Anonymity and accountability are not incompatible. On Slashdot I have
accountable anonymity. If I write a bunch of rubbish my karma score will
quickly fall. If I want to build a reputation I have to post good stuff.
The point where I do not want anonymity is when I am engaged in some sort of
financial transaction. If an EBay seller deliberately sends me fraudulently
misrepresented goods or fails to send the goods at all I want the full force of
the law to come down on them, civil and criminal.
Nor is accountability necessarily at the individual level. I don't want to hold
Keith Moore responsible for not hosting a bot performing a SYN flood DoS. I
want to hold his ISP accountable for not letting the packets corrupt the rest
of the Internet.
Cisco, Netgear, Motorola and Microsoft could stop 95% of the DoS problem from
domestic networks which buy a new network interface box for virtually no cost.
Just put an on-by-default option into every modem and NAT device that performs
control channel capping. If the default was that the boxes blocked more than X
SYN messages in an hour a value of X can be chosen that does not affect
legitimate users but reduces the value of the bot on the trading boards
effectively to zero, thus almost eliminating the incentive for the perp to
attack the machine in the first place.
Holding individual users accountable is an expensive and difficult proposition.
The focus of the Accountable Web must be on the parties that can make the
biggest difference.
If I can't get the NAT box makers to listen directly I will get the ISPs to put
a requirement for control channel capping in their RFPs.
I don't think there ever was a time when anyone seriously sugested allowing an
anonymous network operator. Attempts to do this have mostly been by spammers.
-----Original Message-----
From: Keith Moore [mailto:moore(_at_)cs(_dot_)utk(_dot_)edu]
Sent: Thursday, July 13, 2006 2:46 AM
To: Nathaniel Borenstein
Cc: Harald Alvestrand; Hallam-Baker, Phillip; ietf(_at_)ietf(_dot_)org;
mat(_at_)cisco(_dot_)com; Eliot Lear
Subject: Re: The Accountable Web RE: not listening
It would be good if we had a clear, non-technical statement showing
how the IETF is working on technologies which, in the long run, can
help with tracing and apprehending the bad guys while
preserving privacy.
As far as I can tell, the threats to individuals that result
from traceable network transactions are at least as great as
the threats that result from anonymity. We need to be
thinking in terms of balancing the risk from those two kinds
of threats. This is hard because the relationship between
the two kinds of threat varies from one place to another and
from one time to another.
So while we can make a non-technical statement that
protecting kids and privacy are both good things, as
engineers we should realize that things aren't nearly so simple.
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf