At the NSP Security BoF at NANOG, there was (literally) *no* support for the IAB statement. I think it was misunderstood, since one clueful person described it as a contradictton to the anti-spoof BCP. I'm not sure what to do about this, but I think that there's a clear failure to communicate. --Steve Bellovin, http://www.research.att.com/~smb