From owner-nanog-outgoing@merit.edu Fri Jun 11 14:21:37 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by eldwist.darkuncle.net (8.12.11/8.12.9) with ESMTP id i5BLLaed014285 for ; Fri, 11 Jun 2004 14:21:36 -0700 (PDT) Received: by trapdoor.merit.edu (Postfix) id 6A0FB9133D; Fri, 11 Jun 2004 17:18:45 -0400 (EDT) Delivered-To: nanog-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 380829136A; Fri, 11 Jun 2004 17:18:45 -0400 (EDT) Delivered-To: nanog@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id B784F9133D for ; Fri, 11 Jun 2004 17:18:30 -0400 (EDT) Received: by segue.merit.edu (Postfix) id 9B3A15997F; Fri, 11 Jun 2004 17:18:30 -0400 (EDT) Delivered-To: nanog@merit.edu Received: from ran.psg.com (ip192.186.dsl-acs2.seawa0.iinet.com [209.20.186.192]) by segue.merit.edu (Postfix) with ESMTP id 413D759979 for ; Fri, 11 Jun 2004 17:18:30 -0400 (EDT) Received: from localhost ([127.0.0.1] helo=ran.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.32; FreeBSD) id 1BYtPx-000C2S-65 for nanog@merit.edu; Fri, 11 Jun 2004 14:18:29 -0700 From: Randy Bush MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16586.8612.782504.433628@ran.psg.com> Date: Fri, 11 Jun 2004 14:18:28 -0700 To: nanog@merit.edu Subject: RE: Even you can be hacked References: Sender: owner-nanog@merit.edu Precedence: bulk Errors-To: owner-nanog-outgoing@merit.edu X-Loop: nanog Status: RO X-Status: AF Content-Length: 2072 Lines: 49 the bottom line o if you want the internet to continue to innovate, then the end-to-end model is critical. it means that it takes only X colluding end-poits to deploy an new application which might be the next killer ap which drives your business. remember, email was not part of the original spec; http was not; jabber was not; ... this is in opposition to the telco model, where billions need to be spent uprading a smart middle to do anything new. and guess who gets the profits, if any considering what the deployment did to capex and opex. o this means that the network will also transport bad things; kinda like the phone network will carry obscene calls. damned shame, but that's the price you pay for liberty. or you can ask john poindexter (aka vigilante isps) to defend liberty for you and find all sorts of very unlovely and long term consequences. o this moves the burden for security to the edges, to the site boundaries, which may not care if their users can be early adopters of the next wannabe killer ap, and to the end-points, the hosts themselves. o but there are jillions of end-points; well yes, there are jillions of telephones too. and it's gonna be hell to clean up after the fact that they were designed without security, some have 80 jillion lines of code sitting on the laptops of naive users, blah blah. you want to support a free society, then the poupulace has to be educated. ain't no magic pixie dust here. they know how to recognize and maybe even report a 'breather' when they pick up the phone. we'll they gotta recognize a bad attachment when they get the email. and the software vendors have to clean up the jillions of lines of cr^h^hsoftware they have on the end users' desktops. and they are, half out of clue and half out of the smell of liability. but it will take a while. there ain't no free lunch. randy, who is clearly thinking of lunch, or maybe just out to lunch