Trust, but verify
We are at an inflection point in our lifetimes. The Internet is broken, seriously broken. Why is it broken you ask? The root cause is trust, that there is trust built into the fabric of the Internet.
Each part that works in the Internet trusts the other parts, think DNS, BGP and the like. When these were designed they were all designed in a framework where they could trust each other. I co-opted Ronald Reagan’s phrase of “trust but verify” for a previous company I started, which was involved in corporate email forensics, that we should trust our corporate email users but be able to verify what is passing thru that system.
Almost all of the systems currently in use on the Internet are based on implicit trust. This has to change. The problem is that these systems are so embedded in our everyday lives that it would be, sort of like, changing gravity, very difficult. There are many things that can be done and are being done, but the fact is they are almost all band-aids and do not really offer any substantial lurch forward.
Or we could really fix it, how about we start with not allowing spoofed IP packets to be routed by ISPs, this would go a long way toward reducing the risk, of course so would IPv6 and DNSSEC. But until something radical is done we should say “Houston, we have a problem!” So, as I said in a recent TV interview, if you are concerned about privacy, identity theft and the like, simply don’t use the Internet. I am out of time for now; I need to go check my bank balance!