nanog mailing list archives
Re: Schneier: ISPs should bear security burden
From: Daniel Senie <dts () senie com>
Date: Wed, 27 Apr 2005 15:02:08 -0400
At 01:39 PM 4/27/2005, you wrote:
In message <20050426.200918.11519.516537 () webmail04 lax untd com>, "Fergie (PaulFerguson)" writes: > > >I've been there -- I know how I feel about it -- but I'd love >to know how ISP operations folk feel about this. > >Links here: >http://www.vnunet.com/news/1162720 > At a recent forum at Fordham Law School, Susan Crawford -- an attorney, not a network operator -- expressed it very well: "if we make ISPs into police, we're all in the ghetto". Bruce is a smart guy, and a good friend of mine, but he's not a network operator or architect. There are a small number of times when operators can, should, and -- in a very few cases -- act, but those are rare. The most obvious case is flooding attacks, since they represent an abuse of the network itself; operators also have responsibility for other pieces of the infrastructure they control, such as (many) name servers.
While this stance works for backbone network operators, I'm not entirely convinced it's a viable business strategy for ISPs dealing directly with end user customers (business or residential). The problem at the edge is customers insist they don't want the spam and viruses, and expect the ISP to help. Earthlink and AOL provide such services, and in the course of doing this raise an expectation.
Now a regional or local ISP can either say "it's not our job to protect you" and have their customers migrate away, or they can make efforts to help and retain customers. So, is this a technical issue or a business issue? Network engineers are not necessarily qualified to make business decisions, unless they wear both hats.
Customers at the retail level expect basic protection services as a part of the price of service. Whether that's a good thing or not, it's where we are on the business side of providing retail ISP services.
Current thread:
- Re: clarity, (continued)
- Re: clarity Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden william(at)elan.net (Apr 27)
- Re: Schneier: ISPs should bear security burden Elmar K. Bins (Apr 27)
- Re: Schneier: ISPs should bear security burden Edward Lewis (Apr 27)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Message not available
- Re: Schneier: ISPs should bear security burden Jay R. Ashworth (Apr 29)
- Re: Schneier: ISPs should bear security burden David Lesher (Apr 27)
- Re: Schneier: ISPs should bear security burden Daniel Senie (Apr 27)
- Re: Schneier: ISPs should bear security burden Douglas Otis (Apr 27)
- Message not available
- Re: Schneier: ISPs should bear security burden W. Mark Herrick, Jr. (Apr 27)
- Re: Schneier: ISPs should bear security burden Suresh Ramasubramanian (Apr 30)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Michael . Dillon (Apr 27)
- Message not available
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Dan Hollis (Apr 27)
- Re: Schneier: ISPs should bear security burden Daniel Roesen (Apr 27)