Schneier: ISPs should bear security burden
Steven M. Bellovin
smb at cs.columbia.edu
Wed Apr 27 17:39:26 UTC 2005
In message <20050426.200918.11519.516537 at webmail04.lax.untd.com>, "Fergie (Paul
Ferguson)" writes:
>
>
>I've been there -- I know how I feel about it -- but I'd love
>to know how ISP operations folk feel about this.
>
>Links here:
>http://www.vnunet.com/news/1162720
>
At a recent forum at Fordham Law School, Susan Crawford -- an attorney,
not a network operator -- expressed it very well: "if we make ISPs into
police, we're all in the ghetto".
Bruce is a smart guy, and a good friend of mine, but he's not a network
operator or architect. There are a small number of times when
operators can, should, and -- in a very few cases -- act, but those
are rare. The most obvious case is flooding attacks, since they represent
an abuse of the network itself; operators also have responsibility for
other pieces of the infrastructure they control, such as (many) name
servers.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
More information about the NANOG
mailing list