Slashdot Mirror
Should the Internet Be Secure By Default? (esecurityplanet.com)
darthcamaro writes:
There are lots of tools and different secure protocols that could be used by internet service providers to embed security into the fabric of the internet, making the internet secure by default, but that's not something that Facebook's Chief Security Officer, Alex Stamos wants to happen. Instead of security by default, his view is that carriers should be neutral and let malicious traffic do whatever it wants.
"I believe strongly in the end-to-end principle, I think we should have neutral carriers in the middle and it should not be the responsibility of ISPs to secure the internet," Stamos said in a press conference at the Black Hat USA conference last week.
Slashdot reader Darth Technoid disagrees, calling a lack of security "the Original Sin of the Internet," and speculating that Vint Cerf and Bob Metcalfe "thought that future technology would resolve the issues." What do other Slashdot readers think?
Should the internet be secure by default?
"I believe strongly in the end-to-end principle, I think we should have neutral carriers in the middle and it should not be the responsibility of ISPs to secure the internet," Stamos said in a press conference at the Black Hat USA conference last week.
Slashdot reader Darth Technoid disagrees, calling a lack of security "the Original Sin of the Internet," and speculating that Vint Cerf and Bob Metcalfe "thought that future technology would resolve the issues." What do other Slashdot readers think?
Should the internet be secure by default?
The revisionists claiming that those who designed the Internet were at fault for not predicting future deficiencies should return to using the OSI networks like X25 that were indeed conceived with every imaginable contributor's input -- but that were so unwieldily that they lost out to IP even with the weight of national every national telecom operator behind them. The AT&Ts the France Telecoms, the BTs, etc, all told us that IP was badly adapted to real world and that it would be quickly replaced with "proper" and "secure" OSI networks.
Not encumbering IP with "solutions" to every future possible problem is in large part why we are using IP today, & not X25.
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
If you can define what that means. But that's not even what the guy is saying. He's saying ISPs shouldn't be in charge of securing customers computers or traffic.
If you imagine what a "secure by default" Internet would do for you, it would protect you from any unintended consequences from your actions. Now imagine how good ISPs would be at doing that for you. Most of them can barely run their own networks competently, much less understand their customers' businesses.
ISPs certainly have a role in responding to certain kinds of cyber attacks, like DDOS, or attacks on DNS infrastructure. But they don't really have the ability to protect customers from themselves.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I attended a presentation on the ARPAnet in the early 1970's and I asked about encryption. I was told they were not including encryption because doing so would mean the entire project would be classified and they very much wanted to avoid that (this was a few years before DES was released). They also said that DOD intended to encrypt each communication link (link encryption) in its network, which would also protect against traffic analysis.