On 12/10/09 06:25 -0400, Larry Seltzer wrote: >As a general matter nothing would trigger it. It goes into effect >immediately. Are you asking what constitutes an infected user? We'd have >to define that, but it's not the right question for this discussion >unless you think it's impossible to define. Is it?
Essentially that's what I'm suggesting. At what point would the ISP be responsible to act? >>> You don't mention SPAM, perhaps intentionally... > >A customer sending out spam bot-like sounds like a trigger to me. Then you'll have to legally define SPAM. >>> I would contend that, for the most part, infected PCs are not an ISP >problem, but the customer's problem. > >Think of it as an Internet public health problem, and the ISPs are in >the best position to isolate the patients. That's probably true - I just don't think a law is the best approach here. Education is. >>>2) Replacing SMTP with something sane and secure. SMTP has got to be >IETF's >biggest failure. > >Serious efforts at that many years ago (MARID) essentially failed. > >>>3) Doing what we can to develop and increase our participation in a >public >key infrastructure and IPSEC. > >Voluntarily? In what century will that happen? Well, #3 would go a long ways towards solving #2. I'm quite optimistic this will happen in the next 10 years. As DNSSEC gets deployed, IPSEC will become more than just a pipe dream (RFC 4025). But it's going to be a very bumpy road getting there, I'll grant you that. -- Dan White _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
