Re: DARPA get's it right this time, takes aim at IT sacred cows

At 21:45 15/03/04, Scott Michel wrote:

jfcm wrote:
Interesting as this matches the conclusions of our own meetings in Dec/Jan
on national vulnerability to internet.
Sounds like the internet is a threat, not a tool. (Ok, I know you're not anative English speaker, but it was hard to resist.)

It sounds right. The threats are the weaknesses of the tool. And theirimpact on cirtical resources.Let assume the DNS "stops" (attacked, polluted, hijacked, disputed): whatis the impact on the nation?

We identified five main (immediate/middle terms) threats (and agree withthe USG they may be critical [we say "vital"]):

- DNS centralization
- IPv6 unique numbering plan
- mail usage architecture (not SMTP)
- governance confusion
- non concerted national R&Ds (starting withthe US one)

This lead to the notion of "national firewall". Not the same architectureand layers as a local firewall, but an equivalent mission. One can considerglobal, users groups and local firewalling. Global means to preventdestructive access to the nets (like sending spammers to jail, making surethe root is stable, secure and safe, reaction to PathFinder like attempts).Users Groups (nations, regions/states, cities, structures, coporationsetc.) mean addressing, directory, access portall protection. Local is whatwe are used to (but here port and traffic filtering should be less and lessthe main issue and call for more sophisticated tools).

Agreed. But for a non US observer this sounds in line with the pro-IPv6
stance of DoD: obeying http://whitehouse.gov/pcipb marching orders.
To be fair, it was NATO and the Allies who started in the v6 directionfirst. DoD is just merely keeping up with its various international partners.

hmmm. May be you did not evaluate what the worldwide control of IPv6.001gives to who allocates the addresses (ICANN) and whould build an run anIPv6 "DNS".

May be am I candid, but I tend to think that when a military person speaks,
it is with a purpose. And usually that telling what you exactly want is the
best way to obtain it. The article does not say they want to kill IP, but
that they want solutions. There are three possibilities to support changes:
- to fix IP
- to change IP
- to replace IP
Generally speaking, military officers do speak with a purpose in mind, butI disagree that the thrust you're enumerating. "Fix IP" is probably true,"Change IP" fits with "Fix IP", but "Replace IP" is patently untrue. Afterall, the DoD spent a lot of time and money on ATM in the mid and late 90'sonly to fall back to IP. ATM was an abject failure.

I will not comment on ATM. "Fix IP" means in my mind to keep IPv4/IPv6 andmodifiy some features. "Change IP" means to look at a new IPvX. "ReplaceIP" means another kind of protocol/paradigm. I do not talk abuot what DARPAmay do, but what we have as options.

I read they have identified a need (the same as NSI said they had a need
through PathFinder) and that the ball is in the IAB and IETF's field (for a
short while if you consider how long NSI awaited before suing ICANN)
I'm not sure I agree with this at all -- the research community is muchmore agile than the IETF and IAB, so it's more likely that the IETF willplay catch-up as the DARPA reearch produces tangible results.

I think we agree there. I say the ball is in IAB/IETF field, and that theyhave to move fast, or DARPA and many others will take the lead.

The problem is that this "agility" is to be housed somewhere. Let assumeDARPA produces tangible results soon (what I is quite credible) we are notin the 80s anymore, on "ARPA Internet". We are on Global Internet, and aGlobal body is to publish it. This leads to ITU. And as long as ITU-I hasnot been created on purpose, I am afraid it is acceptable to no one.

Let see the situation through military eyes. The battlefield is what it is.
For the new Cyber Forces, the internet battlefield is what is used
today. So they are interested in what is available/under serious
development - or in what worked before/aside the IP technology and
which could be deployed quick (so, most probably a total change for
a clean sheet, low cost and confidential restart).
The emphasis is and has been "network centric warfare". The current DARPAdirector is interested in a good mix of solutions that can be deployed inthe immediate, near and future terms. "Deployed" as in "deployed out inthe field with the warfighter" (on the back of a US Marine.)

We agree. But we are considering today/tomorrow warfare. The Irak actionstarted with the first real "cyberbattle", a two days saturation spammingpreparation. Exactly like before a Marines landing with artillery (whatthey had on the boarder too if I am right?).

Snipers coordinate through cyberspace. Soft unstabilization of Europe ishopefully right now a cyber activity, rather than a Marines one :-).

Throwing away the current IP infrastructure or completely redesigning theprotocols would be one of those way off in the future projects and hasvery little chance for success (refer to the DoD and ATM as a good example.)

Throwing away current IP would be stupid. Because it is here. But we allknow that IP cannot support most of what we miss today (in most of thecases this is the reason why we miss them).

Your army combat engineer example is a fairly decent metaphor for what theproposed programs want, but throwing away IP is not a tenable solution.
May I suggest, that these guys' priority is not really to respect RFCs,
but to protect your lifes?
Protecting the warfighter's life, actually.

hmmm. I think you really need to read http://whitehouse.gov/pcipb. Thedocumented priority is not only the warfighter's life, but the nation'slife and way of life, in protecting critical installations and systems.SCADAs are a priority. I agree that DARPA looks also how to quickly deployresponses for urban warfare. But it is "also". All the more thancyberwarfare is a very important key to urban warfare.

Real life is not monolithic. Fighting for one model against another is
a very strange idea. Would aggregating models, so they may have
some consistency (as the low layers do) and synergy, and picking the
one which works for each task at hands, not be a more pragmatic and
scientific approach?
No, real life is not monolithic, but invariant models like the 4- and7-layer models describe real systems and relationships. This was true afew minutes ago when last I looked at mathematics and physics, and theirsuccess at describing real world phenomena.
I'm not saying the model is complete, just like physics is still lookingfor its TOE model. But the model isn't completely wrong, either.Augmenting the 4- and 7-layer models with what's been learned is asubstanstive effort that will produce results, but somewhere, someone hasto propose what's missing and what needs to be added.

Full agreement. My model - somewhat validated over the last 20 years - isnot "augmented" but aggregating (and augmented thourgh operation and usagelayers/parts). If the 4, 7 or any other model work for aspecific need, itis just fine, as long as all the models are permitted to interact.

May I suggest that the example is good as an image.
SMTP's problems are a better example of what's needed, not of what'swrong. I'd vehemently argue that SMTP isn't broken because it works. Ifone is going to replace SMTP, the replacement had better do what SMTP nowdoes. SMTP does show its age from its origins in batch-mode processingdays, but there comes a point at which "plus ca change, plus c'est la memechose" when applied to new solutions.

Full agreement. You were objectng that SMTP was not a good image: I justresponded it was a good icon of what basically is flawed - ie the "openpostal" concept which permits spoofing to be a global conceptual component.

Now, I do not only agree about SMTP, but I think it suffered to be too muchenhanced. You were objected about "batch processing" days. I understandwhat you mean. OK, the "mail" concept was first used to report on thesuccess of a "batch" (script). And I do not really understand what would bewrong about "batch" - this is only a sophisticated repetitve or one shotcommand. An SQL request is a batch. Interactive commands only is irrealistic.

To come back to SMTP, you are right. Degrade SMTP to its minimum (fullcompatibility with existing deployment) and use it only as an ubiquitoussignaling transport system in a store and retrieve architecture (memorysharing). You then have a good and fully compaitible transition to the nextnetwork paradigm.

Why not to have a try at:
- analyzing an extended network model where the datacoms
various models and layers are encapsulated into the physical,
operational and usage layers?
So long as it stays in 3 dimensions, which is what most people cantractably handle. If it can't be easily visualized, it's not going to besuccessful. Also keep in mind that humans aren't particularly good atdrawing 3d diagrams on paper (I'd argue that's one of the successes of the2d layer diagrams.)


Full agreement.

The model I use is only partly 3D (a cylinder figured through half acovering elipse on the top - like an open binder you would look from thecover side). This is only to show two things:- the unlimited continuity there should be at the same layers - whateverthe layers may be. And to sort it (like from individual to groups)

- the fact there are common spines.

The 2d layer diagrams are good as snapshots. My "binder" parabole pemits toshow they are only snapshots which are to fit together. And that they havesome elements/constraints in common.

- accepting that the datacoms ecosystem needs to support many
different data and objects granularities, including the current IP
ones. And to have a try at a universal packet protocol, starting
from IP as the prevalent one, and progressively extended its
capabilities?
Well, sure, that makes sense, but I'm going to doubt that you're going tofind an universal packet protocol that's any more universal than IP.


:-) Wich IP ?

The point is not in defending IP or not. But in taking advantage fromaccumulated experience, demands etc. and to have a cleen sheet review. Ifthe result is IP, just fine. But I doubt it. May be not far from it, but Idoubt it, because IP is datagram only.

As one other responder said, there is a need to accomodate differentaddressing styles that separate identity from location. I agree with thesentiment. So, [erhaps it is only necessary and sufficient to extend orredefine IP's addressing?

I fully agree with this. I propose IPv6.010 numbering scheme to be definedas a universal technology+routing+addresing+sub-adressing scheme. For thatreason and to validate IPv6 as a multi-numbering-plan solution. If we donot start with 2 plans, how will we be sure IPv6 protocol, softwares andequipement are multi-numbering-plan compliant?

Or perhaps it's only necessary and sufficient to design a universalapplication-level forwarding layer? (Warning: plug for my own researchcalled FLAPPS, http://flapps.cs.ucla.edu/)


Very interesting. Right in what I currently consider :-)

1. fits in what I name interapplication layer. This is also memory sharing,what is (IMHO) one of the ways to the future. Coupled with SMPT or SMS, orwhatever you like for signal/script command sending. Please note that thisis datacoms model independent. Replace IP by X.25: your model is unafected,if I read it correctly ?

2. this is an attempt to a generalization of the "peer to peer" concept: Iuse "tier and tier" (3&3). Like in the street or on the phone. There is noother prerequiste than to be layer compatible.

Did this research lead to working solutions? The real point is memorysharing. But universalization cannot come from peer to peer and higher,because it calls for real people to group first. But it can come fromprivate continuity management. if you use a solution to organize your ownvirtual system, in addition you become compatible with any tier using thesame solution.


Thank you.
jfc