Re: Accountability

[JFC (Jefsey) Morfin]

At 16:01 21/07/2005, Hallam-Baker, Phillip wrote:

 So in the question of ingress filtering what I am looking at is
 mechanisms to create accountability.

 Just beware that accountability in an interdependence system
 can only based
 on the threat of retaliation. What means that you must be a
 little be more
 equal than you peers for it to succeed.

That is not true. Accountability must have consequences but
'retaliation' is a specific type of consequence that is generally
considered to be best applied as a last resort.


Sure, but in relations what count is the ultima ratio. Graduation is only 
politeness.



 Beware that whatever the accountability, when you are dead,
 you are dead.
 Your heirs can revenge you, but you failed your target.

Accountability is used in the security field in a very specific fashion
and with specific applications.

Clearly you want to apply traditional access control approach to running
a nuclear power station. But very few of the problems we are now
concerned with fall into that category. This is to be expected, the
problems for which access control is appropriate are essentially solved.

The problems we have today are of the form where an individual violation
is not that much of a concern but the aggregate violations are very much
a concern. Spam is a prime example, one spam is a nuisance, a thousand a
day makes email unusable.

The other characteristic of the problems we are now facing is that the
set of access criteria is not well defined. The question of what is spam
is clear to the reader but very hard to define in machine readable
terms.

We thus have two basic tools; fuzzy logic type approaches to access
control and accountability type schemes. Both are useful but in the long
term the way to make the system stable is by establishing the right
accountability mechanisms.


This is basic. I am not discussing that, but motivation and quality of the 
expected deliveries. By nature there is a threshold where you cannot accept 
the lacks of your partner. Whatever the threshold. Here is the problem. If 
you relate with only one partner (ally) your security depends on its 
priorities. If you relate with the intergovernance of your allies, his 
security will depend on your allies. So there will be possibilities for 
other solutions. So, what you name accountability mechanism is a part of 
what I name intergovernance, where retaliation threat is not even 
considered anymore, because it is impossible to leave security degrade. 
Difference between an alliance and a coalition.

jfc






___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

RE: Accountability

[Hallam-Baker, Phillip]

 This is basic. I am not discussing that, but motivation and 
 quality of the expected deliveries. 

I think you mis-understand the point I am maching. I do not propose that
the IEFT attempt to form  the type of political relationships that you
rightly state will be needed. Such relationships are established in an
organic fashion.

Instead I am saying that the technology must be designed to provide the
types information required for the accountability mechanism to function.


The difference in approach is seen in the design of BGP security
schemes. If you take the traditional access control approach you attempt
to design a system that prevents injection of bad information. If you
take the accountability approach you accept the possibility that a bad
route will be injected in return for reducing the cost of maintenance
and deployment. The objective is not to preclude injection of bad
information but to allow identification of the party responsible.

This approach is a lot more practical when one of the real world
constraints that you deal with in the Internetwork is the reluctance of
the carriers to take steps that would reveal details of their internal
network structure to third parties - regardless of whether their network
is already visible in this fashion.

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf