On Thu, Aug 2, 2012 at 11:44 AM, Noel Chiappa <jnc@xxxxxxxxxxxxxxxxxxx> wrote: > > From: Phillip Hallam-Baker <hallam@xxxxxxxxx> > > > to stop such things as 'Information terrorism' which is their term for > > freedom of speech. > > :-) The term comes up in their treaty. > > If the WCIT process results in an over-reach, governments can and will > > leave the ITU. > > The latter is unlikely, IMO. If the ITU were to over-reach and get away with it then it will not have over-reached by definition. One of the factors here is that a lot of the diplomats working on 'cyber' (aka information engagement, cyber security, etc. etc.) began by working on arms limitation treaties. This turns out to be self reinforcing as once the US has a person from that world in their delegation the Russians will add someone who was part of earlier negotiations with her and vice versa. Nuclear deterrence is a viable strategy because nuclear weapons are difficult to make which makes the attribution problem tractable and thus enables a credible threat of consequences. Techies know that Cyber deterrence is obviously unworkable because attribution is not possible. We can track an IP packet to Iran but we cannot state with certainty who controlled the computer who sent it. The diplomats know that this is the case but really can't accept that it is the case because they are trying to cram cyber into their 'deterrence' framework. Cyber-attacks should be considered a form of terrorism. The barrier to entry is low, the consequences are disproportionate to the effort but fall far short of a conventional attack. At this point we are at the same stage of understanding of cyber as the diplomatic community was with terrorism in the mid 1960s when the terrorist movements began to become active in Europe. The US government is doing damn stupid things like attacking civil nuclear facilities and the Russians are doing stuff that is equally stupid. The challenge we face is how to define the border between a cyber attack (i.e. an act of war) and cyber-espionage (which is not considered warfare in law). I do not take offense at the Chinese government enacting a DIY reparations program for the 'open door' policy and the opium wars. I am going to do my best to help my customers stop them, but they are acting within their rights. > > The Internet has three separate potential control points: The IP Address > > registry, the DNS name registry and the various registries for protocol > > features. > > And it is these that in my perception are really what is at risk in Dubai, > which is why I disagreed (above) that the output of Dubai will necessarily be > a NOOP. Yes, it is all about the registries. > > We need to protect the openness of the Internet. We do not need to > > perpetuate the existence of ICANN, IANA or the RIRs as > > institutions. Maintaining the institutions may be a means of protecting > > the open internet but we should be prepared to walk away from them if > > necessary > > I concur that they may be expendable, but others may differ. In particular, > will not whatever replaces them be equally targets? Yes, a shell game may > produce temporary relief, but in the end won't the replacements be equally > targeted for takeover/control? That depends on whether the registry in question is dealing with a scarce resource or a plentiful one. Having two registries handing out IPv4 addresses at this point would be very very bad. Having more than one place you can get an IPv6 from would not worry me at all. > > If the ITU-T wants to also be in the business of handing out IPv6 > > address names then give then a /21 or a /16 and tell them to go > > party. No really, choose your battles. > > I basically agree. It could have negative impacts on the routing, by impacting > route aggregatability, but it can hardly be worse that those bletcherous PI > addresses, so if it makes them happy to be in charge of a large /N, why not? SM also commented on this: > If the ITU-T wants a /16 it is simply a matter of asking the IETF for it. No, if the ITU-T really wants to do this it is just a matter of them taking it. This happens repeatedly in registry schemes. They could ask the IETF for a /16 or they could simply send a message informing us that they will be allocating out of (say) 2F00::/16 from now on and that it would be 'inadvisable' for IANA, ICANN, IETF or whoever to grant competing allocations. If people choose to route packets for the corresponding BGP adverts then they get away with it. If they can't do that then we don't need to worry about them anyway. -- Website: http://hallambaker.com/