So in the question of ingress filtering what I am looking at is
mechanisms to create accountability.
Just beware that accountability in an interdependence system
can only based
on the threat of retaliation. What means that you must be a
little be more
equal than you peers for it to succeed.
That is not true. Accountability must have consequences but
'retaliation' is a specific type of consequence that is generally
considered to be best applied as a last resort.
Beware that whatever the accountability, when you are dead,
you are dead.
Your heirs can revenge you, but you failed your target.
Accountability is used in the security field in a very specific fashion
and with specific applications.
Clearly you want to apply traditional access control approach to running
a nuclear power station. But very few of the problems we are now
concerned with fall into that category. This is to be expected, the
problems for which access control is appropriate are essentially solved.
The problems we have today are of the form where an individual violation
is not that much of a concern but the aggregate violations are very much
a concern. Spam is a prime example, one spam is a nuisance, a thousand a
day makes email unusable.
The other characteristic of the problems we are now facing is that the
set of access criteria is not well defined. The question of what is spam
is clear to the reader but very hard to define in machine readable
terms.
We thus have two basic tools; fuzzy logic type approaches to access
control and accountability type schemes. Both are useful but in the long
term the way to make the system stable is by establishing the right
accountability mechanisms.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf