nanog mailing list archives
Re: Schneier: ISPs should bear security burden
From: Douglas Otis <dotis () mail-abuse org>
Date: Wed, 27 Apr 2005 13:08:32 -0700
On Wed, 2005-04-27 at 13:39 -0400, Steven M. Bellovin wrote: <snip>
At a recent forum at Fordham Law School, Susan Crawford -- an attorney, not a network operator -- expressed it very well: "if we make ISPs into police, we're all in the ghetto". Bruce is a smart guy, and a good friend of mine, but he's not a network operator or architect. There are a small number of times when operators can, should, and -- in a very few cases -- act, but those are rare. The most obvious case is flooding attacks, since they represent an abuse of the network itself; operators also have responsibility for other pieces of the infrastructure they control, such as (many) name servers.
Internet service providers should ensure protective strategies do not harm hapless consumers. While an ISP's protective obligations easily include Domain Name and routing services, few systems withstand unfettered abuse or tampering. Should a provider expect active cooperation from others granted access to their networks? The strength of the Internet is dependent upon cooperation and policy enforcement. While an egalitarian view would insist all be granted equal access, a response to abuse should be considered, even when only guarding essential services. What is a reasonable threshold before a provider "rarely" acts? You listed only one, a flood attack. -Doug
Current thread:
- Re: Schneier: ISPs should bear security burden, (continued)
- Re: Schneier: ISPs should bear security burden william(at)elan.net (Apr 27)
- Re: Schneier: ISPs should bear security burden Elmar K. Bins (Apr 27)
- Re: Schneier: ISPs should bear security burden Edward Lewis (Apr 27)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Message not available
- Re: Schneier: ISPs should bear security burden Jay R. Ashworth (Apr 29)
- Re: Schneier: ISPs should bear security burden David Lesher (Apr 27)
- Re: Schneier: ISPs should bear security burden Daniel Senie (Apr 27)
- Re: Schneier: ISPs should bear security burden Douglas Otis (Apr 27)
- Message not available
- Re: Schneier: ISPs should bear security burden W. Mark Herrick, Jr. (Apr 27)
- Re: Schneier: ISPs should bear security burden Suresh Ramasubramanian (Apr 30)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Michael . Dillon (Apr 27)
- Message not available
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Dan Hollis (Apr 27)
- Re: Schneier: ISPs should bear security burden Daniel Roesen (Apr 27)
- Re: Schneier: ISPs should bear security burden Petri Helenius (Apr 27)