Re: just a brief note about anycast
Put another way, there are 190 or so countries. There are, perhaps 30 or so frequently represented on this list. There are fewer which have control over the root, the TLDs and the RIRs. If you were in the The RIRs are under the control of the people that use the associated resources. - kurtis -
Re: just a brief note about anycast
So my message to the developing countries, is that do not complain to be under-represented to bodies which have free/open membership. Just act. What strikes me in this thead is that there are a lot of people from the developed world, making statements on behalf of the develping world. Thanks for contributing some real-life experience! There are also a lot of statements on what nations needs in terms of security and stability. At the same time other nations have solved that need with the existing model. And they have shared expereinces. IF that is the problem, there is knowledge to be used. If this is a policital problem, and a problem of national egos - then the ITU won't help. - kurtis -
Re: just a brief note about anycast
At 20:46 09/12/03, Bill Manning wrote: % The main % criticism is that the consenus doesn't include the developing world. this is not how TBDS works. May be giving us a URL to TBDS would help us to understand. Is it compatible with existing user applications? Thank you. jfc
Re: just a brief note about anycast
% this is not how TBDS works. % % May be giving us a URL to TBDS would help us to understand. http://www.isi.edu/~tbds % Is it compatible with existing user applications? most of them. % Thank you. % jfc % -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise).
Re: just a brief note about anycast
At 08:34 10/12/03, Kurtis Lindqvist wrote: There are also a lot of statements on what nations needs in terms of security and stability. At the same time other nations have solved that need with the existing model. And they have shared expereinces. IF that is the problem, there is knowledge to be used. This is exactly the case. The most experienced country, the United States of America, have evaluated the threat represented by the Internet. This lead to a wide debate, including public hearings in 10 major cities town halls. Thousands of contributions have been studied. ICANN dedicated the 2001 MdR meeting to the matter. The study was carried by the responsible for White House security issues (Richard Clarke) a person accepted worldwide as a professionnal. He was assisted by Howard Schmidt, known as being Microsoft specialist of security issues (please our American colleagues check what I write). This resulted in a pre-study published on September 15th, 2002. And to a national strategy I will quote againg which is certainly the gateway of every nations concerned people: (http://whotehouse.gov/pcipb). The priroities concerning these security issues are DNS, IPSec, IPv6 and Gateway protocols. The DoD decisions enacting the support of IPv6 following that policy have been widely discussed among all the IPv6 related groups. What can be rememebred from the first issue was the increase in the curbs of risks and hacking, the increase of spam that just followed, and the evaluation that the possible death toll was nuclear equivalent (Clarke). People may not like G. Bush, but people do believe the US Administration and DHS are serious about terrorism. Parts of the world believe that seriousness is both against terrorism and about carrying it. I will not judge that but if you want to understand the pressure, you have to accept that of what we really talk in here. People are not disputing ICANN in Geneve (they just expell Twomey), they understand they vote for their own country's skin. Where IETF is concerned is that simple solutions - like the one I initially listed - can do four things. 1. to remove responsibility from the root operators. Do you really want them to feel sometimes responsible for an Hiroshima. Read the WH draft document. 2. to make it quite impossible to happen in considering the real world of today, instead of the university projects of 1983. 3. to help international cooperation and save the net. What is the impact of the US strategy? Some are more afraid of the US solution. This is called the e-colonization. Why? Because we are on a single network. So, as Clarke put it from the very beginning the threat is local, regional, national, and global. And very politely he said, so the US answer will local, regional, and national. Hey! national surety must be global. This means that the world is to chose to be under DHS's cybersecure umbrella or to fight the USA and to get its own surety solution. This is what is the ITU stuff about. We are in the post 9/11 area. Today W3C/TAG issued a last call for their architecture document. It would be too bad that the internet splits etc... just because IAB has not published an Internet equivalent. An African image about thear fear is the syndrome du pachyderme dans le marigot. The sydrom of the elephant in the small mud pool. 4. to save the internets reputation in case of trouble. I was in the USA the day of the first Shuttle. What stroke me was that everyone understood the key that Glenn gave in landing in Cape Kennedy. He said It had to happen. This is what Reagan explained the nation and the kids in the after-noon: dramas happen with human development, adventures. The DNS is many many time the Titanic in size. The Titanic had compartments to stop the flooding. DNS has not. But the worst would be a psychological set back. I come back to the shuttle. That day they asked people if they would like to go to space. Figures were low. But the day after the national consciousness it sky rocketed (no pun). People accepted the challenge. Now, think of major problem: we need to give people reasons to use the net again. And to continue to invest. For that we need to be like NASA. To go back to development, models, etc. and to be ready with an explanation and a plan. Not just repeat stick to the RFCs. Today we suffer spam. The people were afraid their mails were exposed with SiteFinder. What about mails lost all over the planet because of a major DNS instability. Even if none was exposed, who would believe it. When you meet a top politician or a banker this is his first question. Mails ? There is a name for that: the Second Internet Shock. And no one wants it. I do not think there is a better place to try to avoid it than on this list. Starting a WG on that issue. With a clean sheat
Re: just a brief note about anycast
I'm living for more than 10 years in a developing country, and I have worked all this time on ICT and GIS/RS for developing countries in an organisation created by 16 Pacific Islands Government. I have travelled extensively in all these countries and more. I'm not sure that it is your case, Kurtis. More info: www.sopac.org map.sopac.org Cheers Franck On Wed, 2003-12-10 at 19:34, Kurtis Lindqvist wrote: So my message to the developing countries, is that do not complain to be under-represented to bodies which have free/open membership. Just act. What strikes me in this thead is that there are a lot of people from the developed world, making statements on behalf of the develping world. Thanks for contributing some real-life experience! - kurtis - Franck Martin [EMAIL PROTECTED] SOPAC, Fiji GPG Key fingerprint = 44A4 8AE4 392A 3B92 FDF9 D9C6 BE79 9E60 81D9 1320 Toute connaissance est une reponse a une question G.Bachelard
Re: just a brief note about anycast
I thought he was sarcastic... :( My sincere apologies Kurtis... Cheers On Thu, 2003-12-11 at 10:30, Joe Abley wrote: On 10 Dec 2003, at 16:49, Franck Martin wrote: On Wed, 2003-12-10 at 19:34, Kurtis Lindqvist wrote: So my message to the developing countries, is that do not complain to be under-represented to bodies which have free/open membership. Just act. What strikes me in this thead is that there are a lot of people from the developed world, making statements on behalf of the develping world. Thanks for contributing some real-life experience! He was pointing out that you actually had real-life experience to contribute, in contrast to some other people, and was thanking you for doing so. You seem to have misunderstood him. Franck Martin [EMAIL PROTECTED] SOPAC, Fiji GPG Key fingerprint = 44A4 8AE4 392A 3B92 FDF9 D9C6 BE79 9E60 81D9 1320 Toute connaissance est une reponse a une question G.Bachelard
Re: just a brief note about anycast
-BEGIN PGP SIGNED MESSAGE- Franck == Franck Martin [EMAIL PROTECTED] writes: How would replacing ICANN (or the IETF) with the ITU make things any less unilateral? As I see it, all that it would accomplish is that it would give governments and corporations a more direct voice in matters, at the expense of individual technical contributors. Randy Franck And one important fact, is that IETF issues standards which do not Franck contain patents... but ITU does! I wish that was true. It is not. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson,Xelerance Corporation, Ottawa, ON|net architect[ ] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic(Just another Debian GNU/Linux using, kernel hacking, security guy); [ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBP9VvooqHRg3pndX9AQEznAQAh+pmQSuFKOlrxcLfuM8e97aUUQTdBR7X MJmmovVYN9iBjd3aBebfeo6hysBuVoHLzhLUY1nmA5xD/HnI+YmIh5xxEkNZRHOw mMx40ZHhmVjZSc546xz4TUHkExNGB136R7GIOnLIWGd4A4q2K6LDDWqm8BU8L/6S Yb7OcOenhPQ= =Ui6N -END PGP SIGNATURE-
Re: just a brief note about anycast
At 21:24 08/12/03, Bill Manning wrote: % Either we need the root system and it must match the basic surety rules for % a critical infrastructure, or we just want to keep the fossil concept the % way it was designed 20 years ago. Why do you think this is an either/or proposition? This thread shown many reasons why. You may disagree. Decision is not ours. But we may presume it. % Then UN/ITU or private industry or a new % NGO or a new Gov technically and security certified type of operator is to % find, propose, test, and deploy another solution. I suggest them to read % carefully the very well crafted ICP-3 document. It correctly considers the % end of the single authoritative root file concept. And documents the way to % test new venues. Please provide a pointer to this ICP-3 document. UN/ITU, Private Industry, and NGO/Governments are -ALREADY- engaged in this process. Sorry, so basic for those engaged in it. http://www.icann.org/icp/icp-3.htm % I am sorry to come again and again on this. I will do it until a special WG % is created or IETF transfers the concern to ITU. special WG - chartered in/under what jurisdiction? I am currently asking it to IETF. % The world wants a new network % approach, more equal, more secure, more stable, safer, more innovation % oriented, respectfull of national digital independance and sovereignty and % IS actually switching. % http://www.nytimes.com/2003/12/08/technology/08divide.html?th=pagewanted=printposition Then the world is getting what it wants. Is there a requirement to force the dismantling of an existing system first? If so, where is that requirement documented? Nothing is preventing -anyone- or -any group- from formulating, and promulgating their own naming constructs. The world naming construct was defined 26 years ago. The constraints for the internet application was written seven years later on in RFC 920 wich reflected the international consensus. ICANN claims legitimacy from RFC 920 and 922. RFC 1591 is the renewal 10 years later on. What is mainly opposed to ICANN is a policy to contradict that consensus. No one remembers the conditions of the consensus but is quite pleased by the terms. % Today, every nations need and must be permited a strategy towards a % national and global secure cyberspace Nothing is preventing nations from proceeding with their stratagies towards a national and globally secure cyberspace. Ever considered the threat of the current root system? % IAB and IETF are to design and help the implementation. Under what charter and funding model? If this is not what they want, they will not object someone else does it. I do not understant your remark. % Or more simply, may be kill the real time root servers concept and review % the DNS as a non God centralized system? If there was nothing to protect % because there would be nothing, we would risk far less from there. Been there, done that. The TBDS project (circa 1999/2000) eliminated the requirement for an always on, fully connected mesh, with access to any external authoritative servers, be they root, tld, or anywhere else in the heirarchy. The upshot was that the DNS is -fully- placed in the hands of the endusers. We did not replace one centralized service with another or even a collection of centralized services, e.g. no ICANN, no IANA, no nation state, no private industry, no NGO or multinational treaty organization. It was -COMPLETELY- up to the endusers. Where is it documented? Has it been tested? With a significant number of users? How is it accessed by existing applications? % Then? We wait for the adoption by vendors/users of the new world order while we maintain, augment, and evolve the existing, working system so as to facilitate a near-zero impact on the people, organizations, and nations that have come to depend on the system we have built. Good. Are you talkingof the root system or of the TBDS? Root servers system is not intrinsic to the DNS. thank you. jfc
Re: just a brief note about anycast
% On Mon, 8 Dec 2003, Bill Manning wrote: % % % Or more simply, may be kill the real time root servers concept and review % % the DNS as a non God centralized system? If there was nothing to protect % % because there would be nothing, we would risk far less from there. % % Been there, done that. The TBDS project (circa 1999/2000) % eliminated the requirement for an always on, fully connected % mesh, with access to any external authoritative servers, be % they root, tld, or anywhere else in the heirarchy. % % The upshot was that the DNS is -fully- placed in the hands of % the endusers. We did not replace one centralized service with % another or even a collection of centralized services, e.g. % no ICANN, no IANA, no nation state, no private industry, no % NGO or multinational treaty organization. It was -COMPLETELY- % up to the endusers. % % The answer DNS is in the hands of the endusers is a trivial answer. It % is literally true, in the same sense that a democracy is in the hands of % the voters. Sure, the end users (end nameserver operators) put a list of % root servers in their DNS cache configuration, and thereby fully choose % the set of root servers they are going to use. But the fact is that there % is a root zone whose contents are not chosen by the end users, and that % there is a set of root servers made available to service this zone. And % the contents of this zone has in the past been put together by a consenus, % and the same is true of the operation of the root servers. The main % criticism is that the consenus doesn't include the developing world. this is not how TBDS works. % (people) ... are looking for international % cooperation, and they are looking to get away from unilateralism. hogwash. people want to have a way to communicate w/o excessive interference (from anyone, including governments) % If we % leave the international community no choice, they could create their root % servers, TLDs, and their own address registries and begin interconnecting % themselves with their own internet. If they really wanted to get fancy, % they might include some NATs, web proxies, and email gateways for % connection to our internet. But I think this path is something that % should be avoided. It would be a major mistake to leave the international % community, and in particular the developing world, with this as their only % option. They could very well take it. Yup... % % --Dean % -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise).
Re: just a brief note about anycast
On Mon, 8 Dec 2003, Bill Manning wrote: % Or more simply, may be kill the real time root servers concept and review % the DNS as a non God centralized system? If there was nothing to protect % because there would be nothing, we would risk far less from there. Been there, done that. The TBDS project (circa 1999/2000) eliminated the requirement for an always on, fully connected mesh, with access to any external authoritative servers, be they root, tld, or anywhere else in the heirarchy. The upshot was that the DNS is -fully- placed in the hands of the endusers. We did not replace one centralized service with another or even a collection of centralized services, e.g. no ICANN, no IANA, no nation state, no private industry, no NGO or multinational treaty organization. It was -COMPLETELY- up to the endusers. The answer DNS is in the hands of the endusers is a trivial answer. It is literally true, in the same sense that a democracy is in the hands of the voters. Sure, the end users (end nameserver operators) put a list of root servers in their DNS cache configuration, and thereby fully choose the set of root servers they are going to use. But the fact is that there is a root zone whose contents are not chosen by the end users, and that there is a set of root servers made available to service this zone. And the contents of this zone has in the past been put together by a consenus, and the same is true of the operation of the root servers. The main criticism is that the consenus doesn't include the developing world. Can we just arbitrarilly decide to create our own root servers? Sure. But this isn't what people looking to do. They are looking for international cooperation, and they are looking to get away from unilateralism. If we leave the international community no choice, they could create their root servers, TLDs, and their own address registries and begin interconnecting themselves with their own internet. If they really wanted to get fancy, they might include some NATs, web proxies, and email gateways for connection to our internet. But I think this path is something that should be avoided. It would be a major mistake to leave the international community, and in particular the developing world, with this as their only option. They could very well take it. --Dean
Re: just a brief note about anycast
On Mon, 8 Dec 2003, Randy Presuhn wrote: Hi - From: Dean Anderson [EMAIL PROTECTED] To: Randy Presuhn [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, December 08, 2003 4:50 PM Subject: Re: just a brief note about anycast ... Well, they think we are the chauvenists of unilateralism. If we had played more fairly and honestly, they might not be so suspicious of our How has the IETF been playing unfairly or dishonestly? Or is the argument that ICANN has been unfair and dishonest? From their point of view, we (ICANN/IETF/IANA) hasn't really included the developing world. They participate, but we participate more. From their point of view, they see the internet as a group of first world countries imposing control on their infrastructure. We control the root, the TLDs, and the IP addresses. If they start to depend on the internet, we can shut down or disrupt their infrastructure anytime we feel like it it. That's an intentional disruption and they don't trust us not to do that. I'm ignoring accidental and attack issues for now. motives. And its not just about disconnection. One can already disconnect if one chooses. So I think the developing world views it as about freedom from the undue control and influence of a unilateral power. ... How would replacing ICANN (or the IETF) with the ITU make things any less unilateral? As I see it, all that it would accomplish is that it would give governments and corporations a more direct voice in matters, at the expense of individual technical contributors. It may be difficult to explain to people how anti-americanism affects thing like ICANN/IETF/IANA , or why the developing world especially puts more trust in the UN than in the US coalition. But that's how it is. Despite the qualifications of the experts, they arn't trusted. There is a certain irrationality to this, but also a certain justification to their perception. International cooperation is the purpose of the ITU and, as someone pointed out, it has performed this job for 136 years though 2 world wars and numerous other conflicts with political neutrality. Moving things to the the ITU shifts power away from developed world technocrats and corporations (we) and gives it (as you say) to governments. This makes sure that the decisions made will be politically neutral with respect to their governments. Put another way, there are 190 or so countries. There are, perhaps 30 or so frequently represented on this list. There are fewer which have control over the root, the TLDs and the RIRs. If you were in the under-represented 160 or so countries, generally hostile to or just untrusting of the top few on this list, what would you want? Not all 190 countries participate in the ITU, but you can bet that under the ITU, which gives equal weight to the US as to Sri Lanka, things will probably change somewhat. Some people on this list, perhaps many, won't like that. But it will be better than the alternatives. --Dean
Re: just a brief note about anycast
On 9 Dec 2003, Franck Martin wrote: On Tue, 2003-12-09 at 15:15, Randy Presuhn wrote: Hi - How would replacing ICANN (or the IETF) with the ITU make things any less unilateral? As I see it, all that it would accomplish is that it would give governments and corporations a more direct voice in matters, at the expense of individual technical contributors. Randy And one important fact, is that IETF issues standards which do not contain patents... but ITU does! LPF President hat Sadly, this isn't true. The IETF is to take no position on software patents, but some RFCs cover patented technology. This is supposed to be disclosed by the RFC authors. --Dean
Re: just a brief note about anycast
On Wed, 2003-12-10 at 08:26, Dean Anderson wrote: On Mon, 8 Dec 2003, Randy Presuhn wrote: Hi - From: Dean Anderson [EMAIL PROTECTED] To: Randy Presuhn [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, December 08, 2003 4:50 PM Subject: Re: just a brief note about anycast ... Well, they think we are the chauvenists of unilateralism. If we had played more fairly and honestly, they might not be so suspicious of our How has the IETF been playing unfairly or dishonestly? Or is the argument that ICANN has been unfair and dishonest? >From their point of view, we (ICANN/IETF/IANA) hasn't really included the developing world. They participate, but we participate more. From their point of view, they see the internet as a group of first world countries imposing control on their infrastructure. We control the root, the TLDs, and the IP addresses. If they start to depend on the internet, we can shut down or disrupt their infrastructure anytime we feel like it it. That's an intentional disruption and they don't trust us not to do that. I'm ignoring accidental and attack issues for now. motives. And its not just about disconnection. One can already disconnect if one chooses. So I think the developing world views it as about freedom from the undue control and influence of a unilateral power. ... How would replacing ICANN (or the IETF) with the ITU make things any less unilateral? As I see it, all that it would accomplish is that it would give governments and corporations a more direct voice in matters, at the expense of individual technical contributors. It may be difficult to explain to people how anti-americanism affects thing like ICANN/IETF/IANA , or why the developing world especially puts more trust in the UN than in the US coalition. But that's how it is. Despite the qualifications of the experts, they arn't trusted. There is a certain irrationality to this, but also a certain justification to their perception. International cooperation is the purpose of the ITU and, as someone pointed out, it has performed this job for 136 years though 2 world wars and numerous other conflicts with political neutrality. Moving things to the the ITU shifts power away from developed world technocrats and corporations (we) and gives it (as you say) to governments. This makes sure that the decisions made will be politically neutral with respect to their governments. Put another way, there are 190 or so countries. There are, perhaps 30 or so frequently represented on this list. There are fewer which have control over the root, the TLDs and the RIRs. If you were in the under-represented 160 or so countries, generally hostile to or just untrusting of the top few on this list, what would you want? Not all 190 countries participate in the ITU, but you can bet that under the ITU, which gives equal weight to the US as to Sri Lanka, things will probably change somewhat. Some people on this list, perhaps many, won't like that. But it will be better than the alternatives. --Dean We started the Pacific Islands Chapter of the Internet Society because we felft it was important that Pacific Islands get represented on the Internet. We (the PICISOC board) requested free membership to ISOC for a variety of reasons but mainly to remove access divide to ISOC. We got it. We have now 250+ members in ISOC. ISOC is about 10,000 members. Our members actively participate in the WSIS and ICANN. If you know where to push, you can do it. If we want ICANN (just an example) out of the US, we can do it. We will get the numbers and the power to do it. So my message to the developing countries, is that do not complain to be under-represented to bodies which have free/open membership. Just act. Similary, I have been lurking on this list to remind from time to time the plea of the developing world when a new standard emerges. I will not write a standard nor participate in one (although...) but I can remind how the real world is out there to people who think 64kb/s is a slow connection and that there are no Internet daily breakdowns... I think I like the Open-Source motto to people/governments who complain: What have you contributed to today? Cheers Franck Martin [EMAIL PROTECTED] SOPAC, Fiji GPG Key fingerprint = 44A4 8AE4 392A 3B92 FDF9 D9C6 BE79 9E60 81D9 1320 Toute connaissance est une reponse a une question G.Bachelard
just a brief note about anycast
I realize that the anycast discussion was meant by Karl as an example. But there was precisely one technical concern I had when discussion got going. And that was that if something went wrong- meaning that someone was returning bad data- the IP address wouldn't necessarily provide a clear answer as to who the source of the bad data is. I expressed this concern privately to Paul Vixie who provided me a very satisfactory answer: you can query the name server for a record that will provide you uniquely identifying information. I'll let Paul describe this, but it amounts to the borrowing of an unused class for management purposes. While there is always room for improvement of course, Paul's answers make it clear to me that the root folk have given this some fairly careful thought. I also agree with Paul on another point- different methods used by different servers ARE a good thing, so that no one logical attack could take them all out. Good documentation is also really important. It turns out there is some for F, at least. See http://www.isc.org/tn/isc-tn-2003-1.html by Joe Abley. Eliot
Re: just a brief note about anycast
At 17:05 08/12/03, Eliot Lear wrote: Good documentation is also really important. It turns out there is some for F, at least. See http://www.isc.org/tn/isc-tn-2003-1.html by Joe Abley. No one denies the dedication of the root people. But this is the crux. some documentation ... for one machine. Where are the published approved and certified procedures, agreements, insurance contracts, statistics, logger, budget, authorized people, clearances, oaths, for every people, company, organization sharing into root management. Where is the law concerning the root management issues and impact. For example is a root failure legally considered as an act of God? Is tempering the root a special crime? Due to the possible impact on the life of people all over the planet, will it be judged by UN? Who is to investigate? Root means life and death nowadays. Either we need the root system and it must match the basic surety rules for a critical infrastructure, or we just want to keep the fossil concept the way it was designed 20 years ago. Then UN/ITU or private industry or a new NGO or a new Gov technically and security certified type of operator is to find, propose, test, and deploy another solution. I suggest them to read carefully the very well crafted ICP-3 document. It correctly considers the end of the single authoritative root file concept. And documents the way to test new venues. I am sorry to come again and again on this. I will do it until a special WG is created or IETF transfers the concern to ITU. Because we must realize that - even brilliant and resilient - a 20 years old solution for an inter-university project designed for a single authority to keep control, and to provide a centralized (hierarchical) service, just cannot match today technical, legal and security requirements. The way business is transacted, government operates, and national defense is conducted have changed. These activities rely on a complex interdependent network of information technology infrastructures we may call cyberspace which includes Internet and different other technologies. We must accept that if the IAB/IETF do not takes it the same way as Govs, it will be removed from them. The world wants a new network approach, more equal, more secure, more stable, safer, more innovation oriented, respectfull of national digital independance and sovereignty and IS actually switching. http://www.nytimes.com/2003/12/08/technology/08divide.html?th=pagewanted=printposition Today, every nations need and must be permited a strategy towards a national and global secure cyberspace IAB and IETF are to design and help the implementation. It will provide a framework for protecting this infrastructure that is essential to their economy, security, and way of life. In the past few years, threats in cyberspace have risen dramatically. The policy of governements is to protect against the debilitating disruption of the operation of information systems for critical infrastructures and, thereby, help to protect the people, economy, national security and societal relations of their nations. We all must act to reduce the vulnerabilities to these threats before they can be exploited - as it is so easy today with the DNS cf. the recent threads - to damage the cyber systems or polluting other portions of the DNS which support national critical infrastructures and ensure that such disruptions of cyberspace are infrequent, of minimal duration, manageable, and cause the least damage possible. Securing cyberspace is a difficult strategic challenge that requires a coordinated and focused effort from the entire societythe government, regional and local governments, the private sector, and the people. The cornerstone of a nation's cyberspace security strategy should be public-private partnership such as proclaimed by the WSIS. Only by acting together from every nation can we build a more secure future in DNS and cyberspace, our world of today. Also, the nations not sharing into the root management must find sovereign alternatives to protect themselves, their citizen and their economy from bad root management by the nation domining it, whatever the reason, and from their practical inability to quickly adapt in full and equal independance the portion of the root which may concern their immediate local situation after such actions as war, catastrophe, revolution, etc. and societal, cultural and legal rights. This is certainly a technical challenge since the DNS was not designed that way. In the world critical root system area, Govs actions should include: forensics and attack attribution, protection of installations, indications and warnings, and protection against organized attacks or against the consequences of their international policy (political tensions, wars) and the acts of God. They should also support research and technology development that will enable the private sector to better secure the
Re: just a brief note about anycast
% Either we need the root system and it must match the basic surety rules for % a critical infrastructure, or we just want to keep the fossil concept the % way it was designed 20 years ago. Why do you think this is an either/or proposition? % Then UN/ITU or private industry or a new % NGO or a new Gov technically and security certified type of operator is to % find, propose, test, and deploy another solution. I suggest them to read % carefully the very well crafted ICP-3 document. It correctly considers the % end of the single authoritative root file concept. And documents the way to % test new venues. Please provide a pointer to this ICP-3 document. UN/ITU, Private Industry, and NGO/Governments are -ALREADY- engaged in this process. % I am sorry to come again and again on this. I will do it until a special WG % is created or IETF transfers the concern to ITU. special WG - chartered in/under what jurisdiction? % The world wants a new network % approach, more equal, more secure, more stable, safer, more innovation % oriented, respectfull of national digital independance and sovereignty and % IS actually switching. % http://www.nytimes.com/2003/12/08/technology/08divide.html?th=pagewanted=printposition Then the world is getting what it wants. Is there a requirement to force the dismantling of an existing system first? If so, where is that requirement documented? Nothing is preventing -anyone- or -any group- from formulating, and promulgating their own naming constructs. % Today, every nations need and must be permited a strategy towards a % national and global secure cyberspace Nothing is preventing nations from proceeding with their stratagies towards a national and globally secure cyberspace. % IAB and IETF are to design and help % the implementation. Under what charter and funding model? % Or more simply, may be kill the real time root servers concept and review % the DNS as a non God centralized system? If there was nothing to protect % because there would be nothing, we would risk far less from there. Been there, done that. The TBDS project (circa 1999/2000) eliminated the requirement for an always on, fully connected mesh, with access to any external authoritative servers, be they root, tld, or anywhere else in the heirarchy. The upshot was that the DNS is -fully- placed in the hands of the endusers. We did not replace one centralized service with another or even a collection of centralized services, e.g. no ICANN, no IANA, no nation state, no private industry, no NGO or multinational treaty organization. It was -COMPLETELY- up to the endusers. % Then? We wait for the adoption by vendors/users of the new world order while we maintain, augment, and evolve the existing, working system so as to facilitate a near-zero impact on the people, organizations, and nations that have come to depend on the system we have built. % jfc --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise).
Re: just a brief note about anycast
Hi - From: jfcm [EMAIL PROTECTED] To: Eliot Lear [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, December 08, 2003 10:27 AM Subject: Re: just a brief note about anycast ... The world wants a new network approach, more equal, more secure, more stable, safer, more innovation oriented, respectfull of national digital independance and sovereignty and IS actually switching. ... Phrases like national digital independence and sovereignty make it sound as though the real motivation for all this is to make it easier for the repressive regimes of the world to selectively disconnect themselves from the global net. Things are bad enough already. Let's not help the chauvenists of nationalism make things worse, even though the technology is already in place to allow them to do it. Admirable goals like improving network security and stability do not require increased government involvement, nor do they in any way require abandoning the existing cooperative relationship between the ITU and the IETF. The very notion of national digital independence and soveriegnty is contrary to network security and stability. Randy
RE: just a brief note about anycast
Phrases like national digital independence and sovereignty make it sound as though the real motivation for all this is to make it easier for the repressive regimes of the world to selectively disconnect themselves from the global net. Things are bad enough already. Let's not help the chauvenists of nationalism make things worse, even though the technology is already in place to allow them to do it. Long time lurker, first time writer. I wholeheartedly agree. 'Tis all.
Re: just a brief note about anycast
On Mon, 8 Dec 2003, Randy Presuhn wrote: Phrases like national digital independence and sovereignty make it sound as though the real motivation for all this is to make it easier for the repressive regimes of the world to selectively disconnect themselves from the global net. Things are bad enough already. Let's not help the chauvenists of nationalism make things worse, even though the technology is already in place to allow them to do it. Well, they think we are the chauvenists of unilateralism. If we had played more fairly and honestly, they might not be so suspicious of our motives. And its not just about disconnection. One can already disconnect if one chooses. So I think the developing world views it as about freedom from the undue control and influence of a unilateral power. Admirable goals like improving network security and stability do not require increased government involvement, nor do they in any way require abandoning the existing cooperative relationship between the ITU and the IETF. The very notion of national digital independence and soveriegnty is contrary to network security and stability. Actually, these admirable goals do require government involvement. Without laws to punish the crackers and the DDOS'rs, there is no network security or stability. One cannot fight international crime without Interpol, and organizations like Interpol cannot exist without respect for national soveriegnty. --Dean
Re: just a brief note about anycast
Hi - From: Dean Anderson [EMAIL PROTECTED] To: Randy Presuhn [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, December 08, 2003 4:50 PM Subject: Re: just a brief note about anycast ... Well, they think we are the chauvenists of unilateralism. If we had played more fairly and honestly, they might not be so suspicious of our How has the IETF been playing unfairly or dishonestly? Or is the argument that ICANN has been unfair and dishonest? motives. And its not just about disconnection. One can already disconnect if one chooses. So I think the developing world views it as about freedom from the undue control and influence of a unilateral power. ... How would replacing ICANN (or the IETF) with the ITU make things any less unilateral? As I see it, all that it would accomplish is that it would give governments and corporations a more direct voice in matters, at the expense of individual technical contributors. Randy
Re[2]: just a brief note about anycast
Dean Anderson writes: Well, they think we are the chauvenists of unilateralism. If we had played more fairly and honestly, they might not be so suspicious of our motives. What has been unfair and dishonest thus far? Dominance by the U.S. does not automatically equate to unfairness and dishonesty. The only reason there is an Internet at all is that the United States built one. If it had been up to the developing countries, the only communication available today would be paper cups and taut string, and it would be available only to a few dictators. So I think the developing world views it as about freedom from the undue control and influence of a unilateral power. These developing countries are still trying to grapple with the challenge of clean running water for their populations; why do they care about the Internet? The real concerns of the Third World are three: (1) they want more money from the West for their corrupt governments; (2) they want to suppress any form of free speech that might undermine their corrupt governments; and (3) they want more money from the West for their corrupt governments. Actually, these admirable goals do require government involvement. Digital independence and sovereignty scarcely seem like admirable goals; they are just synonyms for censorship and restricted access. Without laws to punish the crackers and the DDOS'rs, there is no network security or stability. It is not necessary to intervene in the technical implementation of the network to punish crackers and others; it is only necessary to find them. One cannot fight international crime without Interpol, and organizations like Interpol cannot exist without respect for national soveriegnty. By definition, an organization like Interpol requires the partial sacrifice of national sovereignty. If all states were entirely sovereign, no interstate police organization could exist. The same is true for the Internet (and the telephone network, and postal services, and so on).
Re: just a brief note about anycast
On Tue, 2003-12-09 at 15:15, Randy Presuhn wrote: Hi - How would replacing ICANN (or the IETF) with the ITU make things any less unilateral? As I see it, all that it would accomplish is that it would give governments and corporations a more direct voice in matters, at the expense of individual technical contributors. Randy And one important fact, is that IETF issues standards which do not contain patents... but ITU does! Cheers Franck Martin [EMAIL PROTECTED] SOPAC, Fiji GPG Key fingerprint = 44A4 8AE4 392A 3B92 FDF9 D9C6 BE79 9E60 81D9 1320 Toute connaissance est une reponse a une question G.Bachelard
Re: just a brief note about anycast
At 3:30 PM +1200 12/9/03, Franck Martin wrote: And one important fact, is that IETF issues standards which do not contain patents... but ITU does! It depends on what you mean by do not contain patents. If you mean that are not covered by any patents, then tropical living has really affected your view of IETF reality. Reading http://www.ietf.org/ipr.html will possibly drag you back to where the rest of the folks on this mailing list reside. --Paul Hoffman, Director --Internet Mail Consortium
Re: Re[2]: just a brief note about anycast
On Tue, 2003-12-09 at 15:30, Anthony G. Atkielski wrote: The real concerns of the Third World are three: (1) they want more money from the West for their corrupt governments; (2) they want to suppress any form of free speech that might undermine their corrupt governments; and (3) they want more money from the West for their corrupt governments. We could talk about AID here, but it is not the IETF subject. I would summarise like this: more than half of the AID form the US government goes to Israel only (you know what israel does with this money) USAID policy is for each nickel given, there should be 2 nickels back... Yes I know I summarise... and yes there are corrupt governments out there Sorry, I could not let it go... Please do not reply to this e-mail on the list, this has nothing to do with IETF. Franck Martin [EMAIL PROTECTED] SOPAC, Fiji GPG Key fingerprint = 44A4 8AE4 392A 3B92 FDF9 D9C6 BE79 9E60 81D9 1320 Toute connaissance est une reponse a une question G.Bachelard
