nanog mailing list archives
Re: Schneier: ISPs should bear security burden
From: Owen DeLong <owen () delong com>
Date: Wed, 27 Apr 2005 03:43:00 -0700
Thing is, protecting them from themselves and their own stupidity is also the thing that most everyone else needs, too.Do you really want an internet where everything has to run over ports 80 and 443 because those are all that's left that ISPs don't filter?They should be filtered, too. For standard bottom-feeder accounts, *everything* should be filtered and transparent proxied. And the accounts should be priced so that they pay for their own upkeep. What will cost money is to turn off the filters selectively for certain accounts, and people who want that should be in a position to pay for it.
I'm sorry, but, I simply do not share your belief that the educated should be forced to subsidize the ignorant. This belief is at the heart of a number of today's socialogical problems, and, I, for one, would rather not expand its influence.
How much functionality are we going to destroy before we realize that you can't fix end-node problems in the transit network?How much of the Internet is going to be destroyed before we realize that the users are too stupid to be trusted to run their end-nodes, and if the transit network wants to protect itself from the worst offenses it will need to provide only managed services and not let these people out of the corral to being with?
Strangely, for all the FUD in the above paragraph, I'm just not buying it. The internet, as near as I can tell, is functioning today at least as well as it ever has in my 20+ years of experience working with it. The vast majority of the end node problems come from one particular software vendor. If that vendor could be held accountable for the problems they have created, things would be much better.The major advanatage of the internet is the ability to deploy new applications
and protocols quickly and easily. Transparent proxies, btw, would not prevent most of the harmful stuff available via 443, so, I'm not sure what you think that accomplishes. Malware will quickly adapt to any such filtration at the transport layer. As long as you can get some form of undefined content through the internet, malware will have a way to gain transit. It must be addressed at the end node. Owen
Attachment:
_bin
Description:
Current thread:
- Re: Schneier: ISPs should bear security burden, (continued)
- Re: Schneier: ISPs should bear security burden Greg Boehnlein (Apr 27)
- Re: Schneier: ISPs should bear security burden Steven M. Bellovin (Apr 27)
- Re: Schneier: ISPs should bear security burden Daniel Senie (Apr 27)
- Re: Schneier: ISPs should bear security burden Douglas Otis (Apr 27)
- Message not available
- Re: Schneier: ISPs should bear security burden W. Mark Herrick, Jr. (Apr 27)
- Message not available
- Re: Schneier: ISPs should bear security burden Suresh Ramasubramanian (Apr 30)
- Re: Schneier: ISPs should bear security burden Fergie (Paul Ferguson) (Apr 26)
- Re: Schneier: ISPs should bear security burden Fergie (Paul Ferguson) (Apr 26)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Michael . Dillon (Apr 27)
- Message not available
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Dan Hollis (Apr 27)
- Re: Schneier: ISPs should bear security burden Daniel Roesen (Apr 27)
- Re: Schneier: ISPs should bear security burden Petri Helenius (Apr 27)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Dan Hollis (Apr 27)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Iljitsch van Beijnum (Apr 28)
- Re: Schneier: ISPs should bear security burden Dan Hollis (Apr 28)
- Re: Schneier: ISPs should bear security burden Adi Linden (Apr 28)
- Re: Schneier: ISPs should bear security burden Petri Helenius (Apr 28)