--On 19 June 2009 08:41:57 +0200 Alessandro Vesely <vesely(_at_)tana(_dot_)it>
wrote:
der Mouse wrote:
Responsibility, in the sense of accountability for (potential) abuse,
is a meatspace thing, not amentable to being part of a network
protocol, so at least _some_ of this must be done out-of-band with
respect to the protocol.
On thefreedictionary I read
Synonyms: responsible, answerable, liable, accountable, amenable
These adjectives share the meaning obliged to answer, as for one's
actions, to an authority that may impose a penalty for failure.
Because the IETF cannot even enforce protocol compliance, addressing
responsibility implies identifying an authority that has the power of
imposing some kind of penalty.
It's our respective governments, and such international law as they agree
to.
As an internet community, we must work towards forcing people to
authenticate senders - by making it harder and harder for unauthenticated
mail to get delivered. Once we know who's sending the email, they can be
held to account by (a) reputation services, and (b) the law.
Providers MUST be held _directly_ accountable.
Right. But until this is fixed at the top, I see little hope it will
happen in the lower levels, except sporadically. (The places that do
do it are exceptional, and, in the cases where I'm in a position to
know why they do it, they do it not because they are held accountable
by whoever assigned the resources to them but because they are ethical
enough to feel a compulsion to do what's right even when they're _not_
overtly held accountable. While this mindset is common enough for us
to have words for it, it is not nearly common enough to save the net
from the disasters that governmental disconnect between authority and
responsibility leads to.)
I think we can safely withdraw the naive picture where carriers act as
authorities, and forget about the possibility that anything will be
eventually "fixed at the top", except for possible devout beliefs. On
this Earth, ethical mindsets are still powerful intellectual tools that
bring visions and may allow to plan for decades. Although such planning
usually results in optimization of revenues in the long run, uncertainty
about the future wreaks those greedy and short-sighted behaviors that
currently are the norm.
To cope with that, protocols need to introduce ad-hoc authorities
whenever responsibility is required. For mail, those may involve DNSBLs,
CAs, VBR vouchers, and similar kinds of independent organizations. We are
already relying on them, unofficially. For increased cooperation, we
better make that explicit.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg