[11393] in Commercialization & Privatization of the Internet
Re: Mosaic
daemon@ATHENA.MIT.EDU (Mark R. Ludwig)
Thu Mar 31 05:24:17 1994
From: "Mark R. Ludwig" <Mark-Ludwig@uai.com>
To: walkerl@iscmed.med.ge.com (Larry Walker)
Cc: com-priv@psi.com
In-Reply-To: <9403291624.AA14075@iscmed.med.ge.com>
from "Larry Walker" on Tue, 29 Mar 1994 10:24:36 CST.
Date: Wed, 30 Mar 1994 17:25:50 -0800
>>>>> Regarding re: Mosaic; walkerl@iscmed.med.ge.com (Larry Walker) adds:
Larry> Well, I'm embarrased to have to admit that I _haven't_ actually
Larry> used Mosaic hands-on myself yet, since we sit behind a firewall
Larry> here. I'm arranging to get access to an outside-the-firewall
Larry> machine and do a demo later this week. But meanwhile, I
Larry> received some email from the folks setting up the X.25-based
Larry> BBS pilot:
>Some of our objectives for this are:
>1) RAISE REVENUE....which entails being able to identify billables and
> customers. Also deliver electronic product safely
>2) Ensure private transactions to some customers...
>3) Make simple for customers and for us to administer.
>
>These are the items that popped into mind based on my experiences with
>the internet but I am hopeful you will demo away my fears...
Larry> I read this 2 or 3 times, and decided that I was dead meat.
Larry> There is no way I can see that Mosaic can allow us to segregate
Larry> information by customer, to assure that one customer can't see
Larry> information intended for another customer, or to track usage by
Larry> customer (and resource) to permit billing.
I realize you're not a networking guru, but I think you're operating
under a misunderstanding. It's very easy for your server to determine
which site is "calling," i.e., which customer site has connected, and
probably easy to thus control access.
Larry> I think this is a topic worth raising in com-priv: How can
Larry> commercial services be offered (today) if these requirements
Larry> cannot be met. And I think it seems like a fundamental problem:
Larry> IP is connectionless, and if my packets can get routed to/from
Larry> the Mosaic server, then I can get any info on that server,
Larry> right?
No, the server has information about you (well, technically, just your
host IP address), and could change its tune based on this. That IP is
connectionless is red-herring information. Mosaic (and almost all the
protocols which move substantial amounts of data) uses TCP, which
builds virtual connections on top of IP. I believe I'm safe in saying
that it's very hard, or even impossible, to pretend to be some other
host. At least I have never heard of any break-ins which operated by
pretending to be some other host. The way the Internet works makes it
very hard without physical access to the network where the client or
the server is connected. It might suffice to have access to one of
the routers along the way.
Larry> X.25 is a connection-oriented service, and the "server" can
Larry> permit access and track usage on a per-login basis.
Ahhh, "login" is something above the level I have described above
(which distinguishes IP addresses, and thus which host has connected).
It's possible with cooperation on your customer's part to also
determine which user at their site has connected to your server.
Larry> This seems to be a fundamental flaw in using the Internet for
Larry> commercial services today, and it seems as though that
Larry> fundamental flaw is rather inherent in the choice of IP as the
Larry> underlying protocol.
Again, I believe this is a red herring. A more realistic concern is
that the data stream can be "sniffed" but not disrupted (like a phone
tap), and if you're planning to distribute highly-confidential
information, you might want some encryption. I don't know if the
Internet is any worse in this regard than X.25 is.
Larry> All this is not news, it is inherent in the discussions that
Larry> have been going on here and elsewhere about commercialization
Larry> of the Net. But somehow it seems a lot more of a "Real Problem"
Larry> now that I've run into it from the bottom up, rather than just
Larry> reading theoretical, top-down discussions on an email-list...
"There must be 50 ways to leave a lover." -- Paul Simon
There must be 50 ways to solve these problems. Sorry, I couldn't resist.$$
--
INET: Mark-Ludwig@UAI.COM NIC: ML255 ICBM: USA; Lower Left Coast
"For crabby middle-aged movie critics, it was a pretty long night."
-- Jim Schweda reviewing _D2:_The_Mighty_Ducks_
