[80291] in North American Network Operators' Group
Re: Schneier: ISPs should bear security burden
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Thu Apr 28 10:08:25 2005
In-Reply-To: <Pine.CYG.4.58.0504280842430.3260@citabria>
Cc: NANOG list <nanog@merit.edu>
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Thu, 28 Apr 2005 16:06:00 +0200
To: Adi Linden <adil@adis.on.ca>
Errors-To: owner-nanog@merit.edu
On 28-apr-2005, at 15:53, Adi Linden wrote:
>> Hey, if you've got customes willing to shell out for that, then more
>> power to you. However, I'm not (and won't be) one of those
>> customers.
>> I'm willing to take responsibility for protecting my systems and
>> choosing
>> what traffic I do and don't want. I don't want someone else doing it
>> for me.
> Hmmm... when you're driving on a public street there is certain safety
> equipment you are required to have and use. You're paying more for
> your
> vehicle because of seatbelts, airbags and all the other things that
> are
> supposed to lessen the impact of an accident. Even if you're an expert
> driver, you don't have the privilege of not paying for these features.
And how exactly does that translate to the online world?
Despite the safety and environmental regulations and the fact that
you have to have a driver's license and insurance (at least here in
NL), there is no requirement that your locks are industrial strength.
Or that your car can be locked at all, for that matter.
The fact that a compromised computer doesn't really hurt you all that
much in the real world is exactly the reason why so many users don't
care about security. When driving a car they at least have to be
drunk to reach that level of carelessness.
