RE: What is at stake?
This is actually a superset of the recommended work item I suggested for
the IAB last year on establishing a trust infrastructure. While my
recommendation was focused the policy issue of establishing points of
trust, your note points out that may be premature because we know that
some of the Internet participants will act to defy trust and we have no
recourse. On the other hand, if technical mechanisms existed for global
multi-party trusts to be established, recourse could be fully
distributed as people could choose to ignore untrusted parties.
From: owner-ietf(_at_)ietf(_dot_)org [mailto:owner-ietf(_at_)ietf(_dot_)org]On
Behalf Of Einar
Sent: Thursday, January 24, 2002 6:02 PM
Subject: Re: What is at stake?
At 14:10 -0800 24/01/02, Ed Gerck wrote:
Keith Moore wrote:
> There have now been multiple postings that explained
how reality was
> substantially different than you have been claiming.
> As a consequence, actual history does not support your
> In other words, Ed, the Internet does not have the
problem that you are so
> tenaciously promoting.
no, it doesn't follow. it follows only that Ed has
failed to demonstrate
And so that we might all agree, what would that problem be?
Well, my initial goal of seeing a serious discussion of the
"conformance problem" seems to have been met, though some seem to
think this is a non-issue, or perhaps that it is of no great
consequence. Or maybe "A fools's errand!"
Since Ed has quoted and referred to me, and since Ed and I have been
thinking and working together on this for about 4 years in the
context of the existence or non-existence of interpersonal
(inter-subjective) trust among Internet users and systems, I would
like to now insert a few (more or less) new ideas.
I think today's massive flood of mail does demonstrate that the
Internet once upon a time was totally controlled from a single point
of control, namely ARPA and a sub-hierarchy of ARPA Contract Agents,
such that anyone using the ARPANET cum Internet could be said to do
so under cover of certain ARPA Office Central Control Delegation of
This "control" caused all of us pioneers, including Vint and some
Dave's, and other users to be careful of what they said or did so as
to be assured of continued access to the net. This fact is
documented (in the late 1970's with a message from Dave Farber to the
MsgGroup discussion list that spelled out the fact that we all should
be careful not to exceed certain group and individual behavioral
bounds because it might bring the wrath of congress or other Govt
Critters down on ARPA and on us network users (ummm... Pioneers).
So, let it be known that we all knew we were pioneers in some new
kind of wilderness with unknown species of beasts to fear, but the
new vistas were very enticing, and so we all joined in the
exploration with enthusiasm, and some caution.
So, we were all careful, more or less, mostly.
This controlling pressure was loosely applied, but when rules are
loose, sometimes they are more effective for inducing good behavior,
because no one knows quite where the disbarment boundaries might be,
and everyone stays well back from them. It is when we are too
familiar with the rocky coastline that we are willing to sail too
close, and thus find our boats crashing and sinking. Reminds me of
ENRON;-)... They thought they knew where the limits were;-)...
For myself, during that period (1975-1993), I always made certain
that I had at least one US Govt Consulting Contract that called for
my use of the ARPA Internet to deliver my consulting work products.
I expect all of us pioneers did this, whether consciously or not.
(I do recall a few people heading for the exits though, looking for
piece of mind in the Forests of Oregon, etc.)
Very few people were ever removed, or even chastised, though in one
notable incident on the MsgGroup Mailing List, someone in DEC (more
or less) accidently posted what might be considered the first spam
EMail (addressed to every ARPANET Directory Person with a west coast
EMail address, including the entire ARPA office in Virginia;-)...
with an announcement of the showing of a new DEC-20, Model 20,
computer at some location in the Silicon Valley. ARPA officers
officially notified DEC by signed letter of its having broken the
Appropriate Use Rules, and DEC was instructed to not make this same
mistake ever again. Everyone that learned of this episode took
careful note of it.
This message is also lodged in the full MsgGroup archives at
<http://www.tcm.org/msggroup>. If need be, I will locate these
MsgGroup messages and forward the URLs to interested parties...
Also of note was the fact that in 1983, ARPA ordered a sort of flash
cutover of all ARPANET IMPs and HOSTS from NCP to TCP/IP protocols.
(The flash took a lot longer than flashes are supposed to take, but
the intention was for a "Flash" to occur. That was the last time
anyone was able to actually shut down the entire ARPA/INTERNET by
command or by system failures from any central "control point" or
"single point of failure"..
Of course, the UUCP and CSNET sub-systems kept running over their
telephone dialup connections for their own connected sites, so in
some sense even then we saw the beginnings of the loss of total
central control by any given single lowest common reporting point for
the whole Internet (as we think of it now). But, this trend was not
visible then because the UUCP and CSNET segments we saw were "only
attachments" to what we saw then as "The Net". Indeed, no one at
ARPA or anywhere else had enough authority to shut down the UUCP
CSNET was running from a single central EMail Service Host so it
could have been shut down for the cutover, but there was no logical
reason to do so for its dialup telephone connected users.
From that point forward, central control continued to
enough for the decline to be more or less imperceptible, unless one
looked back over some non-trivial number of years. Certainly at the
time of the TCP/IP cutover, no one sensed any hint of the thought
that from then forward, central control capabilities would
monotonically diminish until it was no longer possible. And most who
saw some hint of it then, now seem to have said "good riddance!"
I know I did.
I do recall Steve Wolfe saying clearly, after the cutover: "The net
will never again stop turning packets! They will continue flowing
somewhere in the net till the end of time!"
And, no one thought to plan ahead for such a long slow loss of
central control, though as a network management consultant then, I
had some sense that there was going to be some revenue generating
work for me to do in the field of decentralization! And so there
was! Much of the work of building out the net proceeded with many
people feeling secure in knowing that there was someone in charge and
in control, until suddenly one day some of us woke up and said
"Hey, Look, The Emperor has No Clothes!".
Even today in this very thread, we can see denials of this lack of
central control, and even denials of the existence of a problem with
So, indeed, we Internet Denizens have been boiled like the Proverbial
Frog, and we suddenly find our souls existing in a new world, though
we seem not to have died in the process.
Now, Ed Gerck's main point is that the original cozy feelings of
inter-personal trust and broad trust in the net that we had for each
other and for the net as a whole, were induced by the initial sense
of certain central control with punishment for bad behavior (e.g.,
banishment from the net user community).
The belated discovery that trust has disappeared since 1995 when the
NSF Appropriate Use Rules were dropped has led to some thinking about
why and where our trust went, and about what to do about it, such as
for instance, finding a new way to induce trust in the net as a whole
and among its users, without resorting all the way back to total
central control of user behavior and control of the content of their
Internet Driver's Licenses anyone?
but take note: Societies do not depend on central control for trust
inducements among their many citizens, and the same is true of our
local and global economies.
In Short: "Houston, We Have A Problem!".
How can we develop a new source for trust?
This is the problem that just came to the surface here with a
forwarded observation about some application conformance failure of
some vendor, and a question regarding what might or might not be done
about it. Or, in other words, what can we do to improve our sense of
trust for vendors when they do not conform of Open IETF Standards?
Now, for my part, I recall apologizing for inappropriate posting by
means of the EUDORA ReDirect Command (thus damaging your trust in
me), and also noting that my initial suggestion that the IAB should
write someone a letter that takes note of the non-conformance facts
(inducing even more distrust). I indeed had not thought carefully
enough about the fact that the IETF does not have the authority to
issue any such signed letter, and I was directly advised that we
should not even want the IAB to have such authority. I agreed then
with this point, and have never since repeated my unsound first shot
at a solution. So, lets pass on my faux pas, and get the to core of
Since then, a very robust discussion arose, which suggests that there
really might be a problem to be solved, if we could only figure out
what that real problem is or was.
So, I am here trying to nail down the problem. Unfortunately, it has
turned into a bit of an essay after laying down some kind of factual
base, with citations of historical events and activities. Those who
hate reading my essays will no doubt have abandoned the effort by
this point, so I will assume that if you are still with me, you find
some common sense here-in.
So, here is what I think is the problem, and I sense that trying to
solve it with denial or efforts to solve some other subproblem will
not succeed in solving the real core meta problem.
As I see it, the meta problem is that our initial primary trust
induction tool, namely "Our Original Lowest Common Single Control
Point" has disappeared into the mists of time. And nothing has moved
in to fill the gap. With no obvious inducement for trust induction
and no other available tools for inducing trust among the elements of
the net, including its users and their computer based application
tools, we are now faced with the fact that everything we see (or
sense) on our workstation screens just might be false. Even EMail
from our trusted friends! Or virus or Worm bearing messages from
Any similarity with the great mind experiment of Rene' DesCartes, is
surely an accidental synergy, since this was not the objective of the
founding of the ARPANET or the INTERNET, or anything in between.
But, none-the-less, here we all are, trying to figure out what we
actually know, in the face of this distrust of what we see on our
It is interesting to watch from the sidelines as the entire Internet
population engages in the Modern Internet Version of DesCartes Mind
Experiment without knowing what was the Primary Experimental Question.
So, the contemporary question is:
"Assuming that all that you sense on your screen might be false,
what do you know?"
Or in this situation:
"Where did our trust go, and how can we get it back?"
Until we get it back:
"Houston, We Have A Problem!"
|<Prev in Thread]
||[Next in Thread>
of control and frogs, Re: What is at stake?, Ed Gerck
- Re: What is at stake?, (continued)
- Re: What is at stake?, Michael Hammer
- Re: What is at stake?, vint cerf
- Re: What is at stake?, Tony Hansen
- Re: What is at stake?, Bill Manning
- Re: What is at stake?, Ed Gerck
- Re: What is at stake?, Dave Crocker
- Re: What is at stake?, Ed Gerck
- Re: What is at stake?, Keith Moore
- Re: What is at stake?, Ed Gerck
- Re: What is at stake?, Einar Stefferud
- RE: What is at stake?,
Tony Hain <=
- Perceptions... Re: What is at stake?, grenville armitage
- Re: Perceptions... Re: What is at stake?, Einar Stefferud
- Re: What is at stake?, Dave Crocker
- Re: What is at stake?, Michael StJohns