> From: Tony Finch [mailto:dot@xxxxxxxx] > Usenet did not escape spam. Spammy usenet servers were not > reliably cut off - certainly the trust relationships between > server operators did not provide an effective way to stop > spam. Your last sentence above is the reason why: keeping > legitimate communication working is more important than the > inconvenience of spam. That coupled with the difficulty of separating the legitimate communication from the spam. In USENET and BGP the trust relationships are only bilateral hop by hop. So I am vulnerable if anyone I connect either directly or indirectly connects to a spammer. In other words USENET is a perimeter security model with 100,000 plus independently administered entry points. It it any wonder that it has essentially collapsed? (my ISP no longer provides NNTP as base service and this is now the norm). There is no accountabilty. > You can apply the same logic at the level of BGP routing: > there are trust relationships between networks, some of which > are clean and some of which are infested with criminals. The > latter spoil it for the rest of us but they are still not cut off. Which is why the first step in securing BGP has to be to provide credentials that allow route advertisements to be tracked to source. Again, there is no real accountability. > For a third example of reluctance to punish the innocent, > look at the hatred directed at DNS blacklists that > deliberately block people who are unlucky enough to be too > close in network space to spammers. The problem there was the blacklists demanded others be held accountable but refused to be held accountable themselves. They would arbitrarily blacklist sites and then refuse to unblock them. Some openly boasted of using 'collateral damage', holding innocent parties hostage as a means of creating leverage to cause an IS to comply with an arbitrary policy unliaterally set by the blacklister. This time there was accountability but the system itself was not sustainable because the guardians of accountability were not accountable. > Given this, your proposed architecture is just as vulnerable > to botnets as the open SMTP architecture. There are always > going to be enough admins who don't cut off infected machines > and who also have enough legitimate customers that their > upstreams won't cut the whole network off. This will be > enough to poison the well. Agreed, unless someone can propose a different architectural principle I see no reason to expect an entirely new Internet architecture to perform any differently than the existing one. Accountability is a new or at least unachieved architectural principle. As Dave Crocker points out there is no reason to create a new SMTP (and by extension new DNS, new BGP) unless one has first shown why the new proposal cannot be achieved as an extension or modification of the existing. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf