On Thu, 24 Jan 2008, Fred Baker wrote:
I still think IP+timestamp doesn't imply what person did something
it doesn't, no any more than the association of your cell phone with a cell
tower conclusively implies that the owner of a telephone used it to do
something in particular. However, in forensic data retention and wiretap
procedures, the assumption is made that the user of a telephone or a computer
is *probably* a person who normally has access to it.
Data retention and LEO compliance are serious issues for network
authorities to handle. The original topic was about IP addresses, though.
I'd like to try and go there from a different angle.
IP addresses however, "belong" to (allocated..) authorities such as
ISPs, and I would personally like to see some better AUP on what is
allowed to come from these. Practically.
I'd like to see some larger effort to make network reputation happen,
whether in making sure connections come from the real authority (BCP38 and
similar) or to be able to deny a network connectivity to our own back
yard.
I am not going for the "user activity is an ISP's responsibility" but
rather than a "misbehaving network should be treated as such". For
whatever definition of misbehaving we can accept. I want this to be more
about what this can do for us rather than some "this will be abused so
let's not do it" civil society discussion.
At first glance this appears off-topic for the thread, but operationally
network reputation and ownership is much more relevant than if people's
rights are being walked all over.
Security is a strong supporter of privacy as much as it is misused
as an excuse for infringing upon it.
Considering possibilities, other than avoiding spoofing, what would
network reputation which is reliable help us do operationally?
Gadi.