ietf
[Top] [All Lists]

Re: Addresses and ports and taxes -- oh my!

2000-08-04 09:50:02
On Fri, 04 Aug 2000 01:26:55 PDT, Mahadevan Iyer said:
At first glance, it seems sheer idiocy to use an open network like the
Internet to control critical matter-of-life-and-death public
infrastructure like power systems. What do you think?

At first glance, it seems sheer idiocy to use something like a telco switch
to control critical matter-of-life-and-death public infrastructure like the
US 911 system.

Telco switches are hackable.  And I submit to you that the 911 system is
as life-and-death critical as it gets.  Hasn't seemed to have been a
problem so far, even though 911 systems *have* been hacked, subjected
to denial of service attacks, and all the other problems they are subject to.

Or do you think, it is possible to build ultra-reliable secure real-time
communication channels in the Internet? Maybe..

It may be impossible to build ultra-reliable secure systems.  On the other
hand, remember that it's about *risk management*.  Nuclear launch codes
are one of the *very* few "zero failures acceptable" things we have.

We accept that on the order of 1 out of every million airplane takeoffs
ends badly.  We accept that the power grid fails in scattered areas
during the summer.  We accept that doctors, drug interactions,  and
hospitals accidentally kill a number of patients every year.  I don't
see the whole class of Aleve/Naprosyn painkillers being pulled off the
market, even though an amazing number of people die every year from
gastric bleeding.

We actually know almost all of what we need to build such systems. Now
all we need is programmers that remember to actually CHECK that string
lengths are in bounds. ;)

                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech