ietf
[Top] [All Lists]

Re: just a brief note about anycast

2003-12-10 12:20:13
At 08:34 10/12/03, Kurtis Lindqvist wrote:
There are also a lot of statements on what nations needs in terms of
security and stability. At the same time other nations have solved that
need with the existing model. And they have shared expereinces. IF that is
the problem, there is knowledge to be used.

This is exactly the case. The most experienced country, the United
States of America, have evaluated the threat represented by the
Internet. This lead to a wide debate, including public hearings in 10
major cities town halls. Thousands of contributions have been studied.
ICANN dedicated the 2001 MdR meeting to the matter. The study was
carried by the responsible for White House security issues (Richard
Clarke) a person accepted worldwide as a professionnal. He was
assisted by Howard Schmidt, known as being Microsoft specialist
of security issues (please our American colleagues check what I
write). This resulted in a pre-study published on September 15th,
2002. And to a national strategy I will quote againg which is
certainly the gateway of every nations concerned people:
(http://whotehouse.gov/pcipb).

The priroities concerning these security issues are DNS, IPSec,
IPv6 and Gateway protocols. The DoD decisions enacting the
support of IPv6 following that policy have been widely discussed
among all the IPv6 related groups.

What can be rememebred from the first issue was the increase
in the curbs of risks and hacking, the increase of spam that just
followed, and the evaluation that the possible death toll was
nuclear equivalent (Clarke). People may not like G. Bush, but
people do believe the US Administration and DHS are serious
about terrorism. Parts of the world believe that seriousness is
both against terrorism and about carrying it. I will not judge that
but if you want to understand the pressure, you have to accept
that of what we really talk in here. People are not disputing
ICANN in Geneve (they just expell Twomey), they understand
they vote for their own country's "skin".

Where IETF is concerned is that simple solutions - like the one
I initially listed - can do four things.

1. to remove responsibility from the root operators. Do you
    really want them to feel sometimes responsible for an
    Hiroshima. Read the WH draft document.

2. to make it quite impossible to happen in considering
    the real world of today, instead of the university projects
    of 1983.

3. to help international cooperation and save the net.
    What is the impact of the US strategy? Some are more
    afraid of the US solution. This is called the "e-colonization".
    Why? Because we are on a single network. So, as Clarke
    put it from the very beginning the threat is local, regional,
    national, and global. And very politely he said, so the US
    answer will local, regional, and national. Hey! national
    surety must be global. This means that the world
    is to chose to be under DHS's cybersecure umbrella or
    to fight the USA and to get its own surety solution.
    This is what is the ITU stuff about. We are in the post
    9/11 area.

    Today W3C/TAG issued a last call for their architecture
    document. It would be too bad that the internet splits
    etc... just because IAB has not published an Internet
    equivalent.

    An African image about thear fear is the "syndrome du
    pachyderme dans le marigot". The sydrom of the elephant
    in the small mud pool.

4. to save the internets reputation in case of trouble. I was
    in the USA the day of the first Shuttle. What stroke me
    was that everyone understood the key that Glenn gave
    in landing in Cape Kennedy. He said "It had to happen".
    This is what Reagan explained the nation and the kids in
    the after-noon: dramas happen with human development,
    adventures. The DNS is many many time the Titanic in
    size. The Titanic had compartments to stop the flooding.
    DNS has not.

    But the worst would be a psychological set back. I come
    back to the shuttle. That day they asked people if they
    would like to go to space. Figures were low. But the day
    after the national consciousness it sky rocketed (no pun).
    People accepted the challenge. Now, think of major
    problem: we need to give people reasons to use the net
    again. And to continue to invest. For that we need to be
    like NASA. To go back to development, models, etc. and
    to be ready with an explanation and a plan. Not just
    repeat "stick to the RFCs".

    Today we suffer spam. The people were afraid their mails
    were exposed with SiteFinder. What about mails lost all
    over the planet because of a major DNS instability. Even
    if none was exposed, who would believe it. When you
    meet a top politician or a banker this is his first question.
    "Mails ?"

    There is a name for that: "the Second Internet Shock". And
    no one wants it. I do not think there is a better place to
    try to avoid it than on this list. Starting a WG on that issue.
    With a clean sheat charter. Reviewing everything.

The situation of the other nations is no different from the USA
in terms of risks (except the one still relying on OSI for their
critical infrastructures - less connected to the internets).

Where their situation drastically differs - and this IS the WSIS
issue - it is in regards to the root system. The issue is NOT the
root regional servers as the Linke-Minded Countries where first
and may still partly mislead. It is the root file generation. This
is why the object to ICANN.

Why ?

1. Peace and goodwill

   Because only he USA can use it to address an abnormal
    situation, with their own priorities, delays, verification
    procedures. Ex. KPNQuest.

    Dont tell me no one was hurt. We all know incredible
    situations were no one was hurt. And other very common
    were people died. Like going to work on 9/11.

    What they want is as much as possible risk 0. And
    they are not confident.

2. Error

   The current root managers are not accountable. This
    means they are not insurred. Since no insurrance
    company will accept a rootfile error or a root sever
    hacking etc. as an act of God, the tremendous
    possible costs of a DNS error are NOT insurred.
    Happily no (major) one yet.

    But the whole Internet budget may go sometimes
    into that. Years and years of huge compensations.
    Is that a very thing to be a non insurred root server
    volontary? I know it is no good to ask that. But this
    is the real world. More lawyers than IETF members.

3. Catastrophy - physical, mental or financial

   Let assume that SiteFinder Inc. wants to play with
    the root as Verisign did with .com, or goes broke
    as KPNQuest, or the Erie line Scada systems
    makes it again, but during an East-Coast blizzard
    strom scaling the 1996 winter Canadian situation.
    What will be the contengency plan for the world?
    15 days after the black-out English and French hosts
    could still not be accessed from East Coast. Some
    got urgent mirrors in Far-East.

    Dont tell me: this or that. Follow that procedure. If
    people did this or that. etc. We are in real life.

4. War - International crisis

   The one who controls the root has an e-embargo
    power not voted by UN. In the Iraq crisis USA
    solved the problem in puting the .iq manager into
    jail for another reason. But what Bush could do?

    Without ITU being in charge releiving him from the
    dilemna (the e-show must go on), what to decide?
    The first US Soldier killed because of an internet
    information, or e-mail coordination by the local
    resistance, this will be an uprorar in the press :
    "why did he not used the root?".

    Without the ITU many people would have grieved
    or died because international lines had not been
    protected by the nations. As I noted, ITU is NOT
    standards first. It is the Embassadors Lounge,
    were the world is informed of the situation and some
    Embassadors restore links in sending green berets.

    Let get us real, please.

If this is a policital problem, and a problem of national egos -
then the ITU won't help.

The ITU solves another part of the problem. ITU is to make
the e-show go on. ITU adresses the elephant problem. Not
the technical problem. ITU makes every country equal.
This then may help to define common standards, from
the operators needs point of view (an operator arena).

We talk of "ITU". There is no "ITU". There is an "ITU-T",
an "ITU-R", etc. We can only (and we need to) loby to
get build an ITU-I.

Our next urgent problem if to find the way to have
(usualy) the same root compiled everywhere, and the
procedures to crosscheck its consistency. Before
the politicians impose it. If we provide the solution
first, IETF will stay around. If it is imposed on us,
standards will enter an unstability period,  when we
need them to be the most stable to build innovation
a top.

All the more than once it is freed from 20 years status
quo, the root file will become a matrix and will be far
more complex to understand and control.

No good technical development come from
embassadors or polticians. However this week they
have the lead.
jfc






<Prev in Thread] Current Thread [Next in Thread>