[arch-d] Centralization or diversity

"Martin Thomson" <mt@lowentropy.net> Tue, 05 November 2019 22:58 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B9B712008F for <architecture-discuss@ietfa.amsl.com>; Tue, 5 Nov 2019 14:58:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=r4gwqwVA; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=bGH1yDEp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TP_JGC6-uENT for <architecture-discuss@ietfa.amsl.com>; Tue, 5 Nov 2019 14:58:33 -0800 (PST)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D774E120025 for <architecture-discuss@ietf.org>; Tue, 5 Nov 2019 14:58:33 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 517D35B4; Tue, 5 Nov 2019 17:58:33 -0500 (EST)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Tue, 05 Nov 2019 17:58:33 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:date:from:to:subject:content-type; s= fm3; bh=XNXPII2SoWmpeqMKQcUx7ecStka5FuTiwe27e4JPAN4=; b=r4gwqwVA BbaulTcIj0NUTKVHMl2ocM30WxNaMttht9hLt7X5D8JY8MWuY5dZciy3FZkRRzQx BlSaCrBoD1bQ4k1fCGQ689naAlf2B6KDlg77oJ4W3Avib8329XkDY5osEdTaWFn+ g3jWUZbIprenhQc8uUuRQB3cd+7jje/0xp2YHcf2g84LM9+3CNAWUsF/6L7XV84d afo6WQFQuXMYV1qvQ9S/1DIhvzs2ckSKlZ3uJr2eAFss7eC1BXqyX9OY2+8e2ZDo K3jQ0FA6DUUM/ax9wk9QF5DMCyDO9G7JueE6MqfrvdL1odDgx0k3QRS91vPnrNc8 wPKj08n07kGQng==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=XNXPII2SoWmpeqMKQcUx7ecStka5F uTiwe27e4JPAN4=; b=bGH1yDEplK2N07e1aVlCYWBUTXqKL4rFeiYf+zIsjiEi6 fv7LQScoH/HZXYLh0l5dwwlsXiE2CTXVxpGWfkK7Hc+mV2trnJvXpSlV0kAUoLNn KhQNkWH5dMAy3/w5JsAdhAtBfXY5d1VUW5d4imKZzgkJnqrUhEZWDSjEd/XD00xU UsaNgmfl0I97fgBvBUEEfsSgjD8ZX7M5xBtVPJ5zeW2XuB8TbZQ4w/sCrL2uK2QQ IBXcDTEgvTPJ42WkJTdPtvsPIARHnJvqVuLh+3CM1Sfz5iEAok7i7MNylpS4k8yY GntRHCkRHmmfdNOYVjlzK/2KPXJ7h8WUIXjfRDqtg==
X-ME-Sender: <xms:lf7BXUACmWnjkGj3t2Uiup2Vs7U0vvr_Yoyn948ghSnExDLDDdBCZw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrudduiedgtdegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkfffhvffutgesthdtredtreertdenucfhrhhomhepfdforghrthhi nhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecurfgrrh grmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvghtnecuvehluhhs thgvrhfuihiivgeptd
X-ME-Proxy: <xmx:lv7BXQmAFZpSL9-IAnWdO8MkUd6dalEvfJguj-dNeS_MwHteD_jPbA> <xmx:lv7BXcjlJdCmBw81-bZe5lT9inFINA4wLRANkqKkoalZc5TGtcMZfg> <xmx:lv7BXShp4mp19Ci0jTvB1227R4WGZIy3U0gXSv1lhWbEuv2LD_30PA> <xmx:mP7BXcvxEYAsdqJ2lCydIFrLZ5rwh6QYCBOSqa15RYiUIh2ypeuSyw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id E158BE00A5; Tue, 5 Nov 2019 17:58:29 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-509-ge3ec61c-fmstable-20191030v1
Mime-Version: 1.0
Message-Id: <3db77634-6edf-4047-b758-f83a462420b7@www.fastmail.com>
Date: Wed, 06 Nov 2019 09:58:08 +1100
From: "Martin Thomson" <mt@lowentropy.net>
To: architecture-discuss@ietf.org, "Jari Arkko" <jari.arkko@piuha.net>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/Oo4L389TadWcw6-jVR2zLZv_Ngk>
Subject: [arch-d] Centralization or diversity
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2019 22:58:36 -0000

Having just read draft-arkko-arch-infrastructure-centralisation, I was struck by an observation.

The draft specifically calls out the notion of a single point of failure being a problem.  But my experience with centralized services is that they aren't centralized in the fault tolerance sense.  If I look at the big services, that scale is only achieved with careful distributed systems design.  Name any modern service of even modest scale and you generally find excellent fault tolerance.

This draft really wants to say something less negative: that it values diversity on multiple axes.  The draft covers:

* fault domains
* geopolitical
* organizational

To which I might add:

* geographic
* implementation
* infrastructure (power, network, hardware)

There are probably areas of diversity that are less valuable.  Protocol diversity has the effect of forcing divisions.  I tend to think that cryptographic diversity divides the limited resources available for protecting and assuring system integrity.  And diversifying where standardization happens is almost certainly bad [RFC5704].

Finally, I don't like the emphasis on DNS in this document.  It only serves to sensationalize.