Schneier: ISPs should bear security burden

• Previous message (by thread): Schneier: ISPs should bear security burden
• Next message (by thread): Schneier: ISPs should bear security burden
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I'm not advocating a wild west every man for himself, but, I think that
> solving end-node oriented problems at the transport layer is equally
> absurd.

That's not what was being suggested. The article suggested
that ISPs, the providers of the transport layer service, 
should consider branching out and offering other value added
services in addition to the transport layer, because customers
want to buy value-added services and not just the raw,
unfiltered transport layer. It's up to the ISP as to how
they configure and manage those services.

The company that I work for decided to build a separate
global IP network in 20 countries to connect about 150
providers of application and data services to their
customers, currently just under 11,000 of them. This IP
network provides vastly higher levels of security than the
public Internet and that is part of our contracts and SLAs.
There is no technical reason why other ISPs could not offer
similar value-add services other than a failure of the imagination.

And we all know what "failure of the imagination" buys you.
In the telecom industry it led to the rise of the ISP and
the Internet because the incumbents could not imagine what we
have today. In the U.S. political arena it led to 9/11 because 
the people charged with protecting the country could not imagine
that a small group of people based in one of the most backward
countries on earth could pose a threat to American soil. The report
of the 911 commission makes interesting reading if one is able
to see the abstract lessons that it draws. Many of those lessons
relate to failure of imagination and failure to move on and
change with the changing times.

> ISPs transport packets.  That's what they do. 

You're wrong there. ISPs provide Internet services. That's
what they have always done. In the early days they ran mail
servers and web servers and news servers and terminal servers
and many other things. We have gone through a period of 
specialization where ISPs have been differentiated into
providing a subset of all possible Internet services. Some
do indeed specialise in pure packet transport, but that is 
rare and they are usually part of a larger company that 
provides other services. In any case, it's time to move on
and change some more, perhaps by adding new value-added
services on that last mile connection. 

>  I haven't actually seen a lot of consumers asking for
> protected internet. 

That's because you don't work for Yahoo email or for AOL.

> Do you really want an internet where everything has to run over ports
> 80 and 443 because those are all that's left that ISPs don't filter?

No. But I want an Internet in which different ISPs are free to
offer different services rather than have a regulated 
environment that says that ISPs MUST offer a specific service
in a specific way. I want choices.

--Michael Dillon

• Previous message (by thread): Schneier: ISPs should bear security burden
• Next message (by thread): Schneier: ISPs should bear security burden
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]