(Actually, it has been tried in a limited way; there are pieces of
the net that _do_ push responsibility to the end user. Oddly
enough, they are basically nonexistent as far as abuse emitters
go; what evidence I see indicates that it _does_ work.)
Can you provide some specifics?
I worked for McGill [...]
This control is "out-of-band" from the abused protocol, and not the
result of all recipients of the protocol resolving possible
identities of each of university users.
Both true. So?
Responsibility, in the sense of accountability for (potential) abuse,
is a meatspace thing, not amentable to being part of a network
protocol, so at least _some_ of this must be done out-of-band with
respect to the protocol.
Schemes that pass accountability onto what might be feckless domain
owners are inherently evil.
I disagree, _provided_ accountability is actually passed on. What you
appear to be thinking of is not accountability but mere identification
(albeit moderately strong identification). That there is no real
accountability is the major fundamental problem I see with today's
Internet: domain holders are not accountable to their registrar or, in
most cases, TLD admins for what they do with their domains; address
space assignees are not accountable to their RIRs for what they do with
their address space (except for the most trivial adminstrative aspects,
such as how thorougly they're using the space assigned, and even that
not very much); email address holders on the top few webmail systems
are not held accountable by the webmail provider for how they use their
accounts.
Schemes that pass accountability on would be good. So far, I haven't
seen any; the most I've seen is schemes that provide strong enough
authentication to make it possible to construct systems that pass
accountability on. Nobody ever seems to take the additional step of
actually doing so. (Well, except on a trivial scale, such as my
personal blocking of Yahoo, imposing a penalty for - ie, holding them
to account for - the abuses they don't rein in.)
Providers MUST be held _directly_ accountable.
Right. But until this is fixed at the top, I see little hope it will
happen in the lower levels, except sporadically. (The places that do
do it are exceptional, and, in the cases where I'm in a position to
know why they do it, they do it not because they are held accountable
by whoever assigned the resources to them but because they are ethical
enough to feel a compulsion to do what's right even when they're _not_
overtly held accountable. While this mindset is common enough for us
to have words for it, it is not nearly common enough to save the net
from the disasters that governmental disconnect between authority and
responsibility leads to.)
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse(_at_)rodents-montreal(_dot_)org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg