Acidus wrote:

I'd like to change the design of the Internet by introducing regulation--Internet passports, Internet police and international agreement--about following Internet standards. And if some countries don't agree with or don't pay attention to the agreement, just cut them off.

Papers please comrade?

I'm kinda with him. This is going to happen whether you admit it or not. Half of it is already in place today. At least be honest about it and allow people to build on it. Then we can say we have real security and call it a day.

flynn23 wrote:

Acidus wrote:

I'd like to change the design of the Internet by introducing regulation--Internet passports, Internet police and international agreement--about following Internet standards. And if some countries don't agree with or don't pay attention to the agreement, just cut them off.

Papers please comrade?

I'm kinda with him. This is going to happen whether you admit it or not. Half of it is already in place today. At least be honest about it and allow people to build on it. Then we can say we have real security and call it a day.

This is an example of saying something that is provocative, controversial, and meaningless as a publicity stunt. Works like a charm. As a security measure its useless. You know the actual contact information for the ISP that hosts the compromised machine that serves as the head end for the botnet your machines are infected with. Is it doing you any good right now? The problem is not that we don't know who to get in touch with, so adding additional layers of authentication won't help.

Decius wrote:

flynn23 wrote:

Acidus wrote:

I'd like to change the design of the Internet by introducing regulation--Internet passports, Internet police and international agreement--about following Internet standards. And if some countries don't agree with or don't pay attention to the agreement, just cut them off.

Papers please comrade?

I'm kinda with him. This is going to happen whether you admit it or not. Half of it is already in place today. At least be honest about it and allow people to build on it. Then we can say we have real security and call it a day.

This is an example of saying something that is provocative, controversial, and meaningless as a publicity stunt. Works like a charm. As a security measure its useless. You know the actual contact information for the ISP that hosts the compromised machine that serves as the head end for the botnet your machines are infected with. Is it doing you any good right now? The problem is not that we don't know who to get in touch with, so adding additional layers of authentication won't help.

I agree that it was probably a PR stunt, but I think he is also suggesting to go full monty, so that the botnet node wouldn't have gotten compromised in the first place without an audit trail of who sent it packets in the first place. You know this is coming.

flynn23 wrote:
I agree that it was probably a PR stunt, but I think he is also suggesting to go full monty, so that the botnet node wouldn't have gotten compromised in the first place without an audit trail of who sent it packets in the first place. You know this is coming.

I'm not following how this will solve the problem. Today we usually know where the evil traffic is coming from. Thats not the problem. If you think you can run a global network with 6 billion users in 180 odd countries with different levels of infrastructural sophistication using broken, vulnerable software and track down people who are responsible for every packet that gets transmitted, you've never run a real network before. We can't even do this inside enterprise networks that already have strict identity based access control and forensic monitoring.

The idea of making everyone sign up for a passport is a deeply authoritarian fantasy that has no relationship whatsoever to any real assessment of how to solve real problems on real computer networks.