From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <0c9c01c383a2$b02e70c0$6400a8c0@dell01> From: "Wes Kussmaul" To: <9fans@cse.psu.edu> References: <0ab301c3837f$0acf0310$6400a8c0@dell01> <01a201c3839f$91797240$b9844051@insultant.net> Subject: Re: [9fans] ISP filtering - update MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Date: Thu, 25 Sep 2003 16:22:04 -0400 Topicbox-Message-UUID: 4c872f0a-eacc-11e9-9e20-41e7f4b1d025 > > Boyd had the right idea (not the current one (though that one's good too)) > > but... let's see if I can find it... quoted it in my book... > > > > The final solution is to either beef up IP (bad idea) or replace > > it with a mutually authenticaticated, encrypted protocol. > > that's it. thanks. It really is the right place to start. Now the trick(s) is (are) 1. Who can you rely on to authenticate identities and enroll people with meaningful credentials, i.e. key pairs 2. How do you protect individual privacy once people start using these universal identifiers 3. (ducking) access to key escrow for law enforcement 4. Reality check: who's going to pay for it Please please please do not start a flame war over #3. We are all way too busy for that. Wes Kussmaul