<div dir="ltr">On 6 November 2013 15:56, Randy Bush <span dir="ltr"><<a href="mailto:randy@psg.com" target="_blank">randy@psg.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div>> To ensure that RIPE Atlas is not used (intentionally or not) as a<br></div><div>
> distributed attack system we could consider:<br>
> - limiting # of probes simultaneously running such measurements to a<br>
> � low number.<br>
> - requiring explicit permission of the probe owner to run such UDM.<br>
<br>
</div>this seems prudent, though i worry that the last point does not scale<br>
well.<br></blockquote><div><br></div><div>Thinking about how we could make this last point scale better...</div><div><br></div><div>I can see there are situations where some probe owners just wouldn't want to get involved in such measurements at all, and cases where a receptive probe owner may have probes in many different networks (on which they have varying levels of privilege), and therefore while wanting to take part may need probe-by probe granularity to ensure that they don't, for instance, break a customer's network.<br>
</div><div><br></div><div>Probe owners could be given an option to opt-out on an account-wide basis, or opt-in some or all of their probes, but this doesn't automatically mean they consent to every "special" measurement, just that they will consider requests for consent.</div>
<div><br></div><div>Then requests asking for consent to use a probe for controversial/risky measurements - containing details of what the measurement is - are sent only to opted-in probe owners. This would avoid the issue of sending requests for consent into a black hole, it's only sent to receptive probe owners.</div>
<div><br></div><div>Some probe owners will be very liberal, so they could have an option to a) opt-in all probes and b) auto-consent.</div>
<div><br></div><div>Do folk see where I'm going with this?</div><div><br></div><div>Mike</div>
</div></div></div>