lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200405121746.i4CHkWUn006324@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Wireless ISPs 

On Wed, 12 May 2004 10:13:35 PDT, "Schmidt, Michael R." said:

> How hard would it be to have a few companies start a "secure" Internet?  All
> access is by licensed know individuals.  No more hacking, no more slacking.  If

You know.. the Internet *did* start that way.  When there were 4 IMPs and 6
machines on the net, they *did* know every user.  I know people who have been
in meetings where *every single* user of NCP (the predecessor of TCP/IP) was in
the room.

But then something happened - users.  When you get to dozens of sites and
hundreds of users, you can't call the user at the other site and tell them to
cut it out - you have to call the admin at the other site and ask them to find
the user in question and do something about them.

And that model is still (basically) how the Internet is run today, 20 years
later.  

The problem is that the concept of "licensed known individuals" doesn't scale
well at all.  What *real* trust do I have in the "license" of some user in
Saskatchewan?

You can't use the "but everybody has a driver's license" model - that model is
broken as well.  You show me a college town where it's in the least bit
difficult for a freshman to get a driver's license sufficiently good to get
them into a bar.

And remember - an ID card wouldn't have stopped the 9/11 attacks either. Two of
the hijackers had *official* Virginia driver's licenses - obtained from a
bribed DMV employee.

A driver's license check doesn't stop serious crooks - it only makes sure that basically
honest people *stay* honest.  And in the liveware world, that's good enough - there's
only some 200,000 people within an hour's drive of the local supermarket, so anybody
who's writing a check is probably a local, and probably honest.  So you can afford
to swallow the losses from the 10 people within driving distance that are dishonest,
because you don't have to worry about dishonest people driving from Chicago,
Los Angeles, Paris, and Zimbabwe to write a bad check for 3 bags of groceries.

You don't have that luxury on the internet - all 600 million users are within
driving distance.

> we don't know you, then you don't get access.

Scaling "we don't know you" to hundreds of millions of people doesn't
work well.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040512/86461cc0/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ