I'd promised myself that I wouldn't post this until I'd had the time to fully form the idea, but as I find myself constantly overworked and overtired, I might as well post what I have to date and perhaps amend and append further on down the road.
Background noise on the Internet is a growing problem. Bad code with hard-coded IP addresses, forgotten cronjobs, vacated IP ranges, vanished enterprises and so forth have decreased the signal to noise ratio of the IP traffic on the Internet (think what you might about the ratio of the content). Further, DDoS attacks, SPAM, worms and viruses are with us every step of the way. The packet containing this sentence might be in the buffer right behind a packet containing Welchia. Who could know? Adding to this problem are the hastily implemented filters placed on routers and firewalls all over the Internet, blocking traffic from an assortment of IP ranges for infractions committed by the user of that IP space at a certain point in time. If enough of these forgotten filters exist for an IP range, this renders entire range simply unusable.
The best example I have come up with for what I'm thinking is BGP. While BGP may be undergoing a renaissance of sorts at the moment, it forms the basic structure of the distributed firewall.
Currently, you must be a somewhat-trusted entity with significant connectivity to be assigned an ASN. DBP (Distributed Blackhole Protocol) would function similarly, with neighbors authenticated via private keys or similar. Due to the nature of the protocol, participation in DBP would be subject to intense peer review and perhaps even be initially limited to Tier 1 providers.
The main thrust of DBP is the concept that a trusted source can determine the source, or closest DBP peering point, of an unattractive datastream. This datastream might be a zombie engaged in a smurf attack, and open relay, or a worm-infested host. The trusted source could then issue a DBP-drop request to the closest DBP peer to the origination point of the unattractive stream, which would then populate a dynamic ACL to blackhole specific traffic from that origin destined for the requesting source.