Do we need a new Internet?

Security and privacy have become so compromised that many experts believe it is time to start over.
The New York Times

The story "Do we need a new Internet?" published February 15, 2009 at 5:52 PM is no longer available on CNET News.

Content from The New York Times expires after 7 days.

[t8]

Answer is simple. Every citizen is born with a static IP address.
No IP address no access. The IP adress is extracted from an RFID chip embedded in your body. This will unlock the Internet of Things. As for the WWW, you will need that plus a password or some other security to stop others from using your IP.

This will require a computer and database for every citizen on earth for the nameserver records.

We could call this computer the Beast, or more descriptly, the Image of the Beast.

[timber2005]

You have no idea how IP addressing works then... doing that would mean things like routing devices (aka routers) wouldn't have an IP... and people with multiple computers would have data routed incorrectly to the wrong source. Only ONE unique IP can exist on a network. There are more computers than people, therefore, each device should have an IP.

[Imalittleteapot]

Uh? I think they were being sarcastic. You know, with calling it the "Beast" and all?

[meowser007]

What would be better is a personal card that your internet provider gets for you or the government has that password. Just no implanting chips please.

[t8]

@ timber2005

yeah I am being sarcastic, but in response to your post. IPV6 has enough numbers for everyone and everything.
RFID tech runs in line with thing having a unique number.
Lets face it, we will never run out of numbers.

[timber2005]

Sorry about that then. Didn't realize you were being sarcastic.

[Penguinisto]

@t8:

funny comment, though it would be singularly unroutable :)

OTOH, there is a similar solution, and it doesn't require embedded RFID chips:

Each ISP is required to assign a number of IPv6 addys to each billing statement. 'course, there's still proxies...

/P

[t8]

Actually I do not see why having a static IPV6 # couldn't work. If everything had a unique number on the network, then there would be no conflict. Think of a website with static IP, it should be no different to a person with a static IP. We know that the Internet will embrace things, (the Internet of Things) so why won't it embrace people as objects too?

[JCPayne]

So what happends to Organisations, Corporations, or Associations with more than one person working there??? You can't just tie IP#s to people. IPv6 is a step in the right direction.

[JCPayne]

The problem with a constant static IP# all the time is you can easily find a target (or victim) more easily and keep on hitting them.... Heck you'd know everytime they came on the net if they did logoff.

[Firehazel]

mark of the beast, much? that seems so... Bible related and evil.(I'm not saying the bible is evil, i love it!) but no Beast crap! just flush out every one for a year or two, check for malware and crap like that, delete it.
then let every one back on in a slow, steady process!

[0ri0n]

Privacy is a joke. When every presidential administration pushes advocates making more and more of our personal lives open for sale to the marketing sector, we have no privacy. Now our health records will be available to the highest bidder. If you believe HIPPA protects, read it closely. If people actually understood how much their personal information is worth and stood up to demand a share of those profits, or withhold their participation in the market sector, we wouldn't have privacy issues....

[JCPayne]

I agree. Passports became computerized now and remember about half a year ago when someone in the Government snuck a few peeks at Obama and I think McCain's passports.

ABC News: Passport Security Breach on McCain, Clinton & Obama
http://abcnews.go.com/Politics/Vote2008/Story?id=4492773&page=1

With the health records you know exactly what is going to happen. The Government will outsource it to the private sector which means any and everybody will have access to it. The computers will get breached or something and before you know it everyone will be all upset their records were exposed.

Its funny even now tons of companies outsource all kinds of customer service positions overseas. And I know when I had Sprint and AT&T I felt very nervous everytime I had to give my credit card number to someone in like India to pay my Sprint/ATT bill. I know full well that if that person on the phone takes your card number and used it outside of work, the police wouls have a tough time tracking it from them to the person's job and then back to you in order to catch the actual indentity stealer.

[proteanthread]

part of the problem has been from day one when microsoft realized the potential of the internet it tried to re-create the internet in its own image instead of accepting secure (somewhat more secure than anything microsoft proposed) standards that were already in place. what we have now is a spaghetti mix of the good AND the bad of the internet. take microsoft (and anything it touched) out of the picture and i bet you a mil to 1 you'd have a more secure more stable less resource hog of a network. that's why the core of the internet was and still is unix based. :-)

besides, why re-invent the wheel? microsoft tried and FAILED.

[t8]

Yeah they originally thought that the Information Superhighway was going to be a whole lot of BBS's and the Internet eith each being a road. They developed MSN a copy of AOL BBS to enter the Super Highway. But the reality was the Internet was exclusively hat highway and when they realised, they ripped off Mosaic and made IE, then they tried to dominate the Internet using their Windows platform. You are right, they then seeded Internet technology that was inferior. We would have been much better without them.

[rapier1]

You're thinking about applications. This article is about fundamental problems inherent in the design of the protocols. Even if the protocols were perfectly implemented they'd still be broken in terms of the modern internet.

[t8]

@ rapier1

And Os's too.

The Net was originally Unix and Unix/Linux still dominates, but Windows has a share of the server market.
Windows and IIS is insecure and also incompatible or insecure when using many Open Source CMS's.

[rapier1]

No, not the OSes. Please take a look at the OSI model - most of the problems brought up in this article are addressable at the 3rd and 4th layer. There is an OS component to the 4th layer but most people seem to be thinking about server applications which is a completely different set of problems.

[t8]

Correct, but problems nevertheless.

[proteanthread]

But microsoft tried re-writing the 3rd and 4th layers through IIS.

[JCPayne]

Microsoft will def. want a new Internet.... One for example- where it can handle the load of having a few main Operating System centres off centered somewhere and when you turn your PC, it would load the Operating System over the Internet.... Then the customer just pay Microsoft a monthly subscription fee. That would def. take a new Interenet. But the new Internet will probably charge to do everything.

[rapier1]

@proteanthread

IIS isn't layer 3 and 4. Its a bundle of servers which makes puts them in the data layer (5, 6, and primarily 7). It is true that MS did have the own implementation of IP and TCP but then again, every OS essentially has their own implementation of these protocols. As long as they are interoperable it doesn't really matter how its implemented (modulo performance and reliability). You can also have non-interoperable extensions on the protocols if you desire as long as they don't interfere with the requirements of the protocol.

[pentest]

"No, not the OSes. Please take a look at the OSI model - most of the problems brought up in this article are addressable at the 3rd and 4th layer. There is an OS component to the 4th layer but most people seem to be thinking about server applications which is a completely different set of problems."

Layers 3 and 4 are part of the operating system, be it server, desktop or switch. All OS's did have and still have and always will have their own implementation. What OS doesn't have the complete TCP/IP stack written as a kernel module?

[rapier1]

@pentest;

Everything has a network stack now. But its still not an OS issue - at least not the way the majority of the commenters here are thinking about it. The problem is inherent in the fundamental structure of the protocols. These protocols, as defined by the IETF, are in terms of modern internet usage, inherently flawed. When people talk about a 'New' internet they aren't referring to a new operating system or application. They are talking about the fundamental underlying protocols. It is an issue that is entirely independent of the operating system.

[Mac OS XP]

Can someone please explain to me how this is more practical than using Unix-based operating systems?

[rapier1]

They actually have nothing to do with each other. Its not about operating systems - its about the fundamental underlying protocols of the internet. IP, TCP, UDP, slow start, nagle algorithms and so forth. These underlying issues are independent of the operating system. Take a look at the OSI 7 layer model. Operating systems are at layer 5 and above. The parts that need fixing in the internet are layers 3 and 4.

[Penguinisto]

If they could just fix/replace SMTP it would wipe out the vast majority of the crap traffic... the rest of it works just fine as it is IMHO.

[rapier1]

You can't rally 'fix' SMTP without making fundamental changes at layers 3 and 4. Otherwise you are just building more cruft on top of a weak foundation. Even just a casual glance through Steven's TCP/IP Illustrated (Volume 1 in particular) really illustrates the problems with the early initial assumptions about these protocols and how they don't work effectively in the current internet. Building on top of those protocols necessarily inherits those weaknesses and, unavoidable, extends the attack profile. Most of what needs to be done, vis a vis security, can be handled at layer 3 (IP) and those fixes will propagate up the stack. In layer 4 we really just need a smarter way of dealing with loss (think SACK v2) and fair sharing methods (slow start is overly conservative).

[Penguinisto]

"You can't rally 'fix' SMTP without making fundamental changes at layers 3 and 4."

Layer 4, certainly. Not so sure about layer 3 needing an overhaul - IPv6 is overhaul enough in that department.

While not probable, it is possible with what he have now...

As for fixes? Many are in place right now, though more could be done: One can start by requiring verification of last rec'd server (at every step along the Rec'd chain), and ditch the unverifiables (or correct the chain). The first or second external relay server can verify the source email addy and verify that before allowing the mail to get any further. One can implement certificate chains for servers and gateways. We can shut off port 25 outbound at the ISP user level (that is, any SMTP traffic only leaves the ISP boundaries through ISP-owned mail servers - many do this now, not not nearly enough) - want an exception? buy a business account.

Most importantly, the ISPs can throttle all outbound-to-public emails from any single personal (not business or org) account to one every 60 seconds, unless the user is willing to register (and pay) for an exception.

Note that none of these are perfect. All of them have loopholes. That said, the trick isn't to make it bullet-proof, but to slow down the crapflood and make the barrier higher until we can build a suitable replacement.

[rapier1]

I don't see how you can implement some of the necessary fixes without involving layer 3. Its not just a transport matter after all - you need to take into account the routing and addressing of the hosts involved. By providing authenticated host addressing you can take a significant step forward in resolving the spoofing involved. IPv6 doesn't necessarily address this - it may be possible using IPSec but implementing this in the real world is untenable without massive investment in PKI. Using IPSec in promiscuous mode really doesn't gain you anything in this regard.

Either way, we also need fixes for other matters - ip spoofing, performance issues (sliding windows is good but until recently poorly implemented across the board, window scaling is still problematic, slow start is too conservative, fair share needs to be more adaptive, SACK needs more work, etc), diagnostics need to be rolled in (most network problems have the same symptoms (buffereing, queue, congestion, bad cables, and so forth all present in the same way). baked in diagnostics could help with this), we could really use an effective QoS, we could probably use a protocol specific to bulk data transfers and latency sensitive transfers, a more intelligent adaptive routing scheme would be great (no more fish problem), etc etc etc...

[JCPayne]

If you secure up SMTP and POP too nuch beware you will proably have to start paying to email.

[thesubversive]

We are walking into the future of transparency. Orwellian in nature, yet satisfying for those eyeing security. David Brin's book Earth shows us the society where we are headed. Check it out.

How many of us already know that kludges added to your systems never solve the base insecurity? ( uh, every systems admin out here reading tech journals like this)

What is Microsoft doing still working with a "personal computer" system? I see the problem as Microsoft.

[Penguinisto]

While MSFT can take a good chunk of the blame, there is a problem with some of the more basic protocols.

OTOH, those problems, while passing along spam and making it easy for asshats to hide in the network, also help insure privacy and anonymity for folks in oppressed countries.

[timber2005]

Re IPv4 --> IPv6 "However, because of cost, performance and compatibility questions it has languished. "
Err, what? Cost I can see, you would have to upgrade routing devices to support IPv6 but thats a layer 4 OSI issue.
Compatability... well thats null. If you have an IPv6 address, you can access IPv4 networks AND VICE VERSA! If you have Mac, XP, or Vista (or any OS with IPv6 support) you can try it out by pinging ipv6.google.com or attempt to access their website. If you suceed (and see an animated logo), you are IPv6 ready.
Performance? Benefits (addresses, backwards compatability) outweigh that. Your talking about sending 128 bits (at MOST) for an address instead of 32.

Heres the fundamental problem with IPv4. Small number of addresses (4 billion). The number of people in JUST CHINA without internet outnumber the people of the WORLD who DO have internet. And in the next few years those people will be coming online. Not to mention all G4 Cell networks will also utilize IP addressing.

In 2010-early 2011 (at the latest) we are OUT of IPv4 addresses. Thats 18 months. The solutiion was implemented 10 years ago (1998!).

[fgoldstein]

Well, no. IPv6 is NOT compatible. The upgrade path is "parallel operation" until everyone is on v6. But since everyone stays on v4, nobody needs v6. Overall, IPv6 was one HUGE mistake, a total abomination, and has no right to live. But don't worry, it's already dead; only the IETF and Cisco refuse to recognize it.

There are lots of addresses. The homestead period (free land!) is over, but the remaining addresses can be used more efficiently. This mostly involves resale of unused addresses (most) and network address translation.

We do need a new answer, but it would be easier to start afresh than to use v6, which does NOTHING for the security problems that the original article is about.

[rapier1]

I hate to say it but yeah, IPv6 was basically stillborn. It had a lot of potential but implementation was haphazard and usage is minimal at best in the US. Its much more popular in Asia and it may, given a few conditions, come back from the dead but I'm not holding my breath.

[pentest]

Actually, if IANA had the courage they could make IPv4 addresses last much longer.

How?

Take Class A and Class B blocks from medium to small organizations that don't need them. Until about 10-15 years ago, the number of available addresses seemed infinite, and when they figured out it wasn't they started being selective of block size, but never went back and took away the hundreds of thousands of currently unused addresses.

Nobody needs or uses the entire 127.0.0.0 to 127.255.255.255 range for loopback, reserve 10 and give the rest out.

Too many blocks are reserved for LAN's as well.

[rapier1]

@Pentest:

That still not a sufficient supply of IP addresses. Not when one person may be have 4 devices on their desk either with their own IP address. This is why we had to start using NAT - which is fundamentally at odds with the end to end conception of IPv4 routing. Even if we free up all those 'wasted' addresses it wouldn't obviate the need for NAT (especially not on a global scale) nor would it address even more important problems that are harmpering the internet now.

[pentest]

I never said it was, but it would stretch it out a few years so either IPv6 can be more widely adopted or something better is developed.

[rapier1]

So why do something today that you can put off until tomorrow?

And really, address space is a minor concern. Its not just address space, its routing complexity, its performance, its diagnostics, its security, its authentication, and a slew of other issues that need to be, and can be, addressed by redefining the underlying protocols. Also, IPv6 would only resolve a subset of these issues. You have to remember that IPv6 is widely deployed in some geographical regions and they're still facing the many of the same issues.

[Imalittleteapot]

So the question is do we need a new Internet? And the answer is give up out identity? Fine, anyone who agrees with that, prove it to me. Post you cell phone number in the comments. I'll be waiting.

Then we find out that it's not about a new Internet at all. It's about taking our privacy away on the internet we already have. That's not a new internet. That's just screwing up this one. Let me ask? Even if I give up my identity what makes you think the hackers are going to give up theirs?

Hey, I got a better idea. Why don't you just ask all the gang bangers to give up their guns too? This is simply about propaganda. FTA: "That is why the scientists armed with federal research dollars."

Tell you what. Why don't you build a second Internet and then give me a choice about which one I log into? Why do you have to take this one away? Give me a choice. The people that want to connect to the new secure internet are free to do so, but I should be able to stick with the one I got.

Or, how about this? Instead of me giving you my identity why don't I give you my public key instead and you can decide on if you trust my public key and my trusted third party or not? How about that? Oh we already have that system and aren't using it at home? Guess you didn't care much about security at all. Guess it's just government funded propaganda to get people to give up their identity considering we already have the technology to do what these scientists are saying we need to rebuild the whole internet to be able to do.

Here ya go. I'll tell you where most of the malware is coming from. Russia and China. There, already told you. We don't need a new Internet at all. I can already tell you where it comes from. So, what is the government going to do about it now that they know where the malware comes from? Absolutely nothing. So, exactly what are they trying to prove here. They already know where the malware comes from and they don't do anything about it now.

[Imalittleteapot]

Oh and Conficker takes advantage of a whole in a Microsoft Windows operating system. The Internet is not the problem there. It is yet again, Microsoft.

[Lerianis]

Wrong, because Microsoft FIXED the hole that Conficker uses nearly 3 months BEFORE it came out..... so the real problem is people not updating their computers like they should!
I'm getting tired of seeing people blame Microsoft every single time. The fact is that NO operating system is going to be totally bulletproof. Yes, before Windows Vista and Windows 7..... Windows was insecure as heck.... now, if people would UPGRADE their computers to Vista, we wouldn't be having most of these problems, because the UAC security in Vista and Windows 7 mitigates some of these attacks EVEN IF THERE ARE FLAWS IN WINDOWS SERVICES.

[pentest]

You are wrong Lerianis. Conficker can spread onto patched machines, via USB drives.

The fact that it was so easy to pull of is inexcusable.

UAC has been completely broken. Using IE7(or IE8) on a page that uses activeX can lead to complete access to memory, without any user intervention. That is the very definition of owned.

Memory randomization has been completely broken.

Windows is completely broken and insecure as hell.

The "security" built into Vista and 7 are very weak speedbumps, they have nothing to do with real security.

[JCPayne]

Again though the problem leads back to Microsoft because M$ is known for throwing in new- features into "bug updates" and those new features often cause new problems that people don't want to deal with so many have stopped updating for just that reason.

[Imalittleteapot]

@Lerianis
Shut up. That wasn't even my point. My point was the hole was in an OS. It didn't matter which OS. That's why I didn't even bother bringing up which versions. The point was the article was misleading in the fact that it's the net that needs changed when the flaw was in an end point regardless of if that's Linux, OS X, Windows, or whatever.

[Carion]

The internet is just as secure as your OS plus your behavior...

[Mproject]

I totally agree with "Imalittleteapot". They think that all people are missed informed about technology, that they can do anything without people knowing what the real agenda is. (They means Goverment, Scientist ect.)

There are smart people that knows technology that don't work for an organization. The Human nature of trying to control everything.

Just my opinion, I don't think there is anything wrong with the intenet other than people using technology that they yet don't understand.

[Imalittleteapot]

Well there's something that doesn't usually happen.

[Mike Acker]

you do NOT need a new Internet. What you DO need is a Secure Operating Environment

<a href="http://my.net-link.net/~napfn/ffv12n3.htm" target="_blank">recommendation</a>

[Prioratus]

New Internet and New Email Protocols are necessary is we want safe computing or browsing and spam free email. The Internet was developed as a an environment to connect and communicate with institutions and individuals who were known and trusted. There was no accountability or trusted identity built into it and we will not be able to eliminate crime, viruses and malware, identity theft, spam, child predators, cyber-bullying, and large scale cyber-warfare until the basic building blocks of identity and accountably are present. These basic building blocks cannot be added, or more importantly, imposed on the existing community.

The only alternative is to build an alternative system that users can choose, and parents can choose for their kids, and enterprise and government can choose for their users. It would be safer and faster. My guess is it would quickly become the preferred internet.

[Imalittleteapot]

Actually you can build those tools into it and they already exist. Setup your mail client to reject any mail that's not digitally signed. Don't install anything that's digitally signed. Only install proper drivers and patches from your OS vendor and only accept them if they're digitally signed.

This tech you say cannot be built. It was already built. People simply choose not to use it. You want security then the OS should simply reject any data that's not digitally signed by someone you trust. Already been invented and is already not used.

[Imalittleteapot]

Don't install anything that's not digitally signed*

[DoughboyNJ]

The NYT is getting its as_ whooped by the internet, and now they are going to write an article about how unsafe it is and how we need to re-do it? PUH-leaze people. Wake up.

I wonder if the "new internet" would have built-in micropayments every time we read Google news/AP instead of a newspaper? You think?

[rapier1]

Actually, the work on next generation internet protocols have been underway for a few years now. Its not like the New York Times sudden came up with this idea on their own. And micropayments would be an application layer issue - not something that the researchers are really thinking about. On of the big questions they are trying to answer is how to do single packet traceback. For example, say you get pinged by a computer that is spoofing it's IP address. How do you find the location of the system actually pinging you? If you can come up with an answer for that you've basically solved large subset of the issues facing the current internet.

[Earl Benzar]

Mr. Markoff and his ilk can stick their "new internet" where the sun don't shine. A license to use the internet? Wow, and who exactly issues these licenses Mr. Markoff? And I suppose it is okay for all of us to agree to be monitored 24x7 by Big Brother for the sake of security.

Can you say it with me: Thought Control. I'm sure you can.

Here's a better idea. Get off of Windows. Remember the ideals of free speech and privacy. And shut up until you have something more productive to say to us serfs.

[Lerianis]

Getting off Windows won't solve the problem. I am VERY sure that Linux and OSX would have some problems and security vulnerabilities in them that would come out if it was... profitable to find them. As to the usual "Business servers run Linux, and they aren't being attacked!"..... business servers have too many people watching the **** going in and out of them.... THAT is the reason why they are not being attacked as much as private computers are... too much of a chance of getting caught unless you are a whole lot better than the average 'script kiddie' at hacking.

[pentest]

Script kiddies don't have the higher level skill required to successfully exploit ANY Linux environment.

The fact that people with no technical skills can exploit Windows speaks volumes and there is no excuse for that.

[rapier1]

@pentest:

You do know that the first root kits (the signature of the script kiddie) were developed for unix systems, right?

[pentest]

Rootkits are the "signature" of script kiddies????????


Have you ever written one? It is not a trivial task. A script kiddie couldn't begin to write one. Not even a user land rootkit.

Rootkits in and of themselves are not malware. Rootkits started in *nix land but they were not always malicious.

[rapier1]

Of course a script kiddie couldn't write a root kit. Its what the script kiddies use - its sort of the definition of script kiddie after all. Anyway, the *first* script kiddies made use of the unix based root kits to exploit unix systems. So yeah, I'd say that script kiddies could exploit a linux environment.

[pentest]

The fact that Windows is easily abused has nothing to do with the Internet. Conficker has everything to do with Windows and Windows users.

Want to dramatically improve security?

Hold companies liable for successful exploits, and require a license for people to use a Internet connected computer.

[viper396]

You are basically saying hold companies of a product liable for the misdeads and crimes of others. We all have door locks, deadbolts, and alarms why aren't you whining about the fact that cars are still being stolen and homes can still being robbed? So if a guy breaks into your car, do you hold the car company liable, or the crook? Under your assertion, if your house get's robbed, you're liable for it. I'd hate to still be around if that mentality ever took hold of humanity... Everyone would be liable for something.

[Imalittleteapot]

You already have to have a license to use a computer. It's called a monthly ISP bill and the ISP can revoke your right to sign on anytime they want for any reason.

[pentest]

That is not a license. That is a fee.

A license implies that possess the necessary skills to use whatever they are licensed for properly.

That is what is needed.

Horrible analogies viper. That isn't even close to the case here. The fact is that most software companies, most notably, but not only Microsoft completely ignores security. It is a well known secret that few so-called professional programmers have any knowledge about security. They think they can follow some script or use specific languages and they are "doing security".

Go to your flawed analogy, change it to the car company hired incompetent engineers and they designed a car where the front axle can easily fall off. That is the scope of security in software today. It is criminal negligence.

[Imalittleteapot]

"A license implies that possess the necessary skills to use whatever they are licensed for properly."

Guess a drivers license is just a drivers fee then cause I can tell you there's lot of people with drivers licenses that sure as crap can't drive.

The point is the ISP bill works just as good though. Everybody with a license would have to prove they're smart enough to use the net. That means there's nothing there to filter out people that know how to hack the net either. Obviously a hacker can operate a computer. So, we haven't accomplished anything there.

Also, if your ISP shuts you off you just go next door and use your neighbors just like anyone with a suspended license still just drives to work anyway even though they're not supposed to. And also, some other country would just refuse to play by the rules and let people online without them anyway. Then that country is where the malware starts flying from.

No, it's not a real license but who cares? It works just as good. Not having a drivers license doesn't stop you from driving a car, not having a gun license doesn't stop me from shooting and gun, and not having internet access won't stop me from using the net. It's pointless to even bring it up. True, it may be illegal, but what are you gonna tell the hacker? You don't have a license so it's illegal for you to sign online and HACK! Uh, it wasn't already illegal to hack things to begin with? They're hacking. They already don't care about what the law says.

[yearstretch]

To make the net more secure we need a new tier of controlled entry net, just like any secure real estate. We also need to split it into cells so a problem in one cannot spread. While the net is free to enter and a universal space within which to roam there will be problems. The World does not need a Wild West internet. It needs closed and secretive Swiss Bank of a net if we are to use it secularly. That will upset the liberal open source Mac using freaks but are they transferring money, trading, setting up mortgages, running businesses etc. via the net. I think not...

Personally I would also dump all the plain text level coding like ASCII, HTTP, XML etc. and use only dynamically encrypted binary that is keyed against a rotating pin coded hardware key issued to individuals, on payment of a fee, to access the net. Yes they would be stolen and used by criminals but at least they would be better than this crazy open access nonsense. I often wonder if we had charged all net users 1c per email would we still have spam?

[Imalittleteapot]

"We also need to split it into cells so a problem in one cannot spread."
The net is already decentralized like this. When your computer and network goes down mine network keeps going. Already been taken care of. The fact that we're both on the net right now proves this. Someone out there has a virus right now that's brought down their network, but ours are still going are they not?

The encryption tech you talk about has already been invented and works much like you suggest. It's only a matter of using it. We even have technology that makes a stolen key worthless and that it can be disabled remotely by a central or decentralized server and cannot be used in the hands of anyone but the owner. We don't need a new internet to make that happen. We already have it. And this article is jerking your chain. The problem is that nobody uses the technology and that's by choice because doing so gives away your identity. All operating systems already have most of the tech they need to make this work. It's simply a matter of turning it on. For example actually enabling digital signatures in your email client and purchasing a digital certificate to prove who you are when you send mail and simply rejecting mail from anyone that doesn't digitally sign their email and doesn't prove who they are. It's all already there.

Now we have a choice which way we want to do it. So many choose that keeping their identity safe is more important that most people like you don't even know this technology already exists. This article is saying we need to get rid of that choice. That we should be forced to give up our identity to everyone we talk to online basically. In this day and age of identity theft, child predators, and stalkers do you really think that telling everyone on the net who you are is going to make the world more secure?

[pentest]

You are comparing ACSII with HTTP and with XML? Three totally different things??

srsly??


At some point it has to be converted into an ascii-like form or you can't read it. You can encrypt a text file if you need to.

HTTP, properly used is not a security issue at all. Do you even know what it is? I am doubting it since you are comparing it to a binary conversion format, and a markup language.

XML is a very useful markup language, you can encrypt an XML file if you need to.

[Millerboy]

A new internet that will still protect our freedom of speech and anonymity is fine. A new internet with a license and invasion of privacy is stupid and wrong.

[3rdalbum]

Conficker didn't infect all those computers directly from the source. It infected a few, which then infected others, which then infected others.

None of the proposals in the article would do the slightest bit of good in combatting Conficker.

Also, Conficker is not the first widespread infection. Don't you remember Storm last year? I Love You?

[The_happy_switcher]

We do need a new Internet and Microsoft should pay for it since their crappy software is responsible for the overwhelming number of infected computers.

[rapier1]

What they are really talking about is replacing things like RFC 791 and 793 - not operating systems. The assumptions made about the internet in 1981 really just don't apply anymore. While extensions to these protocols have helped matters the problem can only be addressed by a complete overhaul of the protocols. Changes in the protocols will necessarily create changes in the OS though. If done properly it will make the internet as a whole more secure, reliable, and faster.

[pentest]

All of those new protocols will have flawed implementations with will allow security issues to fester.

[rapier1]

@pentest:

Well, it's a good thing that at least you don't do networking for a living.

[RainCaster]

How about we create a new government agency to oversee this new network? Said commision would need to work with DARPA, Homeland Security, and the FCC. For the sake of simplicity, we'll just call it the Tri-Lateral Commision.