First: Vixie is in the middle of this amplification stuff because he's one of the Internet's foremost lobbyists for the most convenient amplifier of all (DNS->DNSSEC). So maybe he's just, like: "I'm tired of responding to people's claims that DNSSEC is going to make DDoS earlier and instead would prefer to rewrite the terms of the debate so that the presumption is everyone was supposed to have this rate-limiting band-aid all along".
Second: Don't overthink it. He's got a slot in ACM Queue, so maybe he just wanted to fill some column inches. "Free associate: what am I thinking about right now."
Third: This is all pretty silly. Even if you got global deployment of address verification AND every stateless protocol was rate-limited, it would still be trivial for attackers to launch vicious, debilitating DDoS attacks.
1) It's extremely difficult to reason about (DNS -> DNSSEC) in terms of a DDoS considering how many security protocols assume NTP exists.
2) I'm not, but this was posted 18 months ago, so I'm just thinking about the "global discussion" in general.
3) The fundamental argument Vixie is making is about tradeoffs. The impossibility of global SAV is an argument in favor of the difficulty of widely deployed RRL. It is an argument of spending the effort on something that might be accomplished.
First: Vixie is in the middle of this amplification stuff because he's one of the Internet's foremost lobbyists for the most convenient amplifier of all (DNS->DNSSEC). So maybe he's just, like: "I'm tired of responding to people's claims that DNSSEC is going to make DDoS earlier and instead would prefer to rewrite the terms of the debate so that the presumption is everyone was supposed to have this rate-limiting band-aid all along".
Second: Don't overthink it. He's got a slot in ACM Queue, so maybe he just wanted to fill some column inches. "Free associate: what am I thinking about right now."
Third: This is all pretty silly. Even if you got global deployment of address verification AND every stateless protocol was rate-limited, it would still be trivial for attackers to launch vicious, debilitating DDoS attacks.