On Sat, Dec 05, 1998 at 03:15:57PM -0500, Barry Shein wrote:
On December 5, 1998 at 14:01 karl@denninger.net (Karl Denninger) wrote:
On Sat, Dec 05, 1998 at 02:38:57PM -0500, Barry Shein wrote:
One possible positive effect (for the consumer) of "per-bit" pricing is the opportunity to buy larger pipes but only pay for what you use.
The other possible effect is that you buy one of these, and then someone launches a DOS attack at you and you get the bill for it.
The economic impact of this should not be underestimated. Per-bitrate pricing is a problem as long as the receiver pays for the receipt of transmissions they may not have solicited.
Well, a paraphrase of the above is: We must engineer the net to keep the cost of criminal activities to a minimum so we can continue to avoid solving the underlying issue.
That's not ridiculous, it may even be an unavoidable factor, but it's still somewhat sad.
Yep. It is sad. However, as long as we permit people to source traffic without cost and do so through proxies, this problem will exist. This is the primary argument AGAINST anonyminity on the Internet. Your activities, anonymous or not, are not without cost to others. The entire premise that you have a right to "anonymous speech" is based upon the fact that you do not directly harm others economically or otherwise be exercising it. However, on the Internet, this is simply not true. "Recipient pays" is a part of ALL Internet service, and always has been in one fashion or another - even when the majority of traffic was moved via modems in the 1980s and early 90s. Note that this is VERY different from the phone or postal service networks, both of which are nearly 100% SENDER pays. The exception is cellular service, and there it is a CRIMINAL ACT to call a cellular phone on an "unsolicited" basis - that is, to cost-shift where there is a reasonable probability that the cost is unwanted. Further all phone traffic is authenticated and can be traced to the source; "spoofed traffic" (beyond activity which is per-se criminal such as cloned cellular phones) doesn't exist. If all transmissions had to be identifyable as to their source, and chargeback capability was included (ie: if you spam me, I can charge the transmission back to you - likewise if you ping-flood me) then the problem would go away. But doing this requires strong authentication and non-denyability of the transmission itself, which flies in the face of those who scream for the ability to source anonymous traffic of one form or another. That engineering standards have not already stabilized to prohibit sourcing of traffic with spoofed source addresses, enforced by the providers themselves, is very much a telling factor here. There wouldn't BE a DOS problem on the Internet via-a-vis ping floods, SYN floods, etc. if the provider community refused to permit a connection to be made without airtight packet source filters which prohibited the transmission of data with unauthorized source addresses. Add to that a "chargeback" mechanism (that is, refutation of authorization for the transmission) and per-bit pricing can work. Absent BOTH of those on a worldwide basis and I could never justify recommending to anyone that they accept such a pricing system. - -- Karl Denninger (karl@denninger.net) http://www.mcs.net/~karl I ain't even *authorized* to speak for anyone other than myself, so give up now on trying to associate my words with any particular organization.