"> I do not think it is appropriate for ISPs to have to prove or demonstrate the
legitimacy of their customer base"
Here is the exact point of contention and the point where I think people disagree. ISPs are the **first** line of defense against malware and badware. They are the ones closest to the customer and best able to "whack-a-mole". For those ISPs that do cater to a high proportion of bad actors, I quite rightly want them to demonstrate their legitimacy. By peering with them, there is a trust relationship formed... if there is a question that goes right to the heart of that trust, they ought to answer it, otherwise they ought to be de-peered as well. On Mon, Sep 8, 2008 at 1:25 PM, Matthew Petach <mpetach@netflight.com> wrote:
On 9/8/08, Gadi Evron <ge@linuxbox.org> wrote:
On Sun, 7 Sep 2008, InterCage - Russ wrote: Thank you Russ. That is a great step in the right direction dropping this one client. It is appreciated, although it's just one bad apple on a big tree.
However, I don't want to pick on you, so let's reframe the subject:
What do you suggest for the next move?
Well, perhaps you can share any information with us on a legitimate client you have?
I do not think it is appropriate for ISPs to have to prove or demonstrate the legitimacy of their customer base. As a legitimate customer of an ISP, I would be *highly* incensed if my privacy were to be violated simply to provide "proof" that the ISP had legitimate clients.
The notion of "innocent until proven guilty" I think is a much better model for us to work with. If you find clear miscreants, and have data to back it up, then a call for cleaning up the miscreants is somewhat acceptable, though I worry that we may descend into a witch hunt if this is taken too far to the extreme. However, a call to "prove your innocence" is entirely uncalled for, and opens ISPs up to being caught on the horns of a very nasty dillemma; either to maintain their customer's privacy, and be labelled as an evil, nasty, non-cooperative provider that must therefore be guilty, by their very dint of failure to prove their innocence; or, reveal their law-abiding, legitimate client information, and and then quickly lose those clients when they realize their records are no longer considered private at that ISP.
If you have proof of clients engaging in illegal practices, then it is appropriate to go after those clients. But leave the legitimate clients alone.
*putting down his pitchfork and torch, and walking away from the mob*
Matt