Schneier: ISPs should bear security burden

• Previous message (by thread): Schneier: ISPs should bear security burden
• Next message (by thread): Schneier: ISPs should bear security burden
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 	Thing is, protecting them from themselves and their own stupidity is
> also the thing that most everyone else needs, too.
>
>>  Do you really want an internet where everything has to run over ports
>>  80 and 443 because those are all that's left that ISPs don't filter?
>
> 	They should be filtered, too.  For standard bottom-feeder accounts,
> *everything* should be filtered and transparent proxied. And the accounts
> should be priced so that they pay for their own upkeep.  What will cost
> money is to turn off the filters selectively for certain accounts, and
> people who want that should be in a position to pay for it.
>
I'm sorry, but, I simply do not share your belief that the educated should
be forced to subsidize the ignorant.  This belief is at the heart of a
number of today's socialogical problems, and, I, for one, would rather not
expand its influence.

>>  How much functionality are we going to destroy before we realize that
>>  you can't fix end-node problems in the transit network?
>
> 	How much of the Internet is going to be destroyed before we realize that
> the users are too stupid to be trusted to run their end-nodes, and if the
> transit network wants to protect itself from the worst offenses it will
> need to provide only managed services and not let these people out of the
> corral to being with?

Strangely, for all the FUD in the above paragraph, I'm just not buying it.
The internet, as near as I can tell, is functioning today at least as well
as it ever has in my 20+ years of experience working with it.  The vast
majority of the end node problems come from one particular software vendor.
If that vendor could be held accountable for the problems they have created,
things would be much better.

The major advanatage of the internet is the ability to deploy new 
applications
and protocols quickly and easily.  Transparent proxies, btw, would not
prevent most of the harmful stuff available via 443, so, I'm not sure
what you think that accomplishes.

Malware will quickly adapt to any such filtration at the transport layer.
As long as you can get some form of undefined content through the internet,
malware will have a way to gain transit.  It must be addressed at the end
node.

Owen


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20050427/b843c125/attachment.sig>

• Previous message (by thread): Schneier: ISPs should bear security burden
• Next message (by thread): Schneier: ISPs should bear security burden
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]