At 1:05 PM -0500 12/31/12, Phillip Hallam-Baker wrote:
On Mon, Dec 31, 2012 at 9:51 AM, John Day <jeanjour@xxxxxxxxxxx> wrote:
Phillip,
The reason that rule is useful is that just as it is ridiculous for the US representative to the ITU to attempt to convey the positions of Comcast and Google, it is no more practical for one person to represent the position of Cisco or Microsoft.
Then I take it from this comment that you believe that all forms of representative government (and reaching agreements) are ridiculous?
MPs and Congressmen are elected decision makers. ITU participants can make decisions but they are not binding on anyone and only have effect if people like me choose to implement them.
This was my point. The standards part of ITU is just like any
other standards organization. But there are other things it does which
are not like this, e.g. spectrum allocation. There are other
aspects with respect to tariffs that are binding on signatories.
Representative democracy without the elections part has neither.
Neither of what?
And it may have escaped your notice but pretty much every government in the developed world tries to limit the scope of their authority these days. They have discovered that they prefer to concentrate their influence on a narrow scope and thus maximize it.
That also was my point, if you had read to the bottom. In
fact, I would suggest that the delegations of the developed world made
a mistake assuming that the scope of the ITU was the same as it always
had been. By doing this, they gave up ground they didn't need
to.
Surely you don't believe that pure democracy will work? That myth had been dispelled 250 years ago.
I lived in Switzerland for two years. They have a government that passes a budget. How is yours doing?
I am sorry but I am not sure what Switzerland has to do with this
discussion. Last time I looked they had a republic
(representative) form of government not a pure democracy. No one
every claimed it was efficient.
The process of a representative form for creating agreements seems to be (as flawed as it is) about the best we have come up with.
ITU is not a democratic organization, nor does it aspire to be. So it is not representative in the slightest. Reciting slogans does not mean they are applicable
No one claimed it was. In fact, quite the opposite. I
claimed it was organized as a republic form, which does what it is
members vote on. It turns out its members are countries.
(As I indicated below, I am not sure in the changed circumstances this
is appropriate.) Actually one thing you seem to have missed,
which I thought you would have jumped all over. Generally, ITU
meetings require unanimity to have a consensus. This time they
went with a simple majority. I would have thought this would
have created a fair amount of consternation.
Wrt its application in standards outside the ITU it works the same way. When a voluntary standards organization organizes by country, it is to give voice to the small companies as well as the Ciscos and Microsofts. The big guys can send 10s of people (which represents a different problem) to meetings all over the world. The little companies can't afford that but they have an interest. Providing the means for them to agree on what their interest is and to make it heard is equally important.It sounds like you are arguing for the hegemony of the robber barons moved to the 21stC.
I deal with the world as I find it. It is very difficult to change the Internet without the support of a Microsoft or a Google or a Cisco. There are a ten billion endpoints deployed. The real obstacle is the hegemony of the installed base.
;-) Why is that daunting? ;-) I hear that
excuse often. If we had had that attitude when we started this
effort 40 years ago. We would still be patching the PSTN.
There would be no Internet. Do you think the Internet was a success
because we convinced IBM and AT&T it was a good idea?!! I am
sorry to see that the younger generation is so faint of heart.
Can't take a little challenge!
Actually, it isn't the ITU that is in the way. It is the
structure of the IETF that gives the big players such power.
Where the problem comes in is when you have a proposal that requires the active support and participation of stakeholders like VeriSign. When I told the IETF that DNSSEC would be deployed in dot.com if and only if the opt-in proposal was accepted, I was stating the official position of a stakeholder whose participation was essential if DNSSEC was going to be deployed.
It was a really minor change but the reason it was blocked was one individual had the crazy idea that blocking deployment of DNSSEC would cause VeriSign to lose dotcom. He was not the only person with that idea but he was the only person in a position to wreck all progress in the IETF if he didn't get his way.
For projects like IPv6 the standards development process needs to be better at identifying the necessary stakeholders and ensuring that enough essential requirements of enough stakeholders are met. Otherwise we end up with yet another Proposed Standard RFC that everyone ignores.
I would disagree slightly. It is not task of the SDO to identify the necessary stakeholders but to ensure all of the stakeholder are represented at all levels. The problems you describe above result from breaking that rule.
I think the idea that the stakeholders want to participate is a mistaken one. VeriSign particpates in IETF. Some of the backbone providers do. But many do not.
Self-fulfilling prophecy. The structure of the IETF makes
it difficult to impossible. So why should they waste their
time?
So the frequent result is that IETF develops a widget and the deployment showstoppers are only discovered during deployment.
That is just bad design. I am not sure I would admit to
that if I were you. It doesn't look good. Indicates that
the IETF does not understand its constituency.
It can get really lonely pointing out to a group of people with some idea their are bursting to implement that they need to at least talk to the application providers they need to adopt their idea.
Why? The WCTU said, never marry drunkard to reform him.
They will find out soon enough.
The question is what, if anything, is there left relating to wireline communication that requires agreement among *governments*? I can't think of much.
They need to come to an agreement to ban cyber-sabotage like they have banned chemical and biological weapons.
Do they? Don't you think it is interesting that the
countries crying loudest for this are the source of much of it and
have sufficiently authoritarian regimes that they could shut down next
week if they wanted?
It is far from clear to me that such an agreement would be worth
the paper it was written on, unless it is possible to prove (which we
can't in 99% of the cases) that it was a State that mounted the
attack.
Right now we have a group of US, Russian and Chinese military types all looking to make their careers at the forefront of the new cyber arms race. The military managed to piss away trillions of dollars in wealth with their cold war, now they want to do the same in cyber. The cold war was ultimately won because the youth of East Germany simply walked away from the regime.
You really believe that?! The cold war was won, because
Gorbachev *chose* not to repeat the response to the Hungarian and
Czech revolts of '56 and '68. Tian An Men provides a good
counter-example. You need to read Lutwack's Coup d'Etat: A
Practical Handbook. Walking away isn't sufficient.
Like chemical weapons, cyber weapons are far more bark than bite and what bite there is can hit the attacker. Stuxnet and Flame were crafted to attack Iran, the vectors were repurposed and targeted at the US days after they were discovered. We also have the interesting precedent that the UK has launched a cyber sabotage attack against a nuclear facility declared as civil and under an IAEA inspection regime.
We can't stop everyone from developing cyber-sabotage capabilities but we can push efforts that occur so far underground that they can't poison attempts to deploy effective defenses. The US and Chinese critical infrastructures may be separate at a physical level but they are tightly coupled at a logical and economic level. Any weapon that affects one is at least capable of bringing down the other.
This was another point I made although not specifically on
cyber-security. If you look closely at these kinds of attacks they
have little or nothing to do with the functioning of the *Internet.*
They have a lot more to do with what the Internet is used for.
(This is like saying the ITU has some sort of authority over what is
said over the phone. Not something I think is a good idea, although
apparently you do.) Which tells us why the authoritarian regimes
are so big on pushing it. They see cyber-security treaties as a
means to increase their control for domestic suppression and isolate
their populations. Support it if you want, but I certainly would
think twice about it.
That is the task that the ITU should be addressing.
Gawd! I hope not.
It might as well get started on it because one consequence of the Dubai debacle is that the remaining ITU standards efforts have been compromised.
The ITU standards efforts were unaffected and irrelevant to what
happened in Dubai. which is too bad. For 30+ years, I have
described their standards efforts as targeted a market window 15
minutes in the future. Even before you get to how badly flawed
they are technically. The ITU standards effort is just another
ho-hum voluntary standards group like the IETF, or IEEE, or ASTM, or
EIA, or ICAO, or even ISO.
Take care,
John Day