On Thu, Aug 2, 2012 at 11:44 AM, Noel Chiappa
<jnc(_at_)mercury(_dot_)lcs(_dot_)mit(_dot_)edu> wrote:
> From: Phillip Hallam-Baker <hallam(_at_)gmail(_dot_)com>
> to stop such things as 'Information terrorism' which is their term for
> freedom of speech.
:-)
The term comes up in their treaty.
> If the WCIT process results in an over-reach, governments can and will
> leave the ITU.
The latter is unlikely, IMO.
If the ITU were to over-reach and get away with it then it will not
have over-reached by definition.
One of the factors here is that a lot of the diplomats working on
'cyber' (aka information engagement, cyber security, etc. etc.) began
by working on arms limitation treaties. This turns out to be self
reinforcing as once the US has a person from that world in their
delegation the Russians will add someone who was part of earlier
negotiations with her and vice versa.
Nuclear deterrence is a viable strategy because nuclear weapons are
difficult to make which makes the attribution problem tractable and
thus enables a credible threat of consequences. Techies know that
Cyber deterrence is obviously unworkable because attribution is not
possible. We can track an IP packet to Iran but we cannot state with
certainty who controlled the computer who sent it. The diplomats know
that this is the case but really can't accept that it is the case
because they are trying to cram cyber into their 'deterrence'
framework.
Cyber-attacks should be considered a form of terrorism. The barrier to
entry is low, the consequences are disproportionate to the effort but
fall far short of a conventional attack. At this point we are at the
same stage of understanding of cyber as the diplomatic community was
with terrorism in the mid 1960s when the terrorist movements began to
become active in Europe. The US government is doing damn stupid things
like attacking civil nuclear facilities and the Russians are doing
stuff that is equally stupid.
The challenge we face is how to define the border between a cyber
attack (i.e. an act of war) and cyber-espionage (which is not
considered warfare in law). I do not take offense at the Chinese
government enacting a DIY reparations program for the 'open door'
policy and the opium wars. I am going to do my best to help my
customers stop them, but they are acting within their rights.
> The Internet has three separate potential control points: The IP Address
> registry, the DNS name registry and the various registries for protocol
> features.
And it is these that in my perception are really what is at risk in Dubai,
which is why I disagreed (above) that the output of Dubai will necessarily be
a NOOP.
Yes, it is all about the registries.
> We need to protect the openness of the Internet. We do not need to
> perpetuate the existence of ICANN, IANA or the RIRs as
> institutions. Maintaining the institutions may be a means of protecting
> the open internet but we should be prepared to walk away from them if
> necessary
I concur that they may be expendable, but others may differ. In particular,
will not whatever replaces them be equally targets? Yes, a shell game may
produce temporary relief, but in the end won't the replacements be equally
targeted for takeover/control?
That depends on whether the registry in question is dealing with a
scarce resource or a plentiful one. Having two registries handing out
IPv4 addresses at this point would be very very bad. Having more than
one place you can get an IPv6 from would not worry me at all.
> If the ITU-T wants to also be in the business of handing out IPv6
> address names then give then a /21 or a /16 and tell them to go
> party. No really, choose your battles.
I basically agree. It could have negative impacts on the routing, by impacting
route aggregatability, but it can hardly be worse that those bletcherous PI
addresses, so if it makes them happy to be in charge of a large /N, why not?
SM also commented on this:
If the ITU-T wants a /16 it is simply a matter of asking the IETF for it.
No, if the ITU-T really wants to do this it is just a matter of them
taking it. This happens repeatedly in registry schemes. They could ask
the IETF for a /16 or they could simply send a message informing us
that they will be allocating out of (say) 2F00::/16 from now on and
that it would be 'inadvisable' for IANA, ICANN, IETF or whoever to
grant competing allocations.
If people choose to route packets for the corresponding BGP adverts
then they get away with it. If they can't do that then we don't need
to worry about them anyway.
--
Website: http://hallambaker.com/