Re: Re[3]: national security
John C Klensin <john-ietf@jck.com> Sat, 29 November 2003 17:25 UTC
Received: from asgard.ietf.org (asgard.ietf.org [10.27.6.40]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA21049 for <ietf-web-archive@odin.ietf.org>; Sat, 29 Nov 2003 12:25:23 -0500 (EST)
Received: from majordomo by asgard.ietf.org with local (Exim 4.14) id 1AQ8XK-0002Jw-8S for ietf-list@asgard.ietf.org; Sat, 29 Nov 2003 12:05:38 -0500
Received: from ietf.org ([10.27.2.28]) by asgard.ietf.org with esmtp (Exim 4.14) id 1AQ8Sp-0002Hh-A0 for ietf@asgard.ietf.org; Sat, 29 Nov 2003 12:00:59 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA20637 for <ietf@ietf.org>; Sat, 29 Nov 2003 12:00:43 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AQ8Sn-0007SH-00 for ietf@ietf.org; Sat, 29 Nov 2003 12:00:57 -0500
Received: from ns.jck.com ([209.187.148.211] helo=bs.jck.com) by ietf-mx with esmtp (Exim 4.12) id 1AQ8Sn-0007SE-00 for ietf@ietf.org; Sat, 29 Nov 2003 12:00:57 -0500
Received: from bs.jck.com ([209.187.148.211] helo=localhost) by bs.jck.com with esmtp (Exim 4.10) id 1AQ8ST-000HGe-00; Sat, 29 Nov 2003 12:00:41 -0500
Date: Sat, 29 Nov 2003 11:47:57 -0500
From: John C Klensin <john-ietf@jck.com>
To: jfcm <info@utel.net>, ETF Discussion <ietf@ietf.org>
Subject: Re: Re[3]: national security
Message-ID: <5159341.1070106477@localhost>
In-Reply-To: <6.0.0.22.2.20031129013701.0490dec0@mail.utel.net>
References: <C01FC9FDD15AF849BD9C7C26A91AF6AB12C408@w2k.w2kbrainte c.braintec-consult.de> <000001c3b329$25c78690$b520a8c0@w2kbraintec.braintecconsult.de> <6.0.0.22.2.20031127212644.049baec0@mail.utel.net> <B63B3E7B-2190-11D8-9404-000A95CD987A@muada.com> <135-1998496436.20031128130419@atkielski.com> <3FC74D8F.1080704@piuha.net> <48-1992023909.20031128145211@atkielski.com> <6.0.0.22.2.20031128191240.04afa4c0@mail.utel.net> <81-1961535269.20031128232020@atkielski.com> <6.0.0.22.2.20031129013701.0490dec0@mail.utel.net>
X-Mailer: Mulberry/3.1.0 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Sender: owner-ietf@ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit
Jefsey, You should also entertain the hypothesis that no one has commented on those issues/suggestions because they are have been discussed too many times before and are inconsistent with the visions that drive the Internet. Some of them have even been the subject of fairly careful evaluation and associated statements, e.g., RFC 2826 on the unique DNS root issue (often summarized as "which part of 'unique' are you having trouble understanding?"). I think, as we have discussed in the past, that your vision of the Internet and its future differs from mine and that of many, probably most, of the people on this list. I would characterize your picture, I hope not too inaccurately, as one in which connectivity and the flow of information are driven (not unlike the PSTN) by bilateral agreements between countries. In that sort of world, different countries may reasonably establish different views of the DNS and different address spaces, with inter-country communications occurring through gateways that, among other things, can keep those views and address spaces separate. In my world, direct, end-to-end global connectivity, interoperability, and integrity of DNS and URI references are very important -- for interpersonal communication, for commerce, for intellectual development and dissemination, and perhaps even as a religious principle. That belief has caused me to spend most of my time in the last few years on internationalization issues, not to empower governments, but to permit better communication among people (and, indeed, to reduce the belief by governments that they need to "solve" the problem, probably in some xenophobic way). With regard to ICANN and its processes, I don't much like the way a good deal of that has turned out, even while I believe that things are gradually getting better. I lament the set of decisions that led to the US Govt deciding that it needed to be actively involved and to some of the risks, delays, and socially undesirable statements that situation has created. At the same time, all of the alternatives continue to strike me as much worse, including moving the technical/administrative issues into forums in which variations on the theme of "we don't like reality, so we will vote it to be different, regardless of what they might do to the Internet or human communications in general". So, while ICANN, IMO, continues to need careful watching -- most importantly to be sure that it does not expand into "governance" issues that are outside its rational scope-- I don't see "give it to XXX" or "everyone runs off in his own direction" as viable alternatives. On the other hand, one of the nice things about the network as it is now constituted is that anyone has the option of opting-out: disconnecting, setting up a private DNS and a private addressing system, and communicating, if at all, through a restrictive, address-and-protocol-translating gateway. We even know how to run IP over X.25 and X.75, and that option is available as well. The question of who will miss anyone who takes that opt-out option is an interesting one sociologically, but the Internet has sufficient critical mass at this point, and is sufficiently important commercially in most of the world, that "opportunity to shoot yourself in the foot" might figure into such an analysis. If you are convinced of the viability of your ideas, by all means go off and try them: just be sure that your namespaces and addresses don't leak into the real network. regards, john --On Saturday, November 29, 2003 02:04 +0100 jfcm <info@utel.net> wrote: > At 23:20 28/11/03, Anthony G. Atkielski wrote: >> > I am sure that many security officers or generals would >> > feel unatease if they known their HQ IPv6 address can be >> > just one unknown bit different from the IPv6 address of a >> > ennemy computer. >> >> Nah ... security officers and generals--if they are >> competent--don't put their HQ computers on an open network >> in the first place. That only happens in the movies. > > hmm... competence in this area is to accept that what happens > in movies is just a small part of the real life. > > > This being said, I note that this thread is only oriented to > prospective numbering issues. May I take from that that none > of the suggested propositions rises any concern ? > > In particular, that there is no problem with two parallel > roots file if they want to be identical? What would happen if > one was hacked? (I note that this is the current situation of > the Internet where two deliveries of the same file are > proposed). > > The same, no one comments on secondary source for the root, > meaning that the ICANN unicity is not an intrisic need, > provided the different root files collectors strive to collect > the real data from the TLD Managers (who are authoritative, > while the root file is not). Not a problem to anyone? > > No one either comment on private TLDs, or the creation of a > virtual TLD used through Host.txt only. No one objects to the > generalization of users resolvers, the possible resulting > dissemination of the root file to all the users and their > resulting ability to fight an ICANN redelegation what is a > major issue at WSIS. > > If there are no major objection I will suggest that a "Nations > Security propositions" dratf be written as Best Practices, > based upon the introduced suggestions and the one the > participants may want to add. This will be introduced at the > coming WSIS dDecember5/6th final preparatory meeting and will > help addressing concerns expressed by several countries. > jfc
- AW: IETF58 - Network Facts Hans Peter Dittler
- national security jfcm
- RE: national security jfcm
- Re: national security Iljitsch van Beijnum
- Re[2]: national security Anthony G. Atkielski
- Re: Re[2]: national security Iljitsch van Beijnum
- Re: national security Jari Arkko
- Re[4]: national security Anthony G. Atkielski
- Re: national security Paul Vixie
- Re[2]: national security Anthony G. Atkielski
- Re: national security Jaap Akkerhuis
- Re: Re[2]: national security Spencer Dawkins
- Re[4]: national security Donald Eastlake 3rd
- Re: national security John Kristoff
- Re: Re[2]: national security Valdis.Kletnieks
- Re: Re[4]: national security Iljitsch van Beijnum
- Re[4]: national security Anthony G. Atkielski
- Re[5]: national security Anthony G. Atkielski
- Re[4]: national security Anthony G. Atkielski
- Re[6]: national security Anthony G. Atkielski
- Re: Re[4]: national security Valdis.Kletnieks
- Re[6]: national security Anthony G. Atkielski
- Re: national security jfcm
- Re[2]: national security jfcm
- Re[3]: national security Anthony G. Atkielski
- Re: Re[3]: national security Valdis.Kletnieks
- Re[3]: national security jfcm
- Re: Re[3]: national security jfcm
- Re: Re[3]: national security John C Klensin
- Re: national security Paul Robinson
- Re: national security vinton g. cerf
- Re: national security Karl Auerbach
- Re: national security vinton g. cerf
- Re: national security Karl Auerbach
- Re: national security vinton g. cerf
- Re: Re[3]: national security jfcm
- Re: national security vinton g. cerf
- Re: national security jfcm
- Re: national security Bill Manning
- Re: national security Paul Vixie
- Re: national security jfcm
- Re: national security Dean Anderson
- Re: national security Valdis.Kletnieks
- Re: national security Karl Auerbach
- Re: national security J-F C. (Jefsey) Morfin
- Re: national security Karl Auerbach
- Re: national security Masataka Ohta
- Re: national security vinton g. cerf
- Re: national security Paul Vixie
- Re[2]: national security Philip J. Nesser II
- Re: national security Michael H. Lambert
- Re: national security John C Klensin
- Re: national security jfcm
- Re: national security Michael Froomkin - U.Miami School of Law
- IPv6 addressing limitations (was "national securi… Keith Moore
- Re: IPv6 addressing limitations (was "national se… Anthony G. Atkielski
- Re: IPv6 addressing limitations (was "national se… Keith Moore
- Re: IPv6 addressing limitations (was "national se… Iljitsch van Beijnum
- Re: Re[6]: national security Kurt Erik Lindqvist
- Re: national security Kurt Erik Lindqvist
- Re: Re[3]: national security Kurt Erik Lindqvist
- Re: IPv6 addressing limitations (was "national se… Iljitsch van Beijnum
- Re[2]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re[2]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re[8]: national security Anthony G. Atkielski
- Re: IPv6 addressing limitations (was "national se… Masataka Ohta
- Re: national security Franck Martin
- Re: national security Kurt Erik Lindqvist
- Re: IPv6 addressing limitations (was "national se… Bob Hinden
- Re[2]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re: national security Dean Anderson
- Re: Re[2]: IPv6 addressing limitations (was "nati… Iljitsch van Beijnum
- Re[4]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re: Re[4]: IPv6 addressing limitations (was "nati… Valdis.Kletnieks
- Re: IPv6 addressing limitations (was "national se… Masataka Ohta
- Re[6]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re: IPv6 addressing limitations (was "national se… Masataka Ohta
- Re[2]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re: IPv6 addressing limitations (was "national se… jfcm
- Re: national security jfcm
- Re: national security jfcm
- Re: national security Kurt Erik Lindqvist
- Re: national security Kurt Erik Lindqvist
- Re: IPv6 addressing limitations (was "national se… Masataka Ohta
- Re: IPv6 addressing limitations (was "national se… Masataka Ohta
- Re: national security Franck Martin
- Re: national security Franck Martin
- Re: national security Paul Vixie
- Re: national security Dean Anderson
- Re: national security jfcm
- Re: national security Franck Martin
- Re: national security Kurt Erik Lindqvist
- Re: IPv6 addressing limitations (was "national se… Masataka Ohta
- Re[2]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re[2]: IPv6 addressing limitations (was "national… Anthony G. Atkielski
- Re: national security Iljitsch van Beijnum
- Re: Re[3]: national security jfcm
- Re: national security Dean Anderson
- Re: Re[3]: national security John C Klensin
- Re: Re[3]: national security Kurt Erik Lindqvist
- Re: national security Matt Larson
- Re: national security jfcm
- Re: national security Iljitsch van Beijnum
- Re: national security Harald Tveit Alvestrand
- Re: Re[3]: national security jfcm
- Re: national security jfcm
- Re: national security Dean Anderson
- Re: Re[3]: national security vinton g. cerf
- Re: national security Iljitsch van Beijnum
- Re: national security Jaap Akkerhuis
- Re: national security Bill Manning
- Re: national security Paul Vixie
- Re: national security Iljitsch van Beijnum
- Re: national security Franck Martin
- Re: Re[3]: national security jfcm
- Re: national security Dean Anderson
- Re: national security Joe Abley
- Re: national security Joe Abley
- Re: national security Masataka Ohta
- Re: national security Masataka Ohta
- Re: national security Joe Abley