Re: [arch-d] possible new IAB programme on Internet resilience

John C Klensin <> Sun, 29 December 2019 17:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 29857120089 for <>; Sun, 29 Dec 2019 09:11:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id g-USi868gfBi for <>; Sun, 29 Dec 2019 09:11:27 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2418D12007C for <>; Sun, 29 Dec 2019 09:11:27 -0800 (PST)
Received: from [] (helo=PSB) by with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <>) id 1ilc66-000NZD-Rf; Sun, 29 Dec 2019 12:11:22 -0500
Date: Sun, 29 Dec 2019 12:11:17 -0500
From: John C Klensin <>
To: =?UTF-8?Q?Patrik_F=C3=A4ltstr=C3=B6m?= <>
cc: Stephane Bortzmeyer <>, Andrew Campling <>,
Message-ID: <E2AECF379F565BB6E310DC17@PSB>
In-Reply-To: <>
References: <> <> <> <> <LO2P265MB05733E4BD5A72EDEF96D3DE2C2290@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM> <> <> <LO2P265MB0573D63DA3AB1BC61CB53693C2250@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM> <> <>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
Archived-At: <>
Subject: Re: [arch-d] possible new IAB programme on Internet resilience
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 29 Dec 2019 17:11:28 -0000

--On Sunday, December 29, 2019 12:18 +0100 Patrik Fältström
<> wrote:

> On 29 Dec 2019, at 10:39, Stephane Bortzmeyer wrote:
>> On Sat, Dec 28, 2019 at 06:32:54PM +0000,
>>  Andrew Campling <> wrote
>>  a message of 229 lines which said:
>>> The lack of an effective, global policy making body for the
>>> internet is a problem that needs to be addressed as it is a
>>> significant gap.
>> This statement is questionable. As noted by Randy Bush and
>> Brian Carpenter, such a body would have an extraordinary
>> power (in the past, even the worst dictator had a power
>> limited to the borders of the country), and then we would
>> have to think about how to limit and control that power.
> And more importantly, IF there is a governance body, there
> must by definition be something that is to be governed.
> I have hard time understanding what that could be.
> Coordination is something completely different, and we should
> aim towards continuing the effective coordination we have done
> so far.

Patrik (and others),

I've been trying to stay out of this, but I think you (plural)
are, at best, oversimplifying the situation.  There is a tested
model for doing exactly what several people have suggested would
be difficult or impossible.  That is to declare a particular
communications medium (or, for that matter, something else) to
be a national asset and/or problem and then treat the points at
which traffic crosses national boundaries as a border crossing
issue.  That is almost exactly what was done with the PSTN back
in the days before deregulation, when most or all carriers
within countries were either run by the government or very
tightly regulated and when international exchange points were a
matter for treaties, often bilaterial ones, and eventually
treaties within an international regulatory framework.  The
analogy is less clear and more obnoxious, but one could say
almost the same thing about international trade in pornography
and illicit drugs, especially because the definition of what
should be treated as illegal differs from one country to another.

The PSTN experience shows that what "can be governed" is
content, modes of information exchange, who can carry traffic
across national boundaries and under what conditions, and even
who has access to the relevant systems.  We've also seen
national bans on cryptography and regular demands for law
enforcement access to keys or back doors into algorithms.  That
we have successfully pushed back on some of those attempts in
the past is no guarantee about the future.

Pretending that the IETF is solely concerned about technical
matters doesn't really work either and we are not consistent
about it.   RFC 7258 is ultimately a political statement because
the attack it focuses on is an attack on privacy.   The
desirability of privacy is a shared value among most IETF
participants (even though we have some disagreements about what
is important to be protected and from whom) but its value is
definitely not recognized (and recognized in the same way)
internationally.  It could have been a more technical statement
if it had said "if one embraces the following values, then PM is
bad news and the following should be done (or not done)", but it
doesn't.  The contrast with RFC 8404 is interesting because the
latter is much closer to an "if you/we do X then the operational
consequences are Y" technical statement.

My own concern is the possibility of some well-publicized
incident or set of incidents triggering demands that
legislators, regulators, or other governmental bodies Do
Something and the very high odds that what they do will be
ill-advised, especially if the IETF and similar bodies are doing
work that is easily portrayed as not policy-neutral and that
have clearly failed to prevent whatever the triggering events
are.  I am not proposing this (partially because I think we are
likely to get it wrong) but, if we really wanted to be
policy-neutral, documents whose tone was closer to "we think
doing X would be really bad because Y but, if you choose to do
it, here is how to minimize collateral damage" (where X might be
"PM", "disconnecting from the Internet", "wholesale filtering
based on content", "banning encryption without back doors", or
other things), might be  
much more helpful than the path we seem to be on, that IAB
programme as it appears to be shaping up from this discussion

Thanks for reading this far; back to lurking.