Re: How to secure the Internet in three easy steps

[Paul Vixie <paul () vix com>]

> > not just the bad people.  all the people.  a network with 2 or 3 in place
> > is useless.  there is no way to make 2 or 3 happen.

> As part of their anti-spam efforts, several providers block SMTP port
> 25, and force their subscribers to only use that provider's SMTP
> relay/proxy to send mail.  Why not extend those same restrictions to
> other (all) protocols?

each protocol that becomes as widely abused as smtp has been, will be
blocked, since blocking will save the ISP money.  you also mentioned
proxying of web traffic, which due to banner ads often makes the ISP
money.  this whole thing is really about money.  but "1" isn't getting
done because the money that could be saved is by ISP "B" whereas the
money which must be spent is by ISP "A".  so, the nondeployment of BCP38
is all about money, too.

the thing i'm trying to work my way back to is that "2" and "3" can be
argued to restrict desireable freedoms (like reaching SMTP or WWW servers
without being forced to use a local proxies) whereas "1" has no arguments
against it, or at least no arguers here on nanog today.  why lump them
all three together?

PS. you mentioned AOL, which uses IP framing in order to leverage off of
the IP stack already present in their customer's computers, but other
than that it's a captive application.  what addresses are used doesn't
really matter there in any global sense, nor proxies or nats or whatever.