And that is a problem. Unlike your electricity, where the supplier has an obligation to provide a certain level of clean energy, there is nothing like it with internet bandwidth. All the crud and exploits are dutyfully forwarded to the customer.
Clean internet service is internet service that delivers only valid IP datagrams. Most internet service is clean internet service. Any internet service that looks above layer 3 to make forwarding decisions is not clean internet service.
Perhaps this is where our opinions greatly differ. If I am a customer with my own block of routable ip space I agree with you 100%. But this about the average home user that receives a dynamic ip leased from the ISP. Clean internet is more than just valid IP datagrams to my IP address. If I connect to my ISP and do nothing beyond that, not a single packet, I expect to not receive any packets either. If I initiate a GET request to a web server I expect the webservers response to be returned unaltered. If I have an email account with my ISP I expect only valid email to be delivered to my email address. I consider this clean internet service from the perspective of the average home user.
I argue that this is way overboard. I don't believe anyone should require any particular knowledge to obtain an internet connection and use the internet. Instead internet needs to be available as a clean conditioned service for consumption by the clueless.
I agree that the IDL is overboard. I even agree with your second sentence. Consumers need to demand software which does not support these exploits from their software vendors. That is the real solution. The internet is a transport, just like the phone line coming into your home. Nothing prevents someone from making an obscene phone call to your house. The most common problem software today is like having a telephone that won't let you hang up on the prank caller, then, demanding that the phone company prevent those calls from coming in the first place.
As a telephone customer I expect to pickup the phone make a call and hang up. I expect to receive calls and hang up. If the phone crashes in the middle of a conversation I am not happy, if it cost me money because LD charges continue to apply I am even less happy. The manufacturer of the phone has a given set of specifications to work with and the phone company has a given set of parameters of what the signal of the phone line should look like. What if I call you and put an awful tone on the line that blows your eardrums, locks up your phone and causes it to dial on it's own and do the same to all your friend from your phone. As bonus you'll get a LD bill from the phone company for all the calls your phone made without your permission. Who's to blame? The phone company because they transmitted harmful signals? The phone manufacturer for building a phone without accounting for the possibility of this sound? The customer for picking up the phone? How do you prevent future events of this sort? Customer education? All of todays software has flaws, some more some less. While some of these flaws should simply not exist while others are an oversight. Many of the current exploits have one thing in common, malformed packets addressed at machines that never requested the packets they are receiving to begin with. Stopping these packets from reaching their target is just as important as having the target immune to the attack. The ISP provides a service to a customer, the ISP should be sensible to the customers requirements. If the customer requires clean internet service than this is what the ISP should strive for. This doesn't relieve the customer from being responsible (like opening any and every attachment received) but it is just another layer in reducing the enormous amount of garbage traffic we are seeing. Adi