Re: [arch-d] Centralization or diversity

Andrew Campling <andrew.campling@419.consulting> Wed, 13 November 2019 06:57 UTC

Return-Path: <andrew.campling@419.consulting>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD3111200CD for <architecture-discuss@ietfa.amsl.com>; Tue, 12 Nov 2019 22:57:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft5189650.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eUCdReCDGrij for <architecture-discuss@ietfa.amsl.com>; Tue, 12 Nov 2019 22:57:34 -0800 (PST)
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (mail-eopbgr100079.outbound.protection.outlook.com [40.107.10.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 203EE120851 for <architecture-discuss@ietf.org>; Tue, 12 Nov 2019 22:57:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YppsvgFQhtirWbxTiQ425inhfb5E4sKuyzgMOxKIp6NLXw9qw3O0+R8NijWBQuvjSHo2SqZgUI+rfzJzU3DomHt2oiH2NmUvi+MmGld5Ie0dhdpUAas/+/V9KLA1fC1vkTk/ZpamInQbxOWLVxAt9gpYpvh0bEKJ4+3wvyCh8kXo7JxO35xRak1zPKAiW/salawPbWNsRO7PJrxomip4QOflUu5yOUtPC0fW9neae3HTliXRuz7cWSk75XMYExhaTRrZcBJ2KSktEDv3WgzYscQlJSz88SMRpX14E1W1rEd2jDFed8Fg4FN9xma2rG64YU1o7rO9ndDKYek1WOc/7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DgXjAs8OUbzVc11yH4wagFdlxNU9m6VWYbjAGm2LTqI=; b=bcqt7R0bwYzHgX0iOiygthUwd9Bgf/1VbzpgJmlpEynzMsUN4SM2pt3HHua3DaKULppNOWCUGo549skc63m/ZA8+DIUJp2r4tFurnchg49HRKWBsPwJqYunhAcmPOCYihHs4+IkDMAOxeV59C+RXNTMDUYgx94T1VMnAY7MDv6pwqIvYhar4c9y6rvzpAAfvvPvRGOBPA3jMs3Znp0KV+Kum3HKtZ7qWogk8iVMOPvPVBYOvMB5765BzTNEhi0c+uPttJ70wHt0Kf/4LkLConzXc8PJChKWMFc1GToJYekU7SsjbT2sa2Ex65iXDq1jePpVlfYBZ0tSTjqtH6BOQTg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=419.consulting; dmarc=pass action=none header.from=419.consulting; dkim=pass header.d=419.consulting; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT5189650.onmicrosoft.com; s=selector1-NETORGFT5189650-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DgXjAs8OUbzVc11yH4wagFdlxNU9m6VWYbjAGm2LTqI=; b=rFnGdloLpFizch9h3rnXXb/hEraDcdJ6fEXkuALHg8Z1tQwfb1v7oAofZjVFW9sDXSntqZDVprZzvf0nTtuU3apGsb9ELFP/iaSFJ/4ZJEhjbO+f946hVt+QbQ5HZP9gGdNzEJUWr0tcrxJiKmw46TKjRGBdgxvzsaxHXBf1OMM=
Received: from LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM (10.166.85.15) by LO2P265MB0542.GBRP265.PROD.OUTLOOK.COM (10.166.99.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.23; Wed, 13 Nov 2019 06:57:31 +0000
Received: from LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM ([fe80::11f9:b3d3:221d:6712]) by LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM ([fe80::11f9:b3d3:221d:6712%7]) with mapi id 15.20.2430.028; Wed, 13 Nov 2019 06:57:31 +0000
From: Andrew Campling <andrew.campling@419.consulting>
To: "architecture-discuss@ietf.org" <architecture-discuss@ietf.org>
Thread-Topic: [arch-d] Centralization or diversity
Thread-Index: AdWZ752tpDRmE2LzSyqR1/ftRTJmbQ==
Date: Wed, 13 Nov 2019 06:57:31 +0000
Message-ID: <LO2P265MB0573A1353911BFDD554DE5C8C2760@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=andrew.campling@419.consulting;
x-originating-ip: [109.151.10.212]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 35cdf942-c086-4eb3-026a-08d76806c15f
x-ms-traffictypediagnostic: LO2P265MB0542:
x-microsoft-antispam-prvs: <LO2P265MB0542BEE3E87CE18FCD35972DC2760@LO2P265MB0542.GBRP265.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0220D4B98D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(396003)(136003)(39830400003)(346002)(366004)(376002)(189003)(199004)(52536014)(33656002)(2501003)(66574012)(30864003)(66066001)(66476007)(66556008)(186003)(2351001)(6506007)(55016002)(64756008)(9686003)(66446008)(76116006)(7696005)(66946007)(5640700003)(5660300002)(6306002)(476003)(229853002)(102836004)(6116002)(6436002)(3846002)(99286004)(14444005)(25786009)(256004)(6916009)(508600001)(316002)(86362001)(71200400001)(966005)(8936002)(14454004)(6246003)(44832011)(2906002)(8676002)(7736002)(305945005)(74316002)(71190400001)(26005)(81156014)(81166006)(486006)(46492004)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:LO2P265MB0542; H:LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: 419.consulting does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rrNAR0tsjQu3rWtD+DvyF6HTs+fE56yBUwvf1R2oTDU0zMSCWbZvjkehw7nb2nIjzatkGkLDuS7a7UWsS90qeYJSfIgYnWco/U5ggFP3PVk0x0oZ8b1mQBIyhJJlVh4UsEc/cU3XDZ/ceJXz58lyD4tnlGET6uJzfBmnsLKWtKOy8OQaxH0WT3o4MmRD2AxR83ALpFJoGLwFcn8fAQOh64a0Mya2yEYRytKm+zYlqFVIQJ/e8EAMJQWgLyI/bW4xU+oB7Uc6V2TaB4QDV96MW/LPQPH3AIZqaqXJfbMtnZrQEe96HUMWayUfepPGI5xSaxQlkwnWakZxZwOQcpqaKSt47WIqoA6Uku0WoY+dn1Oa5ozNQbq+3nv5zXjEXCDLXowoc0aY0b4v8f8LpPfUkiX6+uDXjHeoysSi1JLb6k8JtaZGvaRDdUwb4YYDi0aY
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_LO2P265MB0573A1353911BFDD554DE5C8C2760LO2P265MB0573GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: 419.consulting
X-MS-Exchange-CrossTenant-Network-Message-Id: 35cdf942-c086-4eb3-026a-08d76806c15f
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2019 06:57:31.8826 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c2ced3e-7522-4755-87dc-f983abc66ec3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PVn/gGiX1BGa8l6uxW60WHbJDlBfFseCqIrQY8H7HwKKo+wzbSV/eLpd+K/4DY6AUDrCPd4nMe8iYq7LNaLgiJfZT22hjZ7fxNMn8vIUG8A=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P265MB0542
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/mzaxG3aPcPIMikho70_EFwDb6nY>
Subject: Re: [arch-d] Centralization or diversity
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Nov 2019 06:57:37 -0000

"Martin Thomson" <mt@lowentropy.net<mailto:mt@lowentropy.net>> wrote on Tue, 05 November 2019 22:58:

      The draft specifically calls out the notion of a single point of failure being a problem.  But my experience with centralized services is that they aren't centralized in the fault tolerance sense.  If I look at the big services, that scale is only achieved with careful distributed systems design.  Name any modern service of even modest scale and you generally find excellent fault tolerance.

I thought that the document made it quite clear that it wasn't specifically referring to a single point of failure in a technical, fault tolerance sense.  In fact it made this clear by, for example, also highlighting issues such as "administrative or governance system can become weak through too much power or imagined power concentratred in one place".

      Finally, I don't like the emphasis on DNS in this document.  It only serves to sensationalize.

I thought that the reference to DNS was particularly helpful given one of the potential side-effects of the push behind DoH could be to centralise what is currently a highly decentralised system.  I agree with the comment in section 4 that "where such centralised points are created, they will eventually fail, or they will be misused through surveillance or legal actions regardless of the best efforts of the Internet community.  The best defense to data leak is to avoid creating that data store to begin with".

In addition, noting the references to RFC 1958 and RFC3935, I believe that it would be prudent for RFC8484 to be reviewed accordingly.


Andrew