PKI is all politics. A PKI is a political infrastructure.
Saying that politics and business rules are out of scope when you
propose a PKI design is basically saying that you aren't going to look
at any of the issues that are relevant to the design.
Sandra Murphy is right when she says that political and business fears
don't have to be rooted in 'technical truth' (whatever that is). They
do not have to be grounded in any form of reality. They can be
completely and utterly unreasonable. And they can be held by people
who have the ability to totally block any chance of deployment.
'Trust me' is not a convincing argument in this context.
Unless you hadn't noticed, cyber-conflict is now real. Back during the
last US Presidential election I was advised that both campaigns had
been penetrated in attacks originating from a Chinese government
agency. The examples that are making the press are only some of the
attacks taking place. Attacks originating in the US do not get as much
attention.
In this environment it seems rather naive to believe that these
parties can be persuaded to acquiesce to the deployment of a PKI that
requires their participation.
Not changing the political or business relationships of the parties
has to be a criteria in the design of any global information
infrastructure if deployment is going to have a chance of success.
On Mon, Feb 15, 2010 at 7:01 PM, SM <sm(_at_)resistor(_dot_)net> wrote:
At 16:50 14-02-10, Masataka Ohta wrote:
Perhaps, a threat will be by an ISP trying to advertise someone
else's address range as its own.
Quoting Sandra Murphy [1]:
"Political and business fears don't have to be rooted in technical
truth, unfortunately."
At 19:48 14-02-10, Phillip Hallam-Baker wrote:
I don't think that any member of the IAB would claim that their
expertise in the PKI field precluded debate.
Your message did not make it to the IETF mailing list.
I am not privy to all the details to argue against an IAB statement. This
should not be read as a licence to kill. :-)
This is not a technical issue, it is a political issue. IANA and ICANN
have a really, really bad record when it comes to setting up root
authorities. Any plan that requires their involvement is going to take
considerably more time and effort than one where their involvement is
optional.
Any long-term consequence will be of a political nature. It goes beyond the
IANA function and ICANN. The conventional world is used to having some form
of authority for regulation. The "routing by rumor" approach does not fit
that view. Some considerations may seem far-fetched. I'll leave it as
such.
There are five RIRs, this number is not going to increase in the short
term. Participation of the RIRs is critical for an authoritative
system. Participation of ICANN is not.
It's up to the interested parties to work out the details.
The risk of including ICANN is that misguided or not, there are lots
of people who have concerns as to the power that the US exercises over
the Internet through their defacto control of ICANN. One common
concern is that the US could use such control to ensure that US ISPs
were favored in the distribution of the remaining IPv4 blocks.
I don't think that the distribution of the remaining IPv4 blocks is that
much of an issue.
I would not draw parallels between DNS and IDR as the dynamics are
different. I don't assume that the goal is always about wrecking havoc.
These are classic threats that RPKI can address.
Regards,
-sm
1. http://www.ietf.org/mail-archive/web/sidr/current/msg01099.html
--
--
New Website: http://hallambaker.com/
View Quantum of Stupid podcasts, Tuesday and Thursday each week,
http://quantumofstupid.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf