Re: Accountability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 16:01 21/07/2005, Hallam-Baker, Phillip wrote:
> >So in the question of ingress filtering what I am looking at is
> >mechanisms to create accountability.
>
> Just beware that accountability in an interdependence system
> can only based
> on the threat of retaliation. What means that you must be a
> little be more
> equal than you peers for it to succeed.

That is not true. Accountability must have consequences but
'retaliation' is a specific type of consequence that is generally
considered to be best applied as a last resort.

Sure, but in relations what count is the "ultima ratio". Graduation is only politeness.

> Beware that whatever the accountability, when you are dead,
> you are dead.
> Your heirs can revenge you, but you failed your target.

Accountability is used in the security field in a very specific fashion
and with specific applications.

Clearly you want to apply traditional access control approach to running
a nuclear power station. But very few of the problems we are now
concerned with fall into that category. This is to be expected, the
problems for which access control is appropriate are essentially solved.

The problems we have today are of the form where an individual violation
is not that much of a concern but the aggregate violations are very much
a concern. Spam is a prime example, one spam is a nuisance, a thousand a
day makes email unusable.

The other characteristic of the problems we are now facing is that the
set of access criteria is not well defined. The question of what is spam
is clear to the reader but very hard to define in machine readable
terms.

We thus have two basic tools; fuzzy logic type approaches to access
control and accountability type schemes. Both are useful but in the long
term the way to make the system stable is by establishing the right
accountability mechanisms.

This is basic. I am not discussing that, but motivation and quality of the expected deliveries. By nature there is a threshold where you cannot accept the lacks of your partner. Whatever the threshold. Here is the problem. If you relate with only one partner (ally) your security depends on its priorities. If you relate with the intergovernance of your allies, his security will depend on your allies. So there will be possibilities for other solutions. So, what you name accountability mechanism is a part of what I name intergovernance, where retaliation threat is not even considered anymore, because it is impossible to leave security degrade. Difference between an alliance and a coalition.
jfc






_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]