Let me give a perspective on SAVI based on a previous life. Note here that I am talking specifically about SAVI and not SAVA. SAVA is basically two problems: (1.) How do I establish the validity of a packet's source address, and (2.) Once it is established, how do I preserve the knowledge of its validity as the packet traverses the Internet. SAVI only addresses problem (1). It's not the full story, but it is a precondition for really solving (2), and it is useful in itself as I will discuss. Before I ran off and joined the circus I was the engineer in charge of design, operation and procurement of a campus network with about 7,000 Ethernet ports which was quite big in those days in Australia. One of the issues I had was that I had no bulletproof way of ascribing activity to an individual. I could take dumps of activity using TCPDump, but since IP addresses and of course MAC addresses were easily spoofable within a broadcast domain, about the only way to collar people was to catch them when they used dialup (because our dialup servers, unlike Ethernet were *not* spoofable) or hope that they used the campus email servers. Note that we didn't have the time or the interest to chase minor stuff like copyright offendors. In those distant days the RIAA had not yet bought our legislators. In order to get us to go to the expense and trouble of building a case against someone, it had to be a case of racketeering, drug dealing, child pornography or major hacking, which are more common on campuses than one would like to think. I guess if you have a community in excess of 30,000 people some of them wil not be nice people. So IP address spoofing in the campus was definitely a problem then. Is it still a problem? in fact, yesterday I was talking to an engineer for an NREN backbone and his opinion was that most campus networks in his country were still spoofable. I asked why people didn't specify infrastructure that had something that could enforce anti-spoofing. He said it was because there are no standards. If there are no standards, you can't specify in a public tender process. "If I specify IP source Guard, then everyone other than Cisco will sue us". In other words, in the many parts of the world where public tender processes are important in procurement, they need an RFC or at least a generally accepted de facto standard in order to be able to buy the appropriate kit. I would respectfully submit: 1) Source IP address spoofing *is* a problem, and the ease with which Source IP addresses can be spoofed in many places is a fundamental flaw in the way the Internet is built today. It cases problems in the assignment of responsibility for evil/illegal acts and it also represents a threat to the Internet's infrastructure. Packets with Spoofed Source Addresses are Undeniably unwanted. 2) IP source address spoofing in the access network is a problem for which there are solutions. Some of them have been implemented. There needs to be at least one openly specified set of mechanisms so that there is a good way for people to specify and procure compliant equipment. 3) Vendors will implement what comes out of the process. (in fact, some already have implemented proprietary solutions, simply because of customer demand.) 4) There is a community of people within the IETF who want to work on this, and they are drawn from a mix of vendors, backbone operators and campus network operators. 5) Since this is specific to IP networking (yes, each mechanism may be link-layer specific, but the problem is that of validating an IP address, not a link-layer address), the IETF is the right place for this work to be done. The only other candidate might be the IEEE, but I feel they are not the right choice. Someone suggested a European Internet Registry as the right place to specify a global standard. I certainly differ on that score. Each of these points is open to debate, which is obviously welcome, but I'd suggest if they stand, then the WG charter and goals satisfies section 2.1 of RFC2418