[80232] in North American Network Operators' Group
Re: Schneier: ISPs should bear security burden
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Apr 27 13:40:04 2005
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Wed, 27 Apr 2005 03:09:06 GMT."
<20050426.200918.11519.516537@webmail04.lax.untd.com>
Date: Wed, 27 Apr 2005 13:39:26 -0400
Errors-To: owner-nanog@merit.edu
In message <20050426.200918.11519.516537@webmail04.lax.untd.com>, "Fergie (Paul
Ferguson)" writes:
>
>
>I've been there -- I know how I feel about it -- but I'd love
>to know how ISP operations folk feel about this.
>
>Links here:
>http://www.vnunet.com/news/1162720
>
At a recent forum at Fordham Law School, Susan Crawford -- an attorney,
not a network operator -- expressed it very well: "if we make ISPs into
police, we're all in the ghetto".
Bruce is a smart guy, and a good friend of mine, but he's not a network
operator or architect. There are a small number of times when
operators can, should, and -- in a very few cases -- act, but those
are rare. The most obvious case is flooding attacks, since they represent
an abuse of the network itself; operators also have responsibility for
other pieces of the infrastructure they control, such as (many) name
servers.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
