IoT security, was Krebs on Security booted off Akamai network

bzs at bzs at
Mon Oct 10 18:39:49 UTC 2016


Thanks for the nice confirmation.

My dabbling in internet governance topics has taught me (I guess) that
the real challenge is to eschew easy approaches such as shutting off
sites as a remedy.

The hard work is trying to come up with effective measures which are
anything but take downs / blocking -- those should be an absolute last
resort at the end of some well-defined and transparent process.

Obviously at some extreme point a site has gone so rogue it's just an
act of self-defense. But that's the extreme case and still needs a
process even if an emergency, short-circuited process.

But for sites which imagine themselves to be responsibly managed but
fall down on that job sufficiently to merit a response -- my favorite
saying in life: EVERYONE forgives themselves! -- there's a need to
structure proportionate and effective responses to failings ranging
from warnings to actions.

And to define clearly what those failings are.

For example everyone might not agree that letting 1% of their traffic
be spam or otherwise malicious traffic without opposition is even a
problem worth exerting effort over. Ok, is it 2%? 0.1%? What is the
threshold we can all live with? Or is a percentage just a bad idea and
it's the effect which needs to be measured and judged?

I suspect a contractual approach might be more productive, as one
example. There are other possibilities.

        -Barry Shein

Software Tool & Die    | bzs at             |
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

More information about the NANOG mailing list