Re: [arch-d] possible new IAB programme on Internet resilience

Christian <> Mon, 30 December 2019 11:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4D3AF12016E for <>; Mon, 30 Dec 2019 03:35:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.22
X-Spam-Status: No, score=-1.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yuI0a3JdzKJr for <>; Mon, 30 Dec 2019 03:35:51 -0800 (PST)
Received: from ( [IPv6:2001:41c8:51:8b8::184]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A9987120024 for <>; Mon, 30 Dec 2019 03:35:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=tranquility; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject; bh=smesfkdgeLfjQJ0oYkOca3hVKMa+xm3A4XUozv98RxU=; b=3Z+7Vxk9aIe8EWbsAs5aS0iW/SfPlN0bs1ejiNbINNCmKw7CoPr7mxV7llbXTH6JFlb/KdfUSENdFffqb94cfrrFYtLG0Uez1gxjYhdiF/t76Lg7L2osbQG1bSLZs8CjSQP0BYw8dUT4Kmz6yu0da/rfZ7owyNiNiJstAtzNSW4=;
Received: from [] (helo=[]) by with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <>) id 1iltKu-0006uz-7V; Mon, 30 Dec 2019 11:35:48 +0000
To: Vittorio Bertola <>, =?UTF-8?B?UGF0cmlrIEbDpGx0c3Ryw7Zt?= <>
References: <> <> <> <> <LO2P265MB05733E4BD5A72EDEF96D3DE2C2290@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM> <> <> <> <> <> <> <> <>
From: Christian <>
Message-ID: <>
Date: Mon, 30 Dec 2019 11:35:46 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [arch-d] possible new IAB programme on Internet resilience
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 30 Dec 2019 11:35:53 -0000

Hi Vittorio,

I don't understand your objections.

Are they?

- DoH is out of scope for IETF? ( I would say it is well within scope 
and mission to support end to end security)

- DoH is a bandaid patch that gives a false sense of security for users 
as it is not end to end or consistently available? (I have some sympathy )

- DoH when it is implemented and is working .. big if's . Breaks monkey 
in the middle practices to first resolvers. It has been clear for years 
these paths are going to have to be secured in time. Which is why so 
many have warned those doing these things against becoming overly 
dependent on the drug of digital predation.

- DoH adds to the already over dominance of browsers as data and privacy 
sinks? (sigh - this is really broken architecturally. Can users trust 
browser vendors to not spy on them with the current controls available ? )

-  IETF has been captured by people who are using DoH to capture this 
slice of the monkey business for themselves? (presumably you refer to 
browser vendors? if not who?)


On 30/12/2019 09:56, Vittorio Bertola wrote:

>> Il 29/12/2019 17:25 Patrik Fältström <> ha scritto:
>> So, if people do not like what IETF do, people just ignore IETF.
> However, what happened in other cases (at least, in the DoH case) is that the people that had to choose whether to embrace what the IETF had done were the same ones that had worked in the IETF to get the protocol released, so of course they chose to adopt it.
> The problem was rather that, while this decision had significant policy implications, that set of people was pretty small and partial in comparison to the set of people that would be affected by the policy implications. So, seen from outside the IETF, this was exactly a case of a few people exploiting their position - not a political power position, but a corporate/technical power position - to impose their desired policy and values onto everyone else, which ironically is what the IETF claims to reject in principle.
> Of course the IETF can then claim that, when these people decided to implement the protocol in a way that could disrupt lots of stuff for lots of other people, they were not wearing their IETF hat, but their own employer's hat... but this is just going to upset the rest of the world even more, as it looks like a cheap excuse for not taking responsibility.
> So, documents like RFC 7258 are a strong, unilateral policy decision, and claiming that "we just write them, then people are free to follow them or not" is not going to fly.
> On the other hand, I share the concerns that were expressed by several people on the practicality of a single monolithic global policy-maker for the Internet, which IMHO will never be able to exist properly until a form of democratic planetary government will exist, which is possibly still several decades away, maybe centuries away in the future. But, as I said, the need for global Internet policies will not go away just because we do not know how to fulfill it - they will just be decided in other ways, a huge private oligopoly being the most likely and the scariest one.
> Now, if we think that this discussion is off topic, we can get back to discussing an IAB charter on resilience... however I think this is a crucial issue that will determine if and how the Internet will still exist in the future.
> (P.S. - for the person who marveled at the number of 200 countries in the world - the U.N. currently has 193 member states plus two observers)