Okay, so what need to change, and what attributes of the net (other than anonymity) would be altered?

The anonymity and non-attributability of the net...

Read the first source.

It's obvious what you want to change.  I want to know how you want to change it.

I disagree. The way the internet was built is a feature, not a bug, and those same aspects you want to eliminate are precisely the things that make it a powerful tool for freedom.

I don't know what Mr Ben-Israel is a professor of, but it's clearly not of networking, because this is completely wrong (and not in a way that could be explained as gross simplification for an interview). You can read what actually happens here.

Perhaps someone who doesn't even understand how the internet works is not in the best position to demand entirely redesigning it.

When someone is waging an attack, they don't do so directly from their own computers. They will typically use previously compromised systems as proxies. Thus the compromised system is the 'origin' of the traffic, and even if you did know who was sending it, you would gain exactly nothing because that compromised system is not going to helpfully log traffic from its commander (which would likely have been routed from any number of other proxies in exactly the same position). Ergo, this isn't something you can simply redesign. What Mr Ben-Israel seeks would require complete omniscience (total awareness and permanent memory) of all network traffic in the entire world, as well as knowledge of how that traffic was used at each node in the network.

That is exactly what should be done, and all that needs to be. If client systems were properly secured (least privilege, etc.), it would eliminate most methods of attack other than denial-of-service and social engineering.

He knows exactly what he's talking about. 

You can read a bit about him here: https://secdip.tau.ac.il/isaacbenisrael

"Perhaps someone who doesn't even understand how the internet works is not in the best position to demand entirely redesigning it."

I have the feeling that is a fundamentally inaccurate statement.

His resume consists of math, physics, philosophy, military intelligence/research, various administrative positions, and politics. None of those things are computer science.

This is what happens when smart people assume they know everything about everything and not just their fields of expertise. Don't fall for the old argument from authority fallacy.

His depiction of how networks function is not just wrong but deeply and fundamentally wrong. If they worked as he described, traffic would scale exponentially with the number of nodes and they would not function at any scale beyond the most local level.

And yet he heads the Blavatnik Interdisciplinary Cyber Research Center of Tel-Aviv University...go figure.

An administrative position, doc. Managing researchers does not a researcher make.

Maybe it's different in medicine, but elsewhere the folks in charge are pretty much never experts of the field (though they may have some distant past experience in it or something related)--they're experts of being in charge. And often even they themselves tend to confuse that distinction.

I trust what he has to say. One doesn't have to be an expert in computer science to understand what's wrong with the 'attributability' problem, and I'm pretty sure he has ready access to world class experts on the internet and its structure and function.

 As long as there are proxies, you'll never be able to rely on the source of a data packet.

Trust is all good and well, but we're not talking beliefs or subjectives here. He made statements of fact which are easily proven to be unequivocally wrong. So clearly he didn't avail himself of the experts he has access to when he did this interview.

This is a lot like all the law enforcement officials asserting that encryption should be illegal or the government should have a back door. They really don't understand what they are actually asking for--they just know that it makes their job difficult and they think it needs to change.

Mr. Ben-Israel is a military man, so true to that he wants the internet to change to make it easier to defeat the enemy (whoever that might be). That sounds great on paper if you don't mind the chilling effects to privacy and freedom (not a small thing those). And you can demand people be identified or licensed when making statements or sending messages online, as authoritarian countries are doing. But if you want to change the underlying design of computer networks so you can tell positively where traffic came from, in spite of the fact that it's going to be relayed indirectly? That just isn't possible, and anyone who actually understands how these things work would know that.

Which is why I agree it should be re-engineered...the consequences are all to apparent to keep it the way it is at present...but the back doors, etc. are the additional layer of insecurity done because of the attributability thing, in part.

Also...his rank was more a professional thing rather than a line officer thing. As for solutions, CEOs do the same...not just military.

I'll make it simple with an analogy.

Normal, direct traffic can be likened to corresponding via letter using pony express. The letter has the recipient and return address on it, so you know who sent it, and you can reply back to them, etc. There are other people involved with getting the letter from point to point (the pony riders), but they don't change the address on it.

Malicious traffic on the other hand, is akin to sending a coded letter to a middleman rather than the intended recipient. That person gets the envelope, and reads the coded message enclosed within giving directions to send a letter to someone else, then commits the sender's address to memory and destroys the coded letter before carrying out the directions (much like an old-time spy network). This process repeats any number of times. Finally, the target gets a malicious letter, and the return address on it is the last middleman. That recipient can know who sent them the letter but they can't know who started the whole chain of events. The evidence has been destroyed and the last middleman can't be made to confess, so even if you go after them you won't be able to find who ordered them to do it.

Unless the letters continue and you have access to observe patterns of behavior and work back to the source, the only way you could tell who was orchestrating things would be by directly observing the activities of everyone who could possibly be involved, and recording everything that transpired both in public and in private (since while you can correlate communications, you can't prove whether any given communication was the one without seeing the middleman decode it and reading it yourself). This is liable to be necessary in any case because there is no requirement for the orchestrator to use the same middlemen each time.

As you can hopefully understand, this is not an engineering problem. The sole solution to this 'problem' is total omniscience, because we're talking about knowing and controlling the behavior of people and the nodes on the network, not just how data is transferred among them.

Unfortunately, it isn't that simple...not at all like a pony express...because the internet was designed to be virtually indestructible. What has to happen for security from these attackers is the ability to trace things back to the originators and that requires re-engineering. 

Look let's just leave this discussion as it (the re-engineering) won't happen due to vested interests, or until those vested interests are forced to change...

The redundancy argument isn't really germane--the point of the analogy was the issue of addressing vs proxies; the pony express bit was just to illustrate that it involves decentralized communication via intermediaries who can't read the content of the communications.

It's not an engineering issue, nor one that engineering can solve. It's not about vested interests either. The point is that it is simply impossible, for two big reasons among others:

- Attribution gets you nothing, because a person (and a computer) can always act on someone else's behalf, and you can't make them tell you that (especially if they don't even know they are doing it).

- Even knowing everyone that everyone communicates with gets you nothing, because you can't put the encryption genie back in the bottle. And there are plenty of ways to encrypt data without making it look like it's encrypted at all, so you can't just prohibit encryption and assume any encrypted traffic that remains is malicious.

These issues predate computers by millenia--these are the same techniques (proxies and secret/coded communication) used by criminals and spies for all of human history. So in essence, the problem you are trying to fix is humanity itself.

You're welcome to end the debate if you like, but lets not be disingenuous about what the problem that needs solved actually is.