At 08:34 10/12/03, Kurtis Lindqvist wrote:
There are also a lot of statements on what nations needs in terms of
security and stability. At the same time other nations have solved that
need with the existing model. And they have shared expereinces. IF that is
the problem, there is knowledge to be used.
This is exactly the case. The most experienced country, the United
States of America, have evaluated the threat represented by the
Internet. This lead to a wide debate, including public hearings in 10
major cities town halls. Thousands of contributions have been studied.
ICANN dedicated the 2001 MdR meeting to the matter. The study was
carried by the responsible for White House security issues (Richard
Clarke) a person accepted worldwide as a professionnal. He was
assisted by Howard Schmidt, known as being Microsoft specialist
of security issues (please our American colleagues check what I
write). This resulted in a pre-study published on September 15th,
2002. And to a national strategy I will quote againg which is
certainly the gateway of every nations concerned people:
(http://whotehouse.gov/pcipb).
The priroities concerning these security issues are DNS, IPSec,
IPv6 and Gateway protocols. The DoD decisions enacting the
support of IPv6 following that policy have been widely discussed
among all the IPv6 related groups.
What can be rememebred from the first issue was the increase
in the curbs of risks and hacking, the increase of spam that just
followed, and the evaluation that the possible death toll was
nuclear equivalent (Clarke). People may not like G. Bush, but
people do believe the US Administration and DHS are serious
about terrorism. Parts of the world believe that seriousness is
both against terrorism and about carrying it. I will not judge that
but if you want to understand the pressure, you have to accept
that of what we really talk in here. People are not disputing
ICANN in Geneve (they just expell Twomey), they understand
they vote for their own country's "skin".
Where IETF is concerned is that simple solutions - like the one
I initially listed - can do four things.
1. to remove responsibility from the root operators. Do you
really want them to feel sometimes responsible for an
Hiroshima. Read the WH draft document.
2. to make it quite impossible to happen in considering
the real world of today, instead of the university projects
of 1983.
3. to help international cooperation and save the net.
What is the impact of the US strategy? Some are more
afraid of the US solution. This is called the "e-colonization".
Why? Because we are on a single network. So, as Clarke
put it from the very beginning the threat is local, regional,
national, and global. And very politely he said, so the US
answer will local, regional, and national. Hey! national
surety must be global. This means that the world
is to chose to be under DHS's cybersecure umbrella or
to fight the USA and to get its own surety solution.
This is what is the ITU stuff about. We are in the post
9/11 area.
Today W3C/TAG issued a last call for their architecture
document. It would be too bad that the internet splits
etc... just because IAB has not published an Internet
equivalent.
An African image about thear fear is the "syndrome du
pachyderme dans le marigot". The sydrom of the elephant
in the small mud pool.
4. to save the internets reputation in case of trouble. I was
in the USA the day of the first Shuttle. What stroke me
was that everyone understood the key that Glenn gave
in landing in Cape Kennedy. He said "It had to happen".
This is what Reagan explained the nation and the kids in
the after-noon: dramas happen with human development,
adventures. The DNS is many many time the Titanic in
size. The Titanic had compartments to stop the flooding.
DNS has not.
But the worst would be a psychological set back. I come
back to the shuttle. That day they asked people if they
would like to go to space. Figures were low. But the day
after the national consciousness it sky rocketed (no pun).
People accepted the challenge. Now, think of major
problem: we need to give people reasons to use the net
again. And to continue to invest. For that we need to be
like NASA. To go back to development, models, etc. and
to be ready with an explanation and a plan. Not just
repeat "stick to the RFCs".
Today we suffer spam. The people were afraid their mails
were exposed with SiteFinder. What about mails lost all
over the planet because of a major DNS instability. Even
if none was exposed, who would believe it. When you
meet a top politician or a banker this is his first question.
"Mails ?"
There is a name for that: "the Second Internet Shock". And
no one wants it. I do not think there is a better place to
try to avoid it than on this list. Starting a WG on that issue.
With a clean sheat charter. Reviewing everything.
The situation of the other nations is no different from the USA
in terms of risks (except the one still relying on OSI for their
critical infrastructures - less connected to the internets).
Where their situation drastically differs - and this IS the WSIS
issue - it is in regards to the root system. The issue is NOT the
root regional servers as the Linke-Minded Countries where first
and may still partly mislead. It is the root file generation. This
is why the object to ICANN.
Why ?
1. Peace and goodwill
Because only he USA can use it to address an abnormal
situation, with their own priorities, delays, verification
procedures. Ex. KPNQuest.
Dont tell me no one was hurt. We all know incredible
situations were no one was hurt. And other very common
were people died. Like going to work on 9/11.
What they want is as much as possible risk 0. And
they are not confident.
2. Error
The current root managers are not accountable. This
means they are not insurred. Since no insurrance
company will accept a rootfile error or a root sever
hacking etc. as an act of God, the tremendous
possible costs of a DNS error are NOT insurred.
Happily no (major) one yet.
But the whole Internet budget may go sometimes
into that. Years and years of huge compensations.
Is that a very thing to be a non insurred root server
volontary? I know it is no good to ask that. But this
is the real world. More lawyers than IETF members.
3. Catastrophy - physical, mental or financial
Let assume that SiteFinder Inc. wants to play with
the root as Verisign did with .com, or goes broke
as KPNQuest, or the Erie line Scada systems
makes it again, but during an East-Coast blizzard
strom scaling the 1996 winter Canadian situation.
What will be the contengency plan for the world?
15 days after the black-out English and French hosts
could still not be accessed from East Coast. Some
got urgent mirrors in Far-East.
Dont tell me: this or that. Follow that procedure. If
people did this or that. etc. We are in real life.
4. War - International crisis
The one who controls the root has an e-embargo
power not voted by UN. In the Iraq crisis USA
solved the problem in puting the .iq manager into
jail for another reason. But what Bush could do?
Without ITU being in charge releiving him from the
dilemna (the e-show must go on), what to decide?
The first US Soldier killed because of an internet
information, or e-mail coordination by the local
resistance, this will be an uprorar in the press :
"why did he not used the root?".
Without the ITU many people would have grieved
or died because international lines had not been
protected by the nations. As I noted, ITU is NOT
standards first. It is the Embassadors Lounge,
were the world is informed of the situation and some
Embassadors restore links in sending green berets.
Let get us real, please.
If this is a policital problem, and a problem of national egos -
then the ITU won't help.
The ITU solves another part of the problem. ITU is to make
the e-show go on. ITU adresses the elephant problem. Not
the technical problem. ITU makes every country equal.
This then may help to define common standards, from
the operators needs point of view (an operator arena).
We talk of "ITU". There is no "ITU". There is an "ITU-T",
an "ITU-R", etc. We can only (and we need to) loby to
get build an ITU-I.
Our next urgent problem if to find the way to have
(usualy) the same root compiled everywhere, and the
procedures to crosscheck its consistency. Before
the politicians impose it. If we provide the solution
first, IETF will stay around. If it is imposed on us,
standards will enter an unstability period, when we
need them to be the most stable to build innovation
a top.
All the more than once it is freed from 20 years status
quo, the root file will become a matrix and will be far
more complex to understand and control.
No good technical development come from
embassadors or polticians. However this week they
have the lead.
jfc