Just enough
to block DDoS attacks
Need ISPs to
play. Why should they?
Servers
demand it; clients dont get locked out
Regulation?
A server asks
its ISP to block some IP addresses
ISPs
propagate such requests to peers or clients
Probably must
be based on IP address
Perhaps some
signing scheme to traverse unreliable intermediaries?
High priority
packets can get through