[mat-wg] [Fwd: Community suggestion for ATLAS spoof test]

Alexander,

thank you for writing up this suggestion. Now we have something concrete to talk about.

Myself I am very interested in getting hard data about operators that allow spoofing. I am also very interested to see that network operators make spoofing impossible by applying "BCP-38" as much as possible.  As many of you will remember I was one of the people who took the initiative for the Anti-Spoofing task force effort. I am also always curious and ready to dive into an experiment.

However in this discussion I just *have* to play the devil's advocate and oppose your suggestion. And here is why: We have invested a lot of effort to build RIPE Atlas. Quite some of this effort has gone into convincing probe hosts to install probes and to keep them running. We are planning to convince thousands more to do just that. This requires trust from the hosts that we do no harm to their networks and their Internet connectivity. If we do something that destroys this trust then we will have no RIPE Atlas left. And as you know loosing trust is far easier and far more rapid than gaining trust. For me the question boils down to this: "Can we afford to run the risk of loosing RIPE Atlas for this experiment?" Is the benefit we hope to gain worth loosing the tool that we have built and that will let us discover so many useful things without doing risky things like source address spoofing?

I know that you intend to limit the risk by restricting source addresses and of course by getting consent of the probe hosts. I am just afraid that even asking the question will make some hosts doubt that we will not harm their networks and their connectivity. We have to realise that not all the hosts will share our enthusiasm about new experiments and the more hosts we will need to find, the less of them will be as open minded as we are ourselves.

All I am asking is that we not blindly charge ahead with an experiment that we all find exciting and useful before we have fully considered the risks and we have a clear consensus that the result is worth the risk. For this we need to evaluate the potential result too. For instance it is important to know the distribution of probes that are not NATed. We also have to consider alternative, less risky methods the achieve the result.

Again, thank you for starting the discussion with a concrete suggestion. And please understand that my opposition is not because I think your suggestion is crazy. I think it is exciting and potentially useful. I just want us to consciously consider the risks and agree to accept them before we decide to proceed.

Daniel