Re: DARPA get's it right this time, takes aim at IT sacred cows

At 01:52 17/03/04, Scott Michel wrote:
> jfcm wrote:
> > At 21:45 15/03/04, Scott Michel wrote:
> > We identified five main (immediate/middle terms) threats (and agree with 
> > the USG they may be critical [we say "vital"]):
> > - DNS centralization
> > - IPv6 unique numbering plan
> > - mail usage architecture (not SMTP)
> > - governance confusion
> > - non concerted national R&Ds (starting withthe US one)
> You've managed to identify operational problems, not protocol problems. 
> The Internet's continued operation may face some serious challenges if 
> certain trends continue, vraiment. It's not a compelling reason for a 
> "national firewall" as you described. At the risk of being particularly 
> crass, it sounds a lot like building the Internet equivalent of the 
> Maginot line.
> It's a noteworthy proposal, as you described it, but the management of 
> such an entity would be hideous. Even if the management and policies of 
> Internet operation/management could be compartmentalized as you describe, 
> you'd still have roughly the same problems with domain names, address 
> allocation, etc. I'm not sure I see what the advantages would be.
I am afraid you confuse layers. You can understand "firewall" as a traffic 
filter (what you obviously consider here): this would be obviously absurd 
fro what I address. You can also consider it as the appropriate protection 
for the considered layers, what we mean. If you want an exemple, look at 
Intelliwall (http://www.bee-ware.net). They are addressing the firewalling 
of applications. Traffic filtering is really the third lowest level (after 
electric and frame protection).
I will address the point more generally at the end - when discussing FLAPPS.

> > > To be fair, it was NATO and the Allies who started in the v6 direction 
> > > first. DoD is just merely keeping up with its various international partners.
> > hmmm. May be you did not evaluate what the worldwide control of IPv6.001 
> > gives to who allocates the addresses (ICANN) and whould build an run an 
> > IPv6 "DNS".
> A few years back, I was a co-author on a few whitepapers for customers who 
> were wondering whether they should head down the IPv6 road because 
> European partners were already heading down that road. I'm familiar with 
> some of the history.
Let not confuse the IPv6 protocol and the various IPv6.001,010, 011,etc. 
numbering plans.
I am only talking about numbering plans. Which may outlive or be 
independent from IPv6.
> > The problem is that this "agility" is to be housed somewhere. Let assume 
> > DARPA produces tangible results soon (what I is quite credible) we are 
> > not in the 80s anymore, on "ARPA Internet". We are on Global Internet, 
> > and a Global body is to publish it. This leads to ITU. And as long as 
> > ITU-I has not been created on purpose, I am afraid it is acceptable to no one.
> I was waiting for the ITU to get dragged into this discussion. Yup, the 
> same folks who brought us all of the other unsuccessful networking 
> standards. Sorry if I'm biased here, but as it is said, history books are 
> written by the winners. So, getting back to that discussion about ATM... :-)
I said I would not comment on ATM. Another story.

> > We agree. But we are considering today/tomorrow warfare. The Irak action 
> > started with the first real "cyberbattle", a two days saturation spamming 
> > preparation. Exactly like before a Marines landing with artillery (what 
> > they had on the boarder too if I am right?).
> > Snipers coordinate through cyberspace. Soft unstabilization of Europe is 
> > hopefully right now a cyber activity, rather than a Marines one :-).
> What you're referring to is not network-centric warfare at all. You're 
> referring to a specific tactic in the psychological warfare operations 
> side of the military. It's a important as the "kinetic response" (USAF and 
> USN dropping bombs, the USMC landing ashore, etc.) It's merely part of 
> attacking a national infrastructure just as much as reducing electrical 
> power plants to rubble attacks a national infrastructure's capabilities.
> Network-centric warfare has nothing to do with psyops. N-C has more to do 
> with command and control of assets deployed to a theater, assessing and 
> prioritizing threats, etc.
Here you talk of N-C as ABC.
I am talking of cyberspace (or e-space), as there is airspace, outerspace, 
sea, or land
... and joint operations.

> > hmmm. I think you really need to read http://whitehouse.gov/pcipb. The 
> > documented priority is not only the warfighter's life, but the nation's 
> > life and way of life, in protecting critical installations and systems. 
> > SCADAs are a priority. I agree that DARPA looks also how to quickly 
> > deploy responses for urban warfare. But it is "also". All the more than 
> > cyberwarfare is a very important key to urban warfare.
> DARPA and DHS (and its DHSARPA) are two separate entities with different 
> missions. DARPA's focus is the warfighter, DHSARPA's focus is homeland 
> security. The two missions may be integrated via a White House position 
> paper but it takes the two agencies to execute the vision.
Decision to puts Cybersecurity under DHS responsibility postdates the 
threats evaluation first report (Sept 15, 2002). Reads the Whitehouse 
documents: obviously a lot goes to DHS but many other things go to the 
Administration at large. Let not confuse teh way it is responded today and 
the instrinsic nature of the evaluated threats.
IPv6.001 is mainly an external affairs.
As foreigners we see it to fall under responsibility of SD for the ITU 
related world relations aspects and of the DoD for the world control 
aspects (let not confuse network ancillary sevices for other forces and 
Cyber Force). Army has crafts and boats. Navy and Army have airplanes. In 
addition we are just starting, and we are here i na grey area. Like for 
Airforces in 1913.
> BTW: DARPA doesn't deploy anyone to anywhere... it does research and 
> evaluation. The respective military service branches deploy people to 
> places using technologies that may have been influenced by DARPA research 
> or evaluated by DARPA (e.g., Internet, M-16s, ceramic armor, UAVs, etc.)
agreed. I said "looks how to", not "deploys".

> > The model I use is only partly 3D (a cylinder figured through half a 
> > covering elipse on the top - like an open binder you would look from the 
> > cover side). This is only to show two things:
> > - the unlimited continuity there should be at the same layers - whatever 
> > the layers may be. And to sort it (like from individual to groups)
> > - the fact there are common spines.
> Your model still sounds much to complex for ordinary mortals to grasp. 
> While it sounds like it should show the interactions between layers of 
> different types and models cleanly, it would probably be sliced apart by 
> Occam's Razor. This is why the 4- and 7-layer models work so well: they 
> are the simplest models that suffice.
No. 4/7 models and the other many same occurences are differnt views of the 
same continuity. They work well (?) for their share of the reality. But 
globbaly they do not work well from the user point of view.
Your quote of Occam's Razor is great. The ENS model is a full cybernetics 
integrated model. Cybernetics has actually two successive slightly 
different understandings (I would say before and after the e-networks). The 
way Wienner, Ampere or Watts first thought of it. You would name it today 
organization "governance" (from Plato's "kubernetes", the way/art of 
steering, governing - like in Oxford/Cambridge race - steer and row - the 
proposition of McLean to the ITU meeting on governance). A top-down 
approach where the brain or a team (agora) is the leader (monarchy/athenic 
democracy). Centralized or meshed networks (ICANN, ISPs, Gateway Protocols).
The second understanding, we could call generalized cybernetics, is the 
arts of efficiency in using models discovered from feedbacks (Couffignal). 
This understanding is necessary in distributed systems like the USERs' 
demanded internet, where authority is not delegated anymore (monarchy) or 
shared (democracy) but retained by each participant. Then you consider 
granularity, not hierarchy (hirearchy is  just the most simple ordained 
occurence of a granularity of decreasing importance with the distance from 
the source of authority). And then you apply the principle of subsidiarity 
(respect the functionalities of the granular organization - the 
responsblity of its own governance). This way you can keep understanding 
complexity while not being embarassed by it. Life is not democratic but is 
often  coalescent - so is the human connexion, communication, relation 
system. You do not ask your telephone to be democratic, but to work.
In this global (Anglo/French meaning) vision, cybernetic keeps looking at 
independent organizations but from the whole environement (and not only 
from the substrats) in which they are embodied.
The center of the network is no more the root servers or HIP or IANA, etc. 
It is the users consensus/dissensus. Whatever DARPA, DHSARPA, ETSI, IETF, 
ITU, AFRAC (us), MINC, CHINA, JAPAN etc. may propose the real life user 
system adopts. 33 years to build a 700 millon internet system, a less than 
ten to build 1.3 billion mobiles network. And an absurd proposition to 
create a mobile TLD instead of working on a mobile scheme and to make 
tel://myname.org working. And the absurd idea to use our own private space 
TLD '.m").
I suppose that FLAPPS is a way to address that kind of need, from what I 
gather?
OK. This only introduces another type of "puts" (the "sideput" in addition 
in/outputs) in the cybernetics model [and AI) - which clarifies (Occam's 
Razor) a lot the inter relations, as being "intelligent" (as in "good 
intelligence") but also as in "Intelligence Service" and as in "Intelligent 
Ubiquity" (you really need to be intelligent to integrate all that :-). 
Actually you observe though the wording itself that it is back to the 
simplest common sense. But not only at human/machine logic but 
society/network noosphere (cf. Theilard de Chardin).
Back to the Internet entwork application : this means that you cannot 
consider IP alone. You need to consider it (and its development at at every 
level) together with what other communications technologies and needs may 
mean/bring, etc. This integration/simplification (again the Occam's Razor) 
cycle [we are cybernetics, what I name itero/deduction] will probably never 
end. In term of relations networking architecture, this leads to permit to 
determine very simply the cybernetic path from one person to another as not 
necessarily beingthe the straight line, but the less complex, the less 
dangerous, the most effective etc. line(s). This is true for bare humans, 
as well as with net/computer assisted humans.

The work that WSIS asked to UN to carry before Tunis, is just for them to 
understand that, and tell how to implement it, in the four governances 
poles (technical, political, economical and societal).

The change for us all, after the WSIS resolutions, is that the buyer (the 
world usership) has started publishing its RFP (resolutions). The process 
is very common : the first set of documents uses the model and the wording 
of the current supply. Then it progressively switches to the wording of the 
possible supply, then to the wording of the credible demands and ends in 
challenging everyone for innvation and helping new demands. I suppose 
"Tunnet" (WSIS 2005 in Tunis) will be different from Internet.
BTW, I happen to have signed year an NDA about a project based upon the ENS 
model. Its diagrams were therefore attached to the NDA (one single page) to 
explain the R&D environment. We were five to co-sign. Their reading and 
general understanding (enough for them to accept it as clear enough in a 
legally binding agreement) took them two minutes and no question.
IMHO, the points you make well in responding to Stephen, cannot be fully 
addressed if you do not consdier layer 8 (interapplication) and the user 
perspective (layers above). I do not say that my model is perfect (ity 
started from experience and the need to support innovations which among 
others included what became the web). I say that in not failing me for 18 
years, it shown me the need to have such a simple model in common to 
proceed further on.
> > > Well, sure, that makes sense, but I'm going to doubt that you're going 
> > > to find an universal packet protocol that's any more universal than IP.
> > :-) Wich IP ?
> Take your pick. Something that resembles the packet oriented system we all 
> love and enjoy. Addressing schemes allow IPv<whatever> to grow and evolve, 
> but the underlying philosophy behind it still remains the same.
So you confirm "something that resemble" (we agree). Please, let us not 
confuse IP and packet switch.
> > I propose IPv6.010 numbering scheme to be defined as a universal 
> > technology+routing+addresing+sub-adressing scheme. For that reason and to 
> > validate IPv6 as a multi-numbering-plan solution. If we do not start with 
> > 2 plans, how will we be sure IPv6 protocol, softwares and equipement are 
> > multi-numbering-plan compliant?
> At which point, we're back to a complete mess again when the all 
> "stakeholders" get the different addressing schemes that make just about 
> everyone happy. Or at least fall into the proverbial "While you can please 
> some of the people some of the time, you can always piss off all people 
> all of the time."
> Of course, multiple addressing schemes tend to beg the question of "Why 
> have two if one suffices?" (the usual necessary and sufficient argument, 
> Occam's Razor again) Which leads full circle back to identifiers vs. 
> locators. Wash. Rinse. Repeat.
No. IPv6 is multi adressing plans. By nature.
Either you say that IPv6 will never use IPv6.010 etc. plans or you respect 
the RFCs.
To use the RFC and to make sure they cannot be respected leads to more 
confusion.
All the more that the political/commercial interest is too visible.

Now, the Occam's Razor question is obvious : why to have the current IPv6 
plan when there are already other plans and need for other plans. Would it 
not be simpler to get one single unified numbering plan. What is the 
IPv6.010 we propose. Including Internet, TV, mobile, vehicles, radio 
frequencies, document sources, geographic locations, product tracing, etc.
> > > Or perhaps it's only necessary and sufficient to design a universal 
> > > application-level forwarding layer? (Warning: plug for my own research 
> > > called FLAPPS, http://flapps.cs.ucla.edu/)
> > Did this research lead to working solutions? The real point is memory 
> > sharing. But universalization cannot come from peer to peer and higher, 
> > because it calls for real people to group first. But it can come from 
> > private continuity management. if you use a solution to organize your own 
> > virtual system, in addition you become compatible with any tier using the 
> > same solution.
> FLAPPS stemmed from the URL-based routing and forwarding work in web 
> caching I did a number of years ago with another advisor. It's 70,000 
> lines of code and will hopefully be more widely available after I 
> graduate. Yes, the code has been demonstrated to do what it claims, but 
> the glaring part missing is DHT emulation -- which I've tried to avoid, 
> but will have to do in order to satisfy recurring reviewer comments.
- DHT?
- question: what is a DNS based system not providing that FLAPPS provides ? 
(we work on a conceptual progressive (compatible) evolution of the DNS 
towards a generalized/global service) ?
(again "global", in an Anglo/French meaning, i.e. "all the parts of a 
whole"). Theerefore with a focus on the specific diversity of the parts 
[peer to peer], within the respect of their unique "tier and tier" system.
This permits you to understand what we could call a national firewall. I 
wll take the DHS analogy. Up to now, American culture people tended to 
protect their life and family on their doorstep. With their own gun. In a 
never attacked country it made sense not to overspend money and restrict 
rights. This kind of protection could be assimilated to the current 
firewalls. To protect oneselves agains penetrations.
9/11 shown the USA they could be attacked home. So you started developping 
a national fire wall system, named DHS. To protect your families, cities, 
etc. a step further. This is not Army, but this is no more private or 
community police. Most of the countries have that for a while. This 
firewalling is however not to be of the same nature (this would be a 
liberty killer : like fortifications, or as you say, a Ligne Maginot).
When you look at the threats on/from the network, you see they vary fwith 
your point of view. When you consider your machine :current firewalls are 
ok. When you consider applications Intelliwall papers explain well what you 
must consider (yet they do not fully put the emphasis about threats on 
distributed applications): this show there is a step above traffic 
filtering. Threats on groups of users (agora, VPN, Externets) are on their 
access gateways, directory structures, etc. These groups can be of 
different size (familly, corporations, universities, cities, regiions, 
nations, trades, etc.). The global threats are on the directory roots and 
on the local views of these roots (local names, anycasts): this is what we 
are at.
Now, wars always produced progress. While working on roots view security 
for surety reasons we obviously uncover new possibilities and possible 
innovations. This is also what interest us.
jfc