[discuss] Who is responsible for security
roland at internetpolicyagency.com
Fri Jan 17 18:16:54 UTC 2014
In message <22.214.171.124.2.20140117064844.0b9b0408 at resistor.net>, at 08:18:58
on Fri, 17 Jan 2014, S Moonesamy <sm+1net at elandsys.com> writes
>>Anything that's not on the edge.
>There has been a move from the open access approach due to the level of
>abuse. It was initiated by groups not represented on this mailing
>list. One of the issues is that nobody takes responsibility for "not
>on the edge" security. It is only after the problem gains prominence
>that a national authority (or body) will step in to find a solution.
>One or more standards are published. Nothing much gets done after that
>unless some informal group considers the problem as acute or there is
>money to be made. The next problem happens and the usual path is followed.
>Consumers ends up paying the price for all this. In some countries
>consumers have some sway in the political process to bring the problems
>to the attention of the authorities. In some countries consumers have
>little or no sway in the political process due to lack of interest,
>lack of accountability, or because the system works against them.
And the measures that ISPs could take are not restricted to technical
ones. ISPs tend to be over-represented on lists like this by their
There's a lot ISPs could do by refraining to provide service to
organisations of doubtful repute (that's the sales department), and
co-operating more with law enforcement when it comes to identifying bad
actors (that's the legal department).
More information about the discuss