I can agree with that and Randy pointed out when these idea's were created and writen, security was not part of the overall plan because there were trusted parties on either end of the spectrum. I think that my intent was noble and I am glad I started a controversy, because this is an issue that needs to be addressed as we move forward with internet development and secure application development. Working for a telecomm/datacomm company gives me some insight into the problem, I am looking into it deeper from a hardware perspective, of designing a solution that goes on a board among other system's issues... Yeah I brainstorm too, and also being an end user client I think about the end result of no solution and people overwhelemed with issues that lead to no solution to people so overwhelmed they think legislating law can fix broken code. It does help when the architects give me insight to the issue and how immense it is and what to look at when I am determining the end result of any of my efforts. -henry --- Alex Bligh <alex@alex.org.uk> wrote:
--On 11 June 2004 14:18 -0700 Randy Bush <randy@psg.com> wrote:
the bottom line
o if you want the internet to continue to innovate, then the end-to-end model is critical. it means that it
If there is a lesson here, seems to me it's that those innovative protocols should be designed such that it is relatively easy to prevent or at least discourage "bad traffic". Because that's in the long run easier (read cheaper for those of you of a free market bent) than educating users in an ever changing environment. It would be a bit rich to criticize SMTP (for instance) as misdesigned for not bearing this in mind given the difficulty of anticipating its success at the time, but there is a lesson here for other protocols. I can think of one rather obvious one which would seem to allow delivery of junk in many similar ways to SMTP; hadn't thought of this before but we should be learning from our mistakes^Wprevious valuable experience.
Alex