North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: More Sidgemore on per-bit pricing

  • From: Karl Denninger
  • Date: Sat Dec 05 15:53:48 1998

On Sat, Dec 05, 1998 at 03:15:57PM -0500, Barry Shein wrote:
> 
> On December 5, 1998 at 14:01 [email protected] (Karl Denninger) wrote:
>  > On Sat, Dec 05, 1998 at 02:38:57PM -0500, Barry Shein wrote:
>  > > 
>  > > One possible positive effect (for the consumer) of "per-bit" pricing
>  > > is the opportunity to buy larger pipes but only pay for what you use.
>  > 
>  > The other possible effect is that you buy one of these, and then someone
>  > launches a DOS attack at you and you get the bill for it.
>  > 
>  > The economic impact of this should not be underestimated.  Per-bitrate 
>  > pricing is a problem as long as the receiver pays for the receipt of 
>  > transmissions they may not have solicited.
> 
> Well, a paraphrase of the above is: We must engineer the net to keep
> the cost of criminal activities to a minimum so we can continue to
> avoid solving the underlying issue.
> 
> That's not ridiculous, it may even be an unavoidable factor, but it's
> still somewhat sad.

Yep.

It is sad.

However, as long as we permit people to source traffic without cost and do
so through proxies, this problem will exist.

This is the primary argument AGAINST anonyminity on the Internet.  Your
activities, anonymous or not, are not without cost to others.  The entire
premise that you have a right to "anonymous speech" is based upon the fact
that you do not directly harm others economically or otherwise be
exercising it.

However, on the Internet, this is simply not true.  "Recipient pays" 
is a part of ALL Internet service, and always has been in one fashion 
or another - even when the majority of traffic was moved via modems
in the 1980s and early 90s.

Note that this is VERY different from the phone or postal service
networks, both of which are nearly 100% SENDER pays.  The exception is
cellular service, and there it is a CRIMINAL ACT to call a cellular 
phone on an "unsolicited" basis - that is, to cost-shift where there 
is a reasonable probability that the cost is unwanted.  Further all
phone traffic is authenticated and can be traced to the source; 
"spoofed traffic" (beyond activity which is per-se criminal such as
cloned cellular phones) doesn't exist.

If all transmissions had to be identifyable as to their source, and
chargeback capability was included (ie: if you spam me, I can charge 
the transmission back to you - likewise if you ping-flood me) then
the problem would go away.  But doing this requires strong authentication
and non-denyability of the transmission itself, which flies in the face
of those who scream for the ability to source anonymous traffic of one 
form or another.

That engineering standards have not already stabilized to prohibit
sourcing of traffic with spoofed source addresses, enforced by the
providers themselves, is very much a telling factor here.

There wouldn't BE a DOS problem on the Internet via-a-vis ping floods, 
SYN floods, etc. if the provider community refused to permit a connection
to be made without airtight packet source filters which prohibited the
transmission of data with unauthorized source addresses.

Add to that a "chargeback" mechanism (that is, refutation of authorization
for the transmission) and per-bit pricing can work.

Absent BOTH of those on a worldwide basis and I could never justify
recommending to anyone that they accept such a pricing system.

-
-- 
Karl Denninger ([email protected]) http://www.mcs.net/~karl
I ain't even *authorized* to speak for anyone other than myself, so give
up now on trying to associate my words with any particular organization.