North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

network reputation [was: IP is...]

  • From: Gadi Evron
  • Date: Thu Jan 24 00:12:15 2008

On Thu, 24 Jan 2008, Fred Baker wrote:
I still think IP+timestamp doesn't imply what person did something

it doesn't, no any more than the association of your cell phone with a cell tower conclusively implies that the owner of a telephone used it to do something in particular. However, in forensic data retention and wiretap procedures, the assumption is made that the user of a telephone or a computer is *probably* a person who normally has access to it.

Data retention and LEO compliance are serious issues for network authorities to handle. The original topic was about IP addresses, though. I'd like to try and go there from a different angle.

IP addresses however, "belong" to (allocated..) authorities such as ISPs, and I would personally like to see some better AUP on what is allowed to come from these. Practically.

I'd like to see some larger effort to make network reputation happen, whether in making sure connections come from the real authority (BCP38 and similar) or to be able to deny a network connectivity to our own back yard.

I am not going for the "user activity is an ISP's responsibility" but rather than a "misbehaving network should be treated as such". For whatever definition of misbehaving we can accept. I want this to be more about what this can do for us rather than some "this will be abused so let's not do it" civil society discussion.

At first glance this appears off-topic for the thread, but operationally network reputation and ownership is much more relevant than if people's rights are being walked all over.

Security is a strong supporter of privacy as much as it is misused as an excuse for infringing upon it.

Considering possibilities, other than avoiding spoofing, what would network reputation which is reliable help us do operationally?

Gadi.