> Assuming no time, money, people, etc resource constraints; securing the > Internet is pretty simple. > > 1. Require all providers install and manage firewalls on all subscriber > connections enforcing source address validation. > > 2. Prohibit subscribers from running services on their own machines. Only > approved provider managed servers should provide services to users. > > 3. Prohibit direct subscriber-to-subscriber communication, except through > approved NSP protocol gateways. Only approved NSP-to-NSP proxied traffic > should be exchanged between network providers. > > Are there some down-sides? Sure. But who really needs the end-to-end > principle or uncontrolled innovation.
i can see how the end to end principle applies in cases 2 and 3, but not 1. -- Paul Vixie