Assuming no time, money, people, etc resource constraints; securing the Internet is pretty simple.
1. Require all providers install and manage firewalls on all subscriber connections enforcing source address validation.
2. Prohibit subscribers from running services on their own machines. Only approved provider managed servers should provide services to users.
3. Prohibit direct subscriber-to-subscriber communication, except through approved NSP protocol gateways. Only approved NSP-to-NSP proxied traffic should be exchanged between network providers.
Are there some down-sides? Sure. But who really needs the end-to-end principle or uncontrolled innovation.
i can see how the end to end principle applies in cases 2 and 3, but not 1. -- Paul Vixie