funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups)

From: Dan White <dwhite () olp net>
Date: Mon, 12 Oct 2009 08:21:57 -0500
On 12/10/09 06:25 -0400, Larry Seltzer wrote:

As a general matter nothing would trigger it. It goes into effect
immediately. Are you asking what constitutes an infected user? We'd have
to define that, but it's not the right question for this discussion
unless you think it's impossible to define. Is it? 


Essentially that's what I'm suggesting. At what point would the ISP be
responsible to act?


You don't mention SPAM, perhaps intentionally...


A customer sending out spam bot-like sounds like a trigger to me.


Then you'll have to legally define SPAM.


I would contend that, for the most part, infected PCs are not an ISP

problem, but the customer's problem.

Think of it as an Internet public health problem, and the ISPs are in
the best position to isolate the patients.


That's probably true - I just don't think a law is the best approach here.
Education is.


2) Replacing SMTP with something sane and secure. SMTP has got to be

IETF's
biggest failure.

Serious efforts at that many years ago (MARID) essentially failed.


3) Doing what we can to develop and increase our participation in a

public
key infrastructure and IPSEC.

Voluntarily? In what century will that happen?


Well, #3 would go a long ways towards solving #2. I'm quite optimistic this
will happen in the next 10 years. As DNSSEC gets deployed, IPSEC will
become more than just a pipe dream (RFC 4025). 

But it's going to be a very bumpy road getting there, I'll grant you that.

-- 
Dan White
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: