Anonymity and accountability are not incompatible. On Slashdot I have accountable anonymity. If I write a bunch of rubbish my karma score will quickly fall. If I want to build a reputation I have to post good stuff. The point where I do not want anonymity is when I am engaged in some sort of financial transaction. If an EBay seller deliberately sends me fraudulently misrepresented goods or fails to send the goods at all I want the full force of the law to come down on them, civil and criminal. Nor is accountability necessarily at the individual level. I don't want to hold Keith Moore responsible for not hosting a bot performing a SYN flood DoS. I want to hold his ISP accountable for not letting the packets corrupt the rest of the Internet. Cisco, Netgear, Motorola and Microsoft could stop 95% of the DoS problem from domestic networks which buy a new network interface box for virtually no cost. Just put an on-by-default option into every modem and NAT device that performs control channel capping. If the default was that the boxes blocked more than X SYN messages in an hour a value of X can be chosen that does not affect legitimate users but reduces the value of the bot on the trading boards effectively to zero, thus almost eliminating the incentive for the perp to attack the machine in the first place. Holding individual users accountable is an expensive and difficult proposition. The focus of the Accountable Web must be on the parties that can make the biggest difference. If I can't get the NAT box makers to listen directly I will get the ISPs to put a requirement for control channel capping in their RFPs. I don't think there ever was a time when anyone seriously sugested allowing an anonymous network operator. Attempts to do this have mostly been by spammers. > -----Original Message----- > From: Keith Moore [mailto:moore@xxxxxxxxxx] > Sent: Thursday, July 13, 2006 2:46 AM > To: Nathaniel Borenstein > Cc: Harald Alvestrand; Hallam-Baker, Phillip; ietf@xxxxxxxx; > mat@xxxxxxxxx; Eliot Lear > Subject: Re: The Accountable Web RE: not listening > > > It would be good if we had a clear, non-technical statement showing > > how the IETF is working on technologies which, in the long run, can > > help with tracing and apprehending the bad guys while > preserving privacy. > > As far as I can tell, the threats to individuals that result > from traceable network transactions are at least as great as > the threats that result from anonymity. We need to be > thinking in terms of balancing the risk from those two kinds > of threats. This is hard because the relationship between > the two kinds of threat varies from one place to another and > from one time to another. > > So while we can make a non-technical statement that > protecting kids and privacy are both good things, as > engineers we should realize that things aren't nearly so simple. > > Keith > > > _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf