I thought it very important to comment on David P. Reed's article in EI-9604 titled "Enforcing the CDA Improperly May Pervert Internet Architecture".

Mr. Reed's basic position is that technical solutions to access controls in the Internet should be done at the ends of the pipes and not in the infrastructure and that this philosophy as espoused in the "end-to-end argument" is one of the major reasons for the success of the Internet over the years.

My disagreement with Mr. Reed's position is basically very simple. The Internet Protocol already has an infrastructure-based access control scheme built into it, and that scheme has been in place throughout the development of the Internet. Thus his assertion that the lack of such a scheme is responsible for the Internet's success is fundamentally flawed. The access control scheme is a part of the IP protocols, and as currently defined, it provides for about 8 different classifications of information. It also has another 8 classifications available for use with the specific use not yet specified.

It would be a trivial matter for the Internet Engineering Task Force to assign one of those access control codes to CDA blocked material. No infrastructure changes are required, no substantial protocol changes are required, it does not hinder or effect non-CDA blocked material in any way, and it costs nothing. Using existing TCP stacks and the freely available widely-used TCP-wrappers software, CDA-blocked material could be limited anywhere in the infrastructure, including at the ISP, at the user's home, and at the connection between the CDA-controlled provider and their Internet connection.

As a side note, the "end-to-end argument" is very similar in some ways to the "common-carrier" argument used by telephone companies to remain out of the fray when providing telephone services.

The basic position of the common carrier is that if someone attacks your Internet site, it's between you and them. The common carrier won't do anything forceful to help the victim of an attack, for example, they won't cut off the perpetrator's connection to stop the attack while it's underway. In the same manner, Mr. Reed asserts that the Internet should not play traffic cop by providing access controls in the infrastructure, and that if your 10-year old child is solicited through email, that is your problem.

One of the results of this "common-carrier" mentality is that IP address forgery is rampant on the Internet. The most reasonable way to prevent IP address forgery is for infrastructure elements to refuse to pass packets when the source of those packets is not authorized to control the "From" address in those packets. But most of the infrastructure providers refuse to provide this simple protection because of this common-carrier mentality, and they use the end-to-end argument to bolster their position. The net effect is that untraceable denial of service attacks are commonplace. We can't provide end-to-end protection against this sort of attack unless and until we can figure out where the other end is, and we can't do that with only end-to-end protection.

One final point. When your information infrastructure provider tells you that information protection is not their job, that really means that they don't value your information, they only value the payments they get for your bandwidth.

Fred Cohen -> See: Info-Sec Heaven at URL http://all.net/ Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236