RE: What is at stake?

Stef,

This is actually a superset of the recommended work item I suggested for
the IAB last year on establishing a trust infrastructure. While my
recommendation was focused the policy issue of establishing points of
trust, your note points out that may be premature because we know that
some of the Internet participants will act to defy trust and we have no
recourse. On the other hand, if technical mechanisms existed for global
multi-party trusts to be established, recourse could be fully
distributed as people could choose to ignore untrusted parties.

Tony

> -----Original Message-----
> From: owner-ietf(_at_)ietf(_dot_)org [mailto:owner-ietf(_at_)ietf(_dot_)org]On
> Behalf Of Einar
> Stefferud
> Sent: Thursday, January 24, 2002 6:02 PM
> To: ietf(_at_)ietf(_dot_)org
> Subject: Re: What is at stake?
>
>
> +++++++++++++++++++++++++++++++++++++++++
> At 14:10 -0800 24/01/02, Ed Gerck wrote:
> > Keith Moore wrote:
> >
> > >  > There have now been multiple postings that explained
> how reality was
> > >  > substantially different than you have been claiming.
> > >  >
> > >  > As a consequence, actual history does not support your
> conclusion.
> > >  >
> > >  > In other words, Ed, the Internet does not have the
> problem that you are so
> > >  > tenaciously promoting.
> > >
> > >  no, it doesn't follow.  it follows only that Ed has
> failed to demonstrate
> > >  the problem.
> > And so that we might all agree, what would that problem be?
> >
> > Cheers,
> >
> > Ed Gerck
> +++++++++++++++++++++++++++++++++++++++++
>
> Well, my initial goal of seeing a serious discussion of the
> "conformance problem" seems to have been met, though some seem to
> think this is a non-issue, or perhaps that it is of no great
> consequence.  Or maybe "A fools's errand!"
>
> Since Ed has quoted and referred to me, and since Ed and I have been
> thinking and working together on this for about 4 years in the
> context of the existence or non-existence of interpersonal
> (inter-subjective) trust among Internet users and systems, I would
> like to now insert a few (more or less) new ideas.
>
> I think today's massive flood of mail does demonstrate that the
> Internet once upon a time was totally controlled from a single point
> of control, namely ARPA and a sub-hierarchy of ARPA Contract Agents,
> such that anyone using the ARPANET cum Internet could be said to do
> so under cover of certain ARPA Office Central Control Delegation of
> Permissions.
>
> This "control" caused all of us pioneers, including Vint and some
> Dave's, and other users to be careful of what they said or did so as
> to be assured of continued access to the net.  This fact is
> documented (in the late 1970's with a message from Dave Farber to the
> MsgGroup discussion list that spelled out the fact that we all should
> be careful not to exceed certain group and individual behavioral
> bounds because it might bring the wrath of congress or other Govt
> Critters down on ARPA and on us network users (ummm... Pioneers).
> So, let it be known that we all knew we were pioneers in some new
> kind of wilderness with unknown species of beasts to fear, but the
> new vistas were very enticing, and so we all joined in the
> exploration with enthusiasm, and some caution.
>
> So, we were all careful, more or less, mostly.
>
> This controlling pressure was loosely applied, but when rules are
> loose, sometimes they are more effective for inducing good behavior,
> because no one knows quite where the disbarment boundaries might be,
> and everyone stays well back from them.  It is when we are too
> familiar with the rocky coastline that we are willing to sail too
> close, and thus find our boats crashing and sinking.  Reminds me of
> ENRON;-)...  They thought they knew where the limits were;-)...
>
> For myself, during that period (1975-1993), I always made certain
> that I had at least one US Govt Consulting Contract that called for
> my use of the ARPA Internet to deliver my consulting work products.
> I expect all of us pioneers  did this, whether consciously or not.
> (I do recall a few people heading for the exits though, looking for
> piece of mind in the Forests of Oregon, etc.)
>
> Very few people were ever removed, or even chastised, though in one
> notable incident on the MsgGroup Mailing List, someone in DEC (more
> or less) accidently posted what might be considered the first spam
> EMail (addressed to every ARPANET Directory Person with a west coast
> EMail address, including the entire ARPA office in Virginia;-)...
> with an announcement of the showing of a new DEC-20, Model 20,
> computer at some location in the Silicon Valley.  ARPA officers
> officially notified DEC by signed letter of its having broken the
> Appropriate Use Rules, and DEC was instructed to not make this same
> mistake ever again.  Everyone that learned of this episode took
> careful note of it.
>
> This message is also lodged in the full MsgGroup archives at
> <http://www.tcm.org/msggroup>.  If need be, I will locate these
> MsgGroup messages and forward the URLs to interested parties...
>
> Also of note was the fact that in 1983, ARPA ordered a sort of flash
> cutover of all ARPANET IMPs and HOSTS from NCP to TCP/IP protocols.
> (The flash took a lot longer than flashes are supposed to take, but
> the intention was for a "Flash" to occur.  That was the last time
> anyone was able to actually shut down the entire ARPA/INTERNET by
> command or by system failures from any central "control point" or
> "single point of failure"..
>
> Of course, the UUCP and CSNET sub-systems kept running over their
> telephone dialup connections for their own connected sites, so in
> some sense even then we saw the beginnings of the loss of total
> central control by any given single lowest common reporting point for
> the whole Internet (as we think of it now).  But, this trend was not
> visible then because the UUCP and CSNET segments we saw were "only
> attachments" to what we saw then as "The Net".  Indeed, no one at
> ARPA or anywhere else had enough authority to shut down the UUCP
> network.
> CSNET was running from a single central EMail Service Host so it
> could have been shut down for the cutover, but there was no logical
> reason to do so  for its dialup telephone connected users.
>
>  From that point forward, central control continued to
> diminish slowly
> enough for the decline to be more or less imperceptible, unless one
> looked back over some non-trivial number of years.  Certainly at the
> time of the TCP/IP cutover, no one sensed any hint of the thought
> that from then forward, central control capabilities would
> monotonically diminish until it was no longer possible.  And most who
> saw some hint of it then, now seem to have said "good riddance!"
>
> I know I did.
>
> I do recall Steve Wolfe saying clearly, after the cutover:  "The net
> will never again stop turning packets!  They will continue flowing
> somewhere in the net till the end of time!"
>
> And, no one thought to plan ahead for such a long slow loss of
> central control, though as a network management consultant then, I
> had some sense that there was going to be some revenue generating
> work for me to do in the field of decentralization!  And so there
> was!  Much of the work of building out the net proceeded with many
> people feeling secure in knowing that there was someone in charge and
> in control, until suddenly one day some of us woke up and said
>
>       "Hey, Look, The Emperor has No Clothes!".
>
> Even today in this very thread, we can see denials of this lack of
> central control, and even denials of the existence of a problem with
> it.
>
> So, indeed, we Internet Denizens have been boiled like the Proverbial
> Frog, and we suddenly find our souls existing in a new world, though
> we seem not to have died in the process.
>
> Now, Ed Gerck's main point is that the original cozy feelings of
> inter-personal trust and broad trust in the net that we had for each
> other and for the net as a whole, were induced by the initial sense
> of certain central control with punishment for bad behavior (e.g.,
> banishment from the net user community).
>
> The belated discovery that trust has disappeared since 1995 when the
> NSF Appropriate Use Rules were dropped has led to some thinking about
> why and where our trust went, and about what to do about it, such as
> for instance, finding a new way to induce trust in the net as a whole
> and among its users, without resorting all the way back to total
> central control of user behavior and control of the content of their
> information exchanges.
>
>       Internet Driver's Licenses anyone?
>
> but take note: Societies do not depend on central control for trust
> inducements among their many citizens, and the same is true of our
> local and global economies.
>
> In Short:  "Houston, We Have A Problem!".
>
> How can we develop a new source for trust?
>
> This is the problem that just came to the surface here with a
> forwarded observation about some application conformance failure of
> some vendor, and a question regarding what might or might not be done
> about it.  Or, in other words, what can we do to improve our sense of
> trust for vendors when they do not conform of Open IETF Standards?
>
> Now, for my part, I recall apologizing for inappropriate posting by
> means of the EUDORA ReDirect Command (thus damaging your trust in
> me), and also noting that my initial suggestion that the IAB should
> write someone a letter that takes note of the non-conformance facts
> (inducing even more distrust).  I indeed had not thought carefully
> enough about the fact that the IETF does not have the authority to
> issue any such signed letter, and I was directly advised that we
> should not even want the IAB to have such authority.  I agreed then
> with this point, and have never since repeated my unsound first shot
> at a solution.  So, lets pass on my faux pas, and get the to core of
> the issue.
>
> Since then, a very robust discussion arose, which suggests that there
> really might be a problem to be solved, if we could only figure out
> what that real problem is or was.
>
> So, I am here trying to nail down the problem.  Unfortunately, it has
> turned into a bit of an essay after laying down some kind of factual
> base, with citations of historical events and activities.  Those who
> hate reading my essays  will no doubt have abandoned the effort by
> this point, so I will assume that if you are still with me, you find
> some common sense here-in.
>
> So, here is what I think is the problem, and I sense that trying to
> solve it with denial or efforts to solve some other subproblem will
> not succeed in solving the real core meta problem.
>
> As I see it, the meta problem is that our initial primary trust
> induction tool, namely "Our Original Lowest Common Single Control
> Point" has disappeared into the mists of time.  And nothing has moved
> in to fill the gap.  With no obvious inducement for trust induction
> and no other available tools for inducing trust among the elements of
> the net, including its users and their computer based application
> tools, we are now faced with the fact that everything we see (or
> sense) on our workstation screens just might be false.  Even EMail
> from our trusted friends!  Or virus or Worm  bearing messages from
> IETF-Discuss!
>
> Any similarity with the great mind experiment of Rene' DesCartes, is
> surely an accidental synergy, since this was not the objective of the
> founding of the ARPANET or the INTERNET, or anything in between.
> But, none-the-less, here we all are, trying to figure out what we
> actually know, in the face of this distrust of what we see on our
> screens.
>
> It is interesting to watch from the sidelines as the entire Internet
> population engages in the Modern Internet Version of DesCartes Mind
> Experiment without knowing what was the Primary Experimental Question.
>
> So, the contemporary question is:
>
>       "Assuming that all that you sense on your screen might be false,
>        what do you know?"
>
> Or in this situation:
>
>       "Where did our trust go, and how can we get it back?"
>
> Until we get it back:
>
>       "Houston, We Have A Problem!"
>
> Cheers...\Stef