[unisog] Educating Users

Gary Flynn flynngn at jmu.edu
Wed Aug 8 22:18:56 GMT 2001


Paul L Schmehl wrote:
> 
> We need a new paradigm.  Something which says "networks" are responsible
> for their output.  This would place the onus on a "network" to ensure that
> what goes out isn't harmful to the "community".  After all, the entire
> Internet is predicated on RFCs, which aren't rules but suggestions.  Why
> couldn't a new RFC be proposed that required "networks" to take
> responsibility for their output?  If everyone did, the problem would be
> quickly solved, I think.

I think there are already RFCs for proper operation of Internet
connected systems.

Maybe network connections should come with revokable licenses.
Then an organization whose computers caused too much trouble would
be in jeopardy of having their Internet connection license
revoked. That might alter priorities :)

*If* all ISPs (and their respective governments) worldwide could agree 
to it, we could have some sort of testing, licensing, and enforcement.
Maybe it would look something like this (patterned over what I remember
of FCC amateur and commercial licenses):

Class A Amateur Internet License: 

 Anonymous web based test
 Limited to dial-up ISP connections
 No incoming TCP connections (of course some folks would
   quickly develop equivalent UDP for common services
   but its the thought that counts :)

 The end result would be that everyone could still instantly
 connect to the Internet but would at least have to go through
 a minimum of testing and would also be subject to license
 suspension under agreed upon conditions.

 While easy to work around by varying billing addresses and
 names, a repeat offender would soon find it harder and harder
 to hop from ISP to ISP (except through compromised computers
 of course :(

 Someone found guilty of compromising a computer would have
 their license suspended for a lengthy period of time and
 connecting without a license would have penalties similar to
 driving without a driver's license or operating a pirate radio 
 station.

Class AB Amateur Internet License

 Authenticated web based test
 High speed, dedicated line access
 No servers allowed. (Don't ask me if Napster, Gnutella, etc. qualify
   for servers here. I haven't thought it through that far :)
 
Class B Amateur Internet License:
 
 Authenticated web based test
 Non-commercial use only. Hobbyist oriented.
 Servers allowed. 
 
Class C Commercial Internet License:

 Authenticated web based test
 Required for any commercial service.
 Not allowed to perform cash transactions or handle
   sensitive information (including privacy data).
 All server work for organization required to be performed by engineer
   holding Class C license.

Class D Commercial Internet License:

 Proctored test
 Required for commercial services handling cash transactions or
   sensitive information (including privacy data). 
 All server work for organization required to be performed by engineer
   holding Class D license.
 Subject to regular remote or onsite inspections.

Class E Commercial Internet Group License: 

 Receiving organization responsible for education, testing, monitoring, 
   and enforcement. A poorly maintained machine or an employee that 
   continually caused problems would jeopardize the organization's 
   network license and that would certainly lead organizations to 
   take education, machine maintenance, and responsible behavior 
   seriously.

All licenses subject to suspension of various periods depending
upon offense.

Doesn't sound like much fun. Shoot, we'd have to create a big
infrastructure and beauracracy. I really do like the wild west
environment better. Why can't we all just get along? :)

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml



More information about the unisog mailing list