> IP address spoofing is still possible today and you'll begin to realize how broken the internet has always been
not that you need to have the answer to make your point, but now I am curious: what is the alternative architecture that prevents IP address spoofing? Wouldn't proving you are the IP you purport to be require some sort of authentication, which requires some centralized authority to implement? Which would require a fundamentally centralized internet?
> Which would require a fundamentally centralized internet?
Yes, that fundamentally central authority overseeing the IP address space exists today as IANA, which delegates to RIRs such as ARIN and RIPE, who allow ISPs to assert authority over address space cryptographically (RPKI) and/or in a central registry (IRR). This is the basis on which BGP announcements are typically filtered.
> what is the alternative architecture that prevents IP address spoofing?
It is possible to extend the same filtering approaches used with BGP to actual traffic forwarding without making fundamental architectural changes. See BCP38 (access) and BCP84 (peering). Widespread adoption of these would eliminate IP spoofing.
There's two parts to the answer to GP's question. One is egress filtering, which is widely deployed, and the other is BGP security, which as you know is being deployed.