On Fri, Nov 6, 2009 at 5:55 AM, Steve Crocker <steve@xxxxxxxxxxxx> wrote: >> One of the problems of living in the US is that there is really very >> little experience of long lived institutions. Let us stipulate for the >> sake of argument that all the current staff are competent, what >> guarantees do we have for situation 20 years from now, how about 50? >> How about 500? There is a College in Oxford that is currently facing >> the imminent expiry of its 499 year lease. > > Yes, one of the problems of living in the U.S. is it's a young country that > is unafraid to invent, experiment and reflect on its institutions. Thus > comes the Internet, invented even though we have the oldest operating > democracy. The US Constitution was an attempt to recreate the English Constitution which at the time was at least 500 years old with incremental improvements based on the best research of the day. It was 'built to last'. The founders took the time to understand the security risks and built in checks and balances. ICANN is not built in that fashion. It has no reall checks or balances, just a set of people who airily dismiss the notion that they might have a duty of accountability. After every revolution, the plotters withdraw into a cabal and carve up the power. >> Steve, it appears that you do not understand the security concerns >> that are driving the politics of DNS. >> >> The concern that ICANN might drop the Palestine zone out of the root >> is precisely the source of the Egyptian delegation concern. That is >> the reason why the ex-Interim Prime Minister of the Palestinian >> authority took the time to meet with Twomey, I can assure you that it >> was no social call. >> >> The concern that ICANN might drop Cuba out of the root zone is one of >> the principal drivers of the Brazilian concerns. >> >> The Russian and French delegations have no specific concerns that they >> have voiced to me but they certainly understand that ICANN has power >> over the communications system that is only checked by the US >> government, if at all. >> >> Some folk in the old US State department thought this situation was >> just dandy. Some folk in the new administration are less than happy >> with the situation. It means that all it takes to create an >> international crisis is for some fool in Congress to put in a bill to >> force ICANN to drop Cuba, Palestine or whatever other country they >> want to grandstand against out of the root. >> >> There is no particular secret to learning these concerns, you just >> have to do some active listening. > > We're pretty far afield. Conspiracy theories are easy to create. Conspiracies happen. You are playing in the big leagues here. Those people you dismiss as 'conspiracy theorists', they made the events of the latter half of the 20th century happen. they spent thirty years doing things like situating the West German TV masts in places that intentionally creat overspill into East German areas, developing technical standards that ensure that the East Germans can watch. It is easy to tell a nutty conspiracy theory from a real one, the nutty theory will be discussed endlessly (Roswell, JFK, etc.) the real conspiracy theories are ignored. We know for a fact that Col. Ollie North was supplying arms to the Iranian government and using the receipts to supply Latin American terrorists. That is an incontrovertible fact, it was a conspiracy but we don't need to talk about it because we all know it is true. > I have > listened to these sorts of arguments, including directly from the principals > of some of the countries. Simply not connected to reality, but definitely > understandable in terms of the broader long standing, slowly evolving > geopolitical drama. No, that is their reality. Like you, I have been in the meetings where cybersecurity is discussed. I am pretty sure you know that the policy of the US State department is and has been for some time to ensure that the Internet is as free as possible from censorship controls as a means of destabilizing authoritarian regimes. These are not conspiracy 'theories', they are conspiracies that you and I know are fact because we have been a part of them. >The Internet is the political pawn of the decade. It's > important to sort out which issues are specific to the Internet and which > are really proxies for the broader east vs west, north vs south, developing > vs developed political tensions. No, it is not important for you to understand the reasons behind the concern at all. What you have to do at ICANN is to deal with the concern of your customers regardless of whether or not you consider them to be well founded. >> Whether the concerns are credible or not, they are genuine. And some >> of the people who hold them have the power to ensure that DNSSEC is >> not deployed in their country. > > The decision whether to deploy DNSSEC within an existing ccTLD is up to that > operator. Those decisions will be based on a wide variety of factors. Some > have already deployed. Many more are in the process of doing so and will > move forward more rapidly when the root is signed. Others will delay or > choose not to, either for lack of resources, concerns over various > pragmatics, or, as you say, for political reasons. Fortunately, the benefit > of DNSSEC is incremental. The whole system doesn't unravel is some subset > of the TLDs choose not to implement it. It's a bit early to know whether > the number of zones that will be permanently unprotected will be zero, a > small number or a substantial number. Let's revisit this in a few years. Or how about we look at the totality of the requirements now and start fixing them now. >> Let us imagine that some Florida Congressman decides to grandstand >> with an amendment to force ICANN to drop Cuba out of the root. The >> preparations to protect against the damage would begin the minute the >> bill was published. The Internet community is pretty quick to respond >> in such cases, I don't think it would take more than a day before >> backup roots were ready to deploy if necessary. >> >> Since it is pretty clear that the rest of the world would move to a >> non-ICANN root regardless of the level of reliability it provides in >> preference to a root that is intentionally broken by the US Congress, >> the contingency planning does not need to be particularly thorough. >> This is explained to the Congressman by the State department in words >> of few syllables and the bill is quickly dropped. >> >> Note the interior political dynamic here. The problem is not 'the US', >> it is one egotistical member of Congress who has the power to create >> an international incident through grandstanding. > > You're inventing a scenario and choosing your inferences. Good plot for > pulp fiction. No, I am setting out a realistic scenario that illustrates a valid class of attack and you are choosing to attack it with ridicule rather than taking it seriously. I do have the standing in the community to demand a response here. At the moment I am arguing here in the IETF forum, but there are other forums open to me. I am speaking on this at RSA next year. The press will be present. And I regard this entire conversation to be on the record and official. >> DNSSEC completely disrupts that delicate balance of interests. If the >> DNSSEC root of roots is widely deployed in embedded devices according >> to current plans, a defection by ICANN becomes a real risk. At that >> point there is no certainty that the plan to drop out Cuba will fail. >> Most importantly, the State department now has to spend real political >> capital to ensure that the bill is dropped - if it chooses to do so. >> Perhaps the President prefers having their vote for Health Care or >> whatever. > > ICANN is accountable and transparent. You're creating a conspiracy scenario > that really doesn't have a basis in fact or even in possibility. Precisely what part of the scenario do you consider implausible? Take a look at the grandstanding that the GOP and the Cubanista community took part in during the Elian Gonzalez affair. Do you really think that it is beyond belief that the people who exploited a seven year old kid to further their political careers would not stoop to creating this type of crisis if they got the idea? And whatever you think is the case, do you imagine that it is worth trying to persuade the rest of us that it is not. >> Now you have two approaches that you can take here. The first is that >> you can continue to ignore an issue that has created real concern >> outside the US, or you can look at minor modifications to the DNSSEC >> architecture that allow the concerned parties to be co-opted. > > Discussion of architectural changes to DNSSEC belong in the DNSEXT WG. No, this is a policy issue. The DNSEXT working group has consistently taken the approach that it has taken so long to get to this point that it is going to ignore all new requirements, including deployment requirements until deployment is complete. It has taken fifteen years to get to this point so the only thing to do is to stop asking why. Such groups are unlikely to solve the problem. It is your job at ICANN to determine what the deployment requirements are for DNS Security and communicate them to the relevant parties. Simply passively waiting for the IETF to think up the requirements of its own accord is not going to work. It certainly has not worked to date. It will be another fifteen years before you have deployment at this rate. >> The real political problem here is that the Internet does not provide >> enough important jobs for everyone to feel included. So a technical >> architecture that provides more jobs for people to do, provides a >> means of co-opting those parties. > > Discussion of political problems related to lack of employment seems pretty > far afield for an IETF discussion list. Discussing the issues of inclusion are something that the IETF list spends a very great deal of time doing. > With due respect, we're well into an entirely different set of topics from > yesterday. I'm breaking off at this point. So you break off at the point I suggest a solution, nice one. >> If you look at the original Web of Trust paper by Phil Z. you will >> note that his original plan had an option for quorate voting to >> establish trust relationships, an idea later implemented in SDSI. A >> mechanism that allowed for multiple root signers would give the >> Brazilian, French and Russian delegations something to take home to >> their governments and say 'this is how we can address the >> concentration of US interest'. >> >> We have 13 root servers, we should plan to have at least 13 apex >> roots. In fact we should allow anyone who wants to do so to become an >> apex root signatory and relying parties should have the option to >> choose whoever they please as and whatever voting criteria they >> please. >> >> The nice thing about this approach is that it re-establishes the >> previous situation where the risk of defection is controlled by >> removing the expectation of success rather than through the >> traditional approach of making defection difficult. No single apex >> signatory would be universally trusted so there is no risk of >> universal failure. And each relying party chooses multiple apex >> signers to trust so defection by a single signer does not even result >> in a local failure. If there is no expectation of failure there is no >> reason to default. So the only failures that might occur at an apex >> signatory would be through mistake rather than malice. >> >> >> This situation is considerably better for ICANN as well, if we replace >> 'Cuba' with 'Palestine', the CEO and staff of ICANN are suddenly on >> the front line of an irredentist dispute. What do people fight over in >> irredentist disputes? They fight over symbols, the WTC was attacked in >> 9/11 because its owners had set themselves up as a symbol of the >> capitalist system. >> >> Now as I said earlier, you can continue to ignore such security issues >> and tell everyone that they should not be at all worried by your >> friends. But lets face it, DNSSEC has been 'about to' deploy for the >> past ten years and has been 'expected soon' ever since I first met you >> almost fifteen years ago. >> >> You cannot deploy an infrastructure change by designing to the 80:20 >> rule. You can't even do it by addressing the concerns raised in the >> working group. You have to go out there and look under the rocks and >> find out what is lurking there. >> >> Again, DNSSEC is a security protocol, your intended early adopter >> audience is made up of people who are unreasonable and paranoid. So >> don't complain when we say that we do not trust ICANN. >> >> >>> o There's no basis at all for saying anything at all about what strings >>> ICANN would attach to support for the root operators. The root operators >>> aren't asking for support, so the question simply hasn't come up. >> >> But that overlooks the fact that only four of the root servers >> survived the great DDoS attack. And two of those are run by VeriSign. >> >> So ICANN's failure to recompense the root operators for their services >> further deepens the vendor capture issue that is the reason that >> Twomey really was never worth three quarters of a million bucks a >> year. >> >> >> -- >> New Website: http://hallambaker.com/ >> View Quantum of Stupid podcasts, Tuesday and Thursday each week, >> http://quantumofstupid.com/ > > -- -- New Website: http://hallambaker.com/ View Quantum of Stupid podcasts, Tuesday and Thursday each week, http://quantumofstupid.com/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf