I would like to modestly contribute:
-"Ends cannot be trusted":
I think any security implementation needs to be done on the routers part of the BGP. I think you can control the BGP people better than the ends. AS numbers would be attributed after a certain number of security measures are implemented and maintained on the BGP network. I do not know what these security measures are, but I guess this is the target area. Organisations like APNIC, RIPE and ARIN could do this work and get paid for it from their membership. One simple thing would be to put all the BGP router administrators on an alert mailing list that would send packets signatures of bad traffic in view to report it or discard it.
-"Lack or PKI", "Spam is mail from strangers that I don't want to receive but I still want to receive mail from strangers"
Well, the important concept here is traceability. if all mails are signed it won't stop spam or viruses, but we will know where they are coming from. We, users, may refuse to receive mail if it is not signed. Infected machine may sign mail automatically, so we still know where it is coming from, so that this data can be handed to real world people for prosecution. As in the above point if we can trace back the problem area then we will have some evidence on where the virus/spam is coming from... I talked before on this list about a global PKI linked to DNS...
-"Lack of whois structure"
Have you see how difficult it is to know which IP belongs to who? The whois system for IP needs to be standardised and each person who gets an IP range for redistribution must implement a whois system in conformance with standards.
-"We need a new body: The Internet Security Task Force"
This body would be in charge to make recommendations and review from a security point of view the RFCs as well as create some RFCs. It would send advisories about implementation not conforming to security standards set in RFCs. It would also coordinate all activities from all security institutes. It would recommend procedures to disconnect part of the network which are not secure or secured in a defined time frame. The BGP people could threaten to disconnect part of the network in a certain time-frame if it is not secure or sending SPAM, the ISP will then threaten the lower ISP that will disconnect the end until it is fixed (like the IETF58 jail for bad computers?) . It would also help foster open-source(?) projects which goals are to increase the network security. Would ISOC set up such body?
Finally on a humoristic note, if you want legislation SPAM lawyers and MPs....
Cheers
On Fri, 2003-11-14 at 16:57, Spencer Dawkins wrote:
These are my preliminary notes from the Plenaries - neither official nor complete. Please send me corrections and misattributions! Thanks, Spencer
|
---- Franck Martin franck@xxxxxxxxx SOPAC, Fiji GPG Key fingerprint = 44A4 8AE4 392A 3B92 FDF9 D9C6 BE79 9E60 81D9 1320 "Toute connaissance est une reponse a une question" G.Bachelard |
Attachment:
signature.asc
Description: This is a digitally signed message part