nanog mailing list archives
network reputation [was: IP is...]
From: Gadi Evron <ge () linuxbox org>
Date: Wed, 23 Jan 2008 22:46:26 -0600 (CST)
On Thu, 24 Jan 2008, Fred Baker wrote:
I still think IP+timestamp doesn't imply what person did somethingit doesn't, no any more than the association of your cell phone with a cell tower conclusively implies that the owner of a telephone used it to do something in particular. However, in forensic data retention and wiretap procedures, the assumption is made that the user of a telephone or a computer is *probably* a person who normally has access to it.
Data retention and LEO compliance are serious issues for network authorities to handle. The original topic was about IP addresses, though. I'd like to try and go there from a different angle.
IP addresses however, "belong" to (allocated..) authorities such as ISPs, and I would personally like to see some better AUP on what is allowed to come from these. Practically.
I'd like to see some larger effort to make network reputation happen, whether in making sure connections come from the real authority (BCP38 and similar) or to be able to deny a network connectivity to our own back yard.
I am not going for the "user activity is an ISP's responsibility" but rather than a "misbehaving network should be treated as such". For whatever definition of misbehaving we can accept. I want this to be more about what this can do for us rather than some "this will be abused so let's not do it" civil society discussion.
At first glance this appears off-topic for the thread, but operationally network reputation and ownership is much more relevant than if people's rights are being walked all over.
Security is a strong supporter of privacy as much as it is misused as an excuse for infringing upon it.
Considering possibilities, other than avoiding spoofing, what would network reputation which is reliable help us do operationally?
Gadi.
Current thread:
- EU Official: IP Is Personal Hank Nussbacher (Jan 23)
- Re: EU Official: IP Is Personal Paul Vixie (Jan 23)
- Re: EU Official: IP Is Personal Eric Brunner-Williams (Jan 23)
- Re: EU Official: IP Is Personal Joel Jaeggli (Jan 23)
- Re: EU Official: IP Is Personal Florian Weimer (Jan 23)
- Re: EU Official: IP Is Personal Sean Donelan (Jan 23)
- Re: EU Official: IP Is Personal Lou Katz (Jan 23)
- Re: EU Official: IP Is Personal Mikael Abrahamsson (Jan 23)
- Re: EU Official: IP Is Personal Fred Baker (Jan 23)
- network reputation [was: IP is...] Gadi Evron (Jan 23)
- Re: network reputation [was: IP is...] Eric Brunner-Williams (Jan 23)
- Re: EU Official: IP Is Personal Roland Perry (Jan 24)
- Re: EU Official: IP Is Personal J. Oquendo (Jan 24)
- RE: EU Official: IP Is Personal Rod Beck (Jan 24)
- Re: EU Official: IP Is Personal J. Oquendo (Jan 24)
- RE: EU Official: IP Is Personal Rod Beck (Jan 24)
- Re: EU Official: IP Is Personal J. Oquendo (Jan 24)
- Re: EU Official: IP Is Personal Eric Brunner-Williams (Jan 23)
- Re: EU Official: IP Is Personal Paul Vixie (Jan 23)
- Re: EU Official: IP Is Personal Roland Perry (Jan 24)
- Message not available
- Re: EU Official: IP Is Personal J. Oquendo (Jan 24)
- Re: EU Official: IP Is Personal Fred Baker (Jan 24)