Re: ITU-T Dubai Meeting


On 02/08/2012 21:30, Steven Bellovin wrote:

On Aug 2, 2012, at 1:24 PM, David Conrad wrote:

On Aug 2, 2012, at 11:44 AM, jnc(_at_)mercury(_dot_)lcs(_dot_)mit(_dot_)edu 
(Noel Chiappa) wrote:

we should instead focus on the ways that the technical architecture of
the Internet creates control points that are vulnerable to capture and
consider ways in which those control points can be made capture-proof.

Agreed.

The challenge of course is that one of the simple/efficient mechanisms to 
implement desirable features (e.g., security, scalability, manageability) is 
to create hierarchies, but those very hierarchies provide control points 
that can (at least in theory) be captured.  The DNS root is one such, the 
proposed RPKI root is another.  Perhaps a variation of the Software 
Engineering Dilemma ("fast, good, cheap: pick two") applies to Internet 
architecture: secure, scalable, manageable: pick two?

If the ITU-T wants to also be in the business of handing out IPv6
address names then give then a /21 or a /16 and tell them to go
party.

I don't think this is what the ITU is after.  My impression is that the ITU 
is arguing that member states should get the /<whatever> directly.

I basically agree. It could have negative impacts on the routing, by 
impacting
route aggregatability, but it can hardly be worse that those bletcherous PI
addresses, so if it makes them happy to be in charge of a large /N, why not?

I believe the routing scalability risk lies not in the allocation body, but 
rather the policies imposed around the allocations.  That is, imagine a 
world of 200+ National Internet Registries instead of 5 Regional Internet 
registries.  If the government behind an NIR then decides that to use the 
Internet in their country, you must use addresses allocated by the NIR of 
that country, you then run the risk of having 200+ prefixes for each entity 
that operates globally.  This risk could be addressed if it didn't matter 
where you get your addresses, however that isn't true with the existing 
model and there are political pressures that would likely ensure that it 
would not be true in the NIR model.



It also implies entry into a country through a few official gateways/exchange 
points -- that way, there are only ~200 entries plus your own country's that 
you need in your RIB...  (Telecom used to be that way -- PTTs and other 
monopolies (e.g., AT&T) loved it.)


Exactly. It is intended to defeat the Internet's historical growth model
of independence from national administrations and monopolies, by imposing
a geographical addressing scheme. Since the Internet actually works with
a topological addressing scheme, the effect is to force the topology
to be congruent with the geography. If you want central control, that's
a desirable result.

It isn't a harmless concession. We've been playing whack-a-mole against
this for a number of years now.

   Brian Carpenter

<Prev in Thread]	Current Thread	[Next in Thread>
ITU-T Dubai Meeting, Phillip Hallam-Baker Message not available Re: ITU-T Dubai Meeting, SM Re: ITU-T Dubai Meeting, David Conrad Re: ITU-T Dubai Meeting, Dmitry Burkov Re: ITU-T Dubai Meeting, Noel Chiappa Re: ITU-T Dubai Meeting, David Conrad Re: ITU-T Dubai Meeting, Steven Bellovin Re: ITU-T Dubai Meeting, Brian E Carpenter <= Re: ITU-T Dubai Meeting, Patrik Fältström Re: ITU-T Dubai Meeting, Ole Jacobsen Re: ITU-T Dubai Meeting, SM Re: ITU-T Dubai Meeting, Doug Barton Re: ITU-T Dubai Meeting, Steven Bellovin Re: ITU-T Dubai Meeting, Doug Barton Re: ITU-T Dubai Meeting, Phillip Hallam-Baker Re: ITU-T Dubai Meeting, Daniel Karrenberg Re: ITU-T Dubai Meeting, Mark Andrews Re: ITU-T Dubai Meeting, Dmitry Burkov