Interesting People mailing list archives
more on Free Speech fading at UC Berkeley
From: David Farber <dave () farber net>
Date: Wed, 4 May 2005 18:57:02 -0400
Begin forwarded message: From: "David P. Reed" <dpreed () reed com> Date: May 4, 2005 5:16:56 PM EDT To: Paul Biggar <paul.biggar () gmail com> Cc: dave () farber net Subject: Re: [IP] Free Speech fading at UC BerkeleyDave - no need to post this unless you think it adds to the discussion. I am not sure.
Paul - I have in the past objected to firewalls, just in case that is surprising to you. (for an example from 1996, see http://www.reed.com/ Thoughts%20and%20comments/CDAe2e.html) You may find that absurd, it's your right. But in fact it breaks a fundamental principle of the Internet, creating "walled gardens".
Now if there were a real danger, and no cost, that would be at least reasonable. However, firewalls do NOT achieve security, and what they do achieve is achievable other ways (as I alluded in the blog posting, the end user can authenticate every packet, given an appropriate operating system). The fact is that end-to-end secure systems have been possible since 1976, whereas firewalls have been known not to provide security ever since Bellovin and Cheswick's first book on the subject.
Making an analogy with putting the police on every corner proves nothing. The policemen cannot read intent - their positioning on the corner is merely another symbol of an applicable legal structure. If the police viewed their job as stopping and searching everybody who enters a town (all actions forbidden unless explicitly authorized), the analogy would be closer. Similarly, the advance permission (whether it is asking for permission to publish a book, or to make a speech in a public square) may be granted routinely, but its requirement is noxious.
Berkeley CS's policy does not block only port 80, but *all* TCP and UDP ports, 0-65535 inclusive. This means that if I send a packet advertising a private address, which I will authenticate by a crypto key, I *still* have to ask permission first.
The interposition of a firewall is only one possible response to problems - as I suggested in my carefully written, but brief, piece, in my opinion, it is the wrong one. And coming from a leading academic CS department, including people who should know better, choosing the wrong answer shows lack of care and verges on dangerous as it will surely be a small precedent for others who have less technical skill.
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Free Speech fading at UC Berkeley David Farber (May 04)
- <Possible follow-ups>
- more on Free Speech fading at UC Berkeley David Farber (May 04)
- more on Free Speech fading at UC Berkeley David Farber (May 04)