First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
Defending "Fixing the Internet"
- — 19 May, 2008 10:10
A better example might be your online bank, which may require that you truly identify yourself to it with your real human identity before it will allow you to access and modify your bank account. Or maybe your bank doesn't care as much as you, and it's willing to take a verified proxy identity, but you instruct it to ask for your real identity. How am I to know which side of the process cares more about a particular transaction?
Most casual browsing Web sites probably don't require any identity and integrity, so you can access them without giving up any bit of anonymity. Or if you connect anonymously, they can make sure your traffic is inspected more thoroughly than someone who provides a stronger identity. Or if you don't care and it's your Web service, you can give everyone, authenticated or not, the same level of service. It's up to you and the customer.
My solution just says that in the future it should be possible for me to require a certainly level of identity and integrity if I want to require it, and to treat noncompliant traffic a different way if I don't receive identity verification. And I, as the originator, can choose whether or not to participate with a particular Web site, with a particular level of identity (or anonymity) based upon how I want (or how I want my network traffic) to be treated. Both sides can agree to a particular level of identity and integrity, or agree to disagree, and not do business.
In the current model, even if I need better identity or integrity, as a sender or receiver, I can't easily guarantee that across multiple protocols to multiple partners. And for everyone who wants to keep absolute anonymity, keep it. If enough people agree with you, then we'll probably even have online banks that accept default anonymity even though it means that millions of dollars will be stolen from them over the Internet each day -- oops, that's today's model.
Finally, I remain open to suggestions. If you disagree with my solution, tell me how you can make the Internet significantly more secure than it is today. I've thought about it very hard, and I can't think of another way to do it. Living with the fragility of today's Internet just won't cut it in the future. The Internet is becoming everything, and that everything has to be secure.