John Walubengo wrote:
The main internet security debate that cross-cuts into legal/social baskets often centers around: I) How the Internet Protocol (IP) could be improved so as to trace-back the origin of the Spammers, eFraudsters, and other criminals. This may demand implementing IP tools that require all internet services (email, dns, web, etc) to be digitally signed - a feature that would come with some overheads (Mich could again assist here on which overheads these could be)
IMHO while tracing the perpetrators maybe a useful thing to thwart future attempt, the desired results cannot be realized as long as the weakpoints are not sealed. By sealing i refer to fixing whats broken on the IP thus making it harder for folks to break in. However, the technical part is probably the less challenging part than the part where user knowledge and community support are by and large lacking. For instance, how many users understand the importance of secure websites and checking the signed certificate authorities?. For instance how many users would be able to tell the difference between WWW.SAFARICOM.COM AND WWW.SAFARIC0M.COM if it came into their inbox and were asked to update their details. Or WWW.EQUITY.CO.KE AND WWW.EQUlTY.CO.KE and even if they picked it up would they assume that its a typo and still click on the link ahead?. IMHO training the end users on security considerations on the Internet is far more difficult. Secondly, as with most things there has to be a demand for various implementations to take root. Now unfortunately, the demand for secure IP implementations i.e DNSSEC, Secure BGP etc have gone largely un-deployed due to lack of support from both vendors and the technical folks expected to deploy the systems. This by extension can be traced back to the low demand by users for the same services. So who is entirely responsible for this should be a question and what measures are needed to be put in place to ensure that the right security implementations are done and in good time?. With regards to the overheads that will be involved in having digitally signed communications or encrypted and secure communications - well the impact on bandwidth is minimal. The issues maybe compatibility with old and legacy systems and costs of upgrading them. Another important issues is having good and reliable connectivity where verification is needed. IMHO security is by and large a social problem that requires social perspectives to resolve than technical. Regards, Michuki.