Many of us have agreed that, for competitive reasons, it's not possible
for ISPs to lock infected users out of a network. I'd like to suggest a
crazy idea for your reaction: A law governing ISPs that sets rules for
these situations. It sets rules for how they can and should contact
users about susp
>> And what would trigger this law? SPAM? a port-scan? A high bandwidth
attack on another network?
As a general matter nothing would trigger it. It goes into effect
immediately. Are you asking what constitutes an infected user? We'd have
to define that, but it's not the right question for this dis
On 11/10/09 22:29 -0400, Larry Seltzer wrote:
>Many of us have agreed that, for competitive reasons, it's not possible
>for ISPs to lock infected users out of a network. I'd like to suggest a
>crazy idea for your reaction: A law governing ISPs that sets rules for
>these situations. It sets rules fo
On 12/10/09 06:25 -0400, Larry Seltzer wrote:
>As a general matter nothing would trigger it. It goes into effect
>immediately. Are you asking what constitutes an infected user? We'd have
>to define that, but it's not the right question for this discussion
>unless you think it's impossible to define
On Sun, Oct 11, 2009 at 10:29:05PM -0400, Larry Seltzer wrote:
> Many of us have agreed that, for competitive reasons, it's not possible
> for ISPs to lock infected users out of a network. I'd like to suggest a
> crazy idea for your reaction: A law governing ISPs that sets rules for
> these situati
On Sun, 11 Oct 2009 23:31:08 CDT, Dan White said:
> 1) Educating users on proper use of anti-virus and anti-malware tools - and
> being ADHD about installing OS updates.
No, you *don't* want them being ADHD about OS updates. You want them
to be obsessive-compulsive about it. Somebody wit OCD wil
On 13/10/09 09:02 -0400, valdis.kletni...@vt.edu wrote:
>On Sun, 11 Oct 2009 23:31:08 CDT, Dan White said:
>> 3) Doing what we can to develop and increase our participation in a public
>> key infrastructure and IPSEC.
>
>Unfortunately, most of the problems we have would *not* be fixed with more
>cr
I'll make a broad philosophical statement here Whee
I think at the heart of our headache is that we're all technologists
on this bus (with the exception of the lawyer, maybe). So we see
these as technological problems - you replace the strut, patch the
code, whatever, and the system
On Oct 13, 2009, at 9:02 AM, valdis.kletni...@vt.edu wrote:
> On Sun, 11 Oct 2009 23:31:08 CDT, Dan White said:
>
>> 1) Educating users on proper use of anti-virus and anti-malware
>> tools - and
>> being ADHD about installing OS updates.
>
> No, you *don't* want them being ADHD about OS update
On Tue, Oct 13, 2009 at 09:27:46AM -0500, Dan White wrote:
> Sure it would. The idea of an IPSEC enabled PKI is that you have end-to-end
> security, with perhaps many untrusted networks in the middle. It means
> two-way trust.
Which is a nice idea, but increasingly meaningless in a world where th
On 13/10/09 10:58 -0400, Rich Kulawiec wrote:
>On Tue, Oct 13, 2009 at 09:27:46AM -0500, Dan White wrote:
>> Sure it would. The idea of an IPSEC enabled PKI is that you have end-to-end
>> security, with perhaps many untrusted networks in the middle. It means
>> two-way trust.
>
>Which is a nice id
On Tue, Oct 13, 2009 at 10:36:00AM -0500, Dan White wrote:
> There is a difference. SMTP is not based on end-to-end security. It's based
> on a chain of trust, and most of the chains have absolutely no security -
> if I send email to AOL, they pretty much have to trust me. I don't verify
> who I am
On 16/10/09 07:56 -0400, Rich Kulawiec wrote:
>If you're relaying spam, then it's [in part] *your* spam. Everyone involved
>in propagating and supporting abuse has to take a share of the blame:
>the spammer who paid for it, the botnet operator who generated it, the
>user who allowed their system t
On Fri, 16 Oct 2009 12:04:08 CDT, Dan White said:
> If I have a friend that gets caught up in a 100M+ zombie attack, then
> I'll just suspend my trust with that friend until he gets his act together.
> I'll probably get one SpAm from him, maybe two, before I get the idea.
>
> I should not be conc
On 16/10/09 13:57 -0400, valdis.kletni...@vt.edu wrote:
>Let me rephrase that a bit for you:
>
> If I have a friend that gets caught up in a 100M+ flu epidemic, then
> I'll just avoid contact with him until he gets better. I'll probably get
> one cough from him, maybe two, before I get the idea.
On Oct 16, 2009, at 1:04 PM, Dan White wrote:
> I'm proposing a little more thinking outside the box here. SMTP does
> need
> to go way, and be replaced by something better: Something that does
> not
> inherently suffer from the problems of SMTP today, but is based on
> something with better
On Fri, Oct 16, 2009 at 12:04:08PM -0500, Dan White wrote:
> So if I have a customer on Facebook that sends sPaM to another Facebook
> user (that happens to be using AOL), do I or AOL get the blame? No, even
> though we blindly relayed that message.
If you relay spam, then you share a measure of t
On Oct 17, 2009, at 5:32 AM, Rich Kulawiec wrote:
> On Fri, Oct 16, 2009 at 12:04:08PM -0500, Dan White wrote:
>> I'm proposing a little more thinking outside the box here. SMTP
>> does need
>> to go way, and be replaced by something better: Something that does
>> not
>> inherently suffer
18 matches
Mail list logo
