[nsp-sec] DDOS-RS future development

[Alfredo Sola]

	Hi,

> While we're all for updating the DDoS-RS in both content and syntax, we
> want to ensure that A) this is needed, and B) other methods of
> disseminating this insight aren't more practical and scalable.

	Please excuse my delay in answering, I'm working on a diapers Ph.D now :)

	Speaking as a designer and operator of relatively small networks, I'm 
in for a one-stop solution that does not require much manpower to get 
things done. A canned solution if you will. If someone I trust, i.e. 
Team Cymru, says "put this in your border routers to avoid as much 
badness as possible" and that comes complete with an explanation of what 
is inside and sample configurations, I need nothing else to go ahead.

	On the other hand, I understand that folks in larger organizations and 
managing larger chunks of the net (I have some experience with this, 
too) will need a much more careful analysis before going ahead with 
anything.

	So my suggestion would be, keep a separate feed via BGP that allows 
operators with trust but no time or inclination for further analysis to 
use the feed to maximum effect. Make that perhaps a separate one and you 
may call them the Classic and the Smasher BGP feeds :)

-- 
Alfredo Sola
ASP5-RIPE
http://alfredo.sola.es/