynamic allocation of addresses). So basically dynamic ones should be treated like "dialup space" today, static ones can actually be trusted if the ISP is reliable. If static and reliable ISP = reputation of one customer of allocation size can be blacklisted without affecting other customers.

ISPs that do this reliably should have high reputation, and the ones who don't, should get low reputation. Low reputation ISPs I guess none of this data should be trusted.

--
Mikael Abrahamsson    email: swmike(_at_)swm(_dot_)pp(_dot_)se