Re: [gnso-ff-pdp-may08] Definition V4.2: concern about "consumer-grade"

[Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>]

Mike,

I'm happy to continue separately, and I don't think a less responsible 
engagement to the purposes of the PDP will result from two efforts.
Eric

Mike O'Connor wrote:
> ahem.
>
> a fella finishes up a phone call, breaks for lunch, is just drifting 
> off for the Afternoon Nap when a fistfight breaks out on the list.
> Eric, a gentle reminder -- let's keep the discussion civil here.  this 
> last post was a little outside the limit.
> how's a geezer to get his rest, otherwise?  :-)
>
> m
>
> At 11:49 AM 8/1/2008, Eric Brunner-Williams wrote:
>
> > is this for my benefit joe, or are you just spouting off?
> >
> > if it is for my benefit, then you have to be addressing the 
> > assertion, mine, that autonomous system is less determinitive of risk 
> > than whether the network attached device is a microsoft operating 
> > system product, and therefore a poor substitute, if the root cause is 
> > not to be ignored.
> > reputation has been discussed more than once on nanog, which i know 
> > even if you don't.
> > hold the "regards", i prefer real ones over what's available.
> >
> >
> > Joe St Sauver wrote:
> > > Eric mentioned:
> > >
> > > #Further, using AS as determinative is vastly less accurate to the 
> > > root #problem than using if-MS-then-NO as a gating mechanism, 
> > > regardless of #how much corporate chrome there is on the AS and its 
> > > commercial #operations. Since I don't think people want to go down 
> > > the #if-MS-then-obvious-conclusion path, the AS-is-guilty false 
> > > equivalent #should be dismissed.
> > > In general, ASNs do accumulate reputation, just as domains accumulate
> > > reputation, and just as netblocks accumulate reputation. One 
> > > particularly
> > > notorious example of this from recent years would probably be the "RBN"
> > > case, although there are others.
> > > The real value of ASN-based reputation accumulation, however, is that:
> > >
> > > -- there are relatively few ASNs (at least until 4 byte ASNs get
> > >    widely deployed)
> > >
> > > -- it is possible to mechanically and scalably map IP's to ASNs
> > >
> > > -- if you route a network block, you also have the option of not 
> > > routing
> > >    all or part of that block (e.g., there is a connection between 
> > > an    ASN associated with an activity, and the ability to control that
> > >    activity)
> > >
> > > Most ASNs live somewhere on the vast continuum rightward of clean-as-
> > > the-driven-snow and leftward of dirty-as-a-deep-rock-coal-miner-at-
> > > end-of-shift, although there are some AS's that truly do anchor the
> > > extremities of that scale. (Arguably, a trivial example of a "100% 
> > > guilty ASN" is one that has been hijacked, for example.)
> > > Regards,
> > >
> > > Joe
> > No virus found in this incoming message.
> > Checked by AVG - http://www.avg.com Version: 8.0.138 / Virus 
> > Database: 270.5.10/1584 - Release Date: 7/31/2008 12:00 PM