Should the Internet Be Secure By Default?

darthcamaro writes: There are lots of tools and different secure protocols that could be used by internet service providers to embed security into the fabric of the internet, making the internet secure by default, but that's not something that Facebook's Chief Security Officer, Alex Stamos wants to happen. Instead of security by default, his view is that carriers should be neutral and let malicious traffic do whatever it wants.

"I believe strongly in the end-to-end principle, I think we should have neutral carriers in the middle and it should not be the responsibility of ISPs to secure the internet," Stamos said in a press conference at the Black Hat USA conference last week.
Slashdot reader Darth Technoid disagrees, calling a lack of security "the Original Sin of the Internet," and speculating that Vint Cerf and Bob Metcalfe "thought that future technology would resolve the issues." What do other Slashdot readers think?

Should the internet be secure by default?

It would never work...

[MikeDataLink]

If they had built encryption in from the beginning it would have been obsoleted long ago. Would you still want to be running WEP? Then we'd all have to upgrade our routers every year to stay on the latest encryption that hasn't been compromised. Having endpoint to endpoint encryption is the right answer.

And if that's not enough, we need an open and free internet and we need carriers to not be messing with any of my bits and bytes.

Re:It would never work...

[DontBeAMoran]

My ISP has met the proposal half-way: depending on the situation, they don't do anything with the zeroes but they might filter the ones.

Re:It would never work...

[Arnold+Reinhold]

I attended a presentation on the ARPAnet in the early 1970's and I asked about encryption. I was told they were not including encryption because doing so would mean the entire project would be classified and they very much wanted to avoid that (this was a few years before DES was released). They also said that DOD intended to encrypt each communication link (link encryption) in its network, which would also protect against traffic analysis.

Go back to X25

[phayes]

The revisionists claiming that those who designed the Internet were at fault for not predicting future deficiencies should return to using the OSI networks like X25 that were indeed conceived with every imaginable contributor's input -- but that were so unwieldily that they lost out to IP even with the weight of national every national telecom operator behind them. The AT&Ts the France Telecoms, the BTs, etc, all told us that IP was badly adapted to real world and that it would be quickly replaced with "proper" and "secure" OSI networks.

Not encumbering IP with "solutions" to every future possible problem is in large part why we are using IP today, & not X25.

Define "security."

[ErikTheRed]

Security means different specific things in different specific contexts. Security in transit, which seems to be what this is focusing on, is mainly a defensive step against nation-states. Most of us don't worry horribly about organized crime tapping Internet backbone switches - for now that's the domain of intelligence and military organizations. At that point the entire conversation veers off from science into philosophy - the proper role of the state (if any) in monitoring communications for stuff it doesn't like. This tends to break down better on the newer and cleaner authoritarian / libertarian axis than it does the older and more muddled conservative / progressive axis. Authoritarians want more control so that they can implement and enforce their agendas. Libertarians want less control because they (generally) believe that authoritarian structures - even those created and begun with the best of intentions - eventually get taken over by thugs and then are used for totalitarian purposes.

Sure it should be secure by default.

[hey!]

If you can define what that means. But that's not even what the guy is saying. He's saying ISPs shouldn't be in charge of securing customers computers or traffic.

If you imagine what a "secure by default" Internet would do for you, it would protect you from any unintended consequences from your actions. Now imagine how good ISPs would be at doing that for you. Most of them can barely run their own networks competently, much less understand their customers' businesses.

ISPs certainly have a role in responding to certain kinds of cyber attacks, like DDOS, or attacks on DNS infrastructure. But they don't really have the ability to protect customers from themselves.

Yes, but not by embedding it in the network

[Todd+Knarr]

The problem with embedding security protocols in the network itself is the same one we've seen with network capacity: the providers have little incentive to upgrade once they've invested in the initial roll-out. If we embed security at the level of the ISPs and backbone providers, we'll have a massive problem when that security is inevitably broken (whether by malicious action or simply advances in computing power making the algorithms it uses obsolete). We'd also likely see major abuses, either by laziness (your Linux OS isn't supported, we won't allow it to connect) or greed (good-bye routers, you'll have to connect computers directly for security to work and that means paying per computer to connect them). Good-bye having your own domain, for security all email has to be routed through your ISP's mail servers which only support your ISP's email addresses or you'll have to use webmail interfaces which also put you at the mercy of a mail provider (eg. no S/MIME signed/encrypted email unless your mail provider supports it and you give them your private key). And in general I distrust any claims that ISPs and backbone carriers will implement any kind of security correctly, they won't even implement current security measures like spoofed-address filtering.

And what kind of security would we gain? This idea can't protect us from malicious actors gaining network access, ISPs can still sign up customers and there'll always be ISPs who can be fooled by false IDs or who won't look too closely at the background of a customer offering them money. It can't protect us from false identity claims, see above. It can't protect us from malicious content, we've already seen that in the way new exploits get past software designed for the sole purpose of detecting malicious content.

I'm fine with the network enforcing things like default encryption of traffic, but it should be a case of IP-level protocols requiring endpoints to encrypt traffic (eg. all IPv6 traffic requires AH and ESP or the routers will reject it). Authentication should be done directly between the parties that need to authenticate, eg. your email provider issues x.509 certificates for it's users certifying they're who they claim to be (or at least own the address they're using), DNS registries issue certificates certifying that an email provider or mail server operator controls the domain name they're using to send email and so on. Example: if I'm operating my own mailserver for silverglass.org, I'd create my own master issuing certificate and get it signed by either my domain registrar (who'd be using a certificate signed by the registry) or the .org registry saying that my certificate is good for issuing certificates within the silverglass.org domain. Then part of turning on a new mail user would be me issuing them a certificate valid for the email addresses they've asked for. I'd also be issuing the server certificates for my own mailservers. During email handling (receiving a message from my server or delivering a message to it) one check would be "Is this server's certificate valid for the relevant domain for the message?". When you signed or encrypted email messages, you'd do so using a certificate I'd issued to you (saying "This is the true owner of the email address sending this message.") or another one issued by a party who knows your identity (eg. one from your employer saying "This is really our employee and he's shown us ID proving he's really X."). And as far as malicious content goes, well, we already have AV software in use but I've found that the only people who don't have a problem with malware are the ones who refuse to directly handle content from outside or unknown/unexpected sources. The only solutions I have are a) use less complex formats that don't require hairy error-prone code to parse and b) run programs that access that content in a VM that doesn't have unmediated system access (most OSes now are capable of running lightweight VMs or containers). No, languages won't solve the problem of vulnerabi

More useful

[Anne+Thwacks]

It would be far more useful to have another Internet with no advertising at all even if we had to pay for it. Like Fidonet was.

You can't actually find stuff on the Internet any more, because the first 2,500 search results do not even contain the search terms you used, but things you might conceivably been thinking of buying if you were someone else in a parallel universe.

If you want "secure" as in privacy you might want to write it on paper and carry it there in person. I would suggest you avoid putting it in an electronic format of any kind.

You might also wish to buy a tin foil hat from my Ebay shop - in case the thoughts leak from your brain.