Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!usc!snorkelwacker.mit.edu!bloom-picayune.mit.edu!athena.mit.edu!jon
From: jon@athena.mit.edu (Jon A. Rochlis)
Newsgroups: comp.org.eff.talk
Subject: Re: Georgia Tech's Restriction on Internet Access
Message-ID: <1991Mar12.011216.10215@athena.mit.edu>
Date: 12 Mar 91 01:12:16 GMT
References: <Mar.7.17.02.23.1991.5169@turbo.bio.net> <52892@cornell.UUCP> <23887@hydra.gatech.EDU>
Sender: news@athena.mit.edu (News system)
Organization: Massachusetts Institute of Technology
Lines: 42

Two comments:

First, MIT's name is being used in vain.  MIT does not use and
is not contemplating such a system to restrict access to the Internet.
We would view such a system as a giant step backwards.  As well as one
which would not achieve the results desired.

	Eliot Lear stated that:

	   NSFNET requires connected networks must be able to identify
	   those using the Internet at any given time.  This seems to me an
           extreme interpretation of that policy.

I don't believe this is accurate.  The NSFnet Interim Acceptable Use
Policy mentions nothing about identification of network users.  It
basically says that traffic over NSFnet must be either research or
education releated or in support of such research/education
activities.  You don't need to be able to identify network users in
order to comply with that!  (Think about it.  It helps sometimes but
it is not required and may well be counter-productive.)

My own personal belief is that even if you try to restrict network
access to only the good guys you can't possibly win.  Face it: the genie is
out of the bottle.  If you don't design and run systems that assume
*everybody* in the world has access to the network you are asking to
lose.  Efforts to snuff out anonymous terminal servers might buy six
months of safety for some sites, but I think that is arguable.

If you think mail and packet filters are the way to go you should have
heard Dave Clark's talk on the subject at Interop '90.  He basically
said that they break the internet model because they weren't
considered when the architecture was developed.  You lose a lot of
what the network is for (new interactive applications that run *now*
for everybody without 50 site admins updating tables) and you don't
even get security because mail systems are one of the biggest security
vulnerabilities (witness the Moris virus ... your corporate mailhub
being infected by sendmail would easily get your whole "protected"
corporate net).


		-- Jon Rochlis (jon@mit.edu)
		   MIT Network Services