Re: [arch-d] Centralization or diversity

Stephane Bortzmeyer <bortzmeyer@nic.fr> Mon, 23 December 2019 08:09 UTC

Return-Path: <stephane@laperouse.bortzmeyer.org>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 865B2120074 for <architecture-discuss@ietfa.amsl.com>; Mon, 23 Dec 2019 00:09:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.648
X-Spam-Level:
X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4usDioQrVgiq for <architecture-discuss@ietfa.amsl.com>; Mon, 23 Dec 2019 00:09:31 -0800 (PST)
Received: from ayla.bortzmeyer.org (ayla.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fe27:3d3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3ADE212004A for <architecture-discuss@ietf.org>; Mon, 23 Dec 2019 00:09:31 -0800 (PST)
Received: by ayla.bortzmeyer.org (Postfix, from userid 10) id D3537A029B; Mon, 23 Dec 2019 09:09:28 +0100 (CET)
Received: by godin (Postfix, from userid 1000) id AA571EC0B1A; Mon, 23 Dec 2019 09:07:46 +0100 (CET)
Date: Mon, 23 Dec 2019 09:07:46 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Martin Thomson <mt@lowentropy.net>
Cc: architecture-discuss@ietf.org, Jari Arkko <jari.arkko@piuha.net>
Message-ID: <20191223080746.GB28090@laperouse.bortzmeyer.org>
References: <3db77634-6edf-4047-b758-f83a462420b7@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3db77634-6edf-4047-b758-f83a462420b7@www.fastmail.com>
X-Transport: UUCP rules
X-Operating-System: Ubuntu 18.04 (bionic)
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/nCU1fMVzWdUMzXCHuIRGwY4nRu4>
Subject: Re: [arch-d] Centralization or diversity
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Dec 2019 08:09:32 -0000

On Wed, Nov 06, 2019 at 09:58:08AM +1100,
 Martin Thomson <mt@lowentropy.net> wrote 
 a message of 25 lines which said:

> But my experience with centralized services is that they aren't
> centralized in the fault tolerance sense.  If I look at the big
> services, that scale is only achieved with careful distributed
> systems design.

I disagree. These systems are generally very homogeneous (software
and, of course, human management) so they still have SPOF. An example
is
<https://blog.cloudflare.com/details-of-the-cloudflare-outage-on-july-2-2019/>.

Centralized management is good for the administrators (less work and
better results) but may be dangerous for robustness. (That's why I
don't like the whole idea of SDN.)

> This draft really wants to say something less negative: that it values diversity on multiple axes.  The draft covers:
> 
> * fault domains geopolitical organizational
> 
> To which I might add:
> 
> * geographic
> * implementation
> * infrastructure (power, network, hardware)

And software! Many DNS zones, for instance, can be completely taken
down, if there is a 0-day vulnerability allowing to DoS all servers,
which are of the same make and version.

> Finally, I don't like the emphasis on DNS in this document.  It only
> serves to sensationalize.

Well, I disagree with the analysis of the draft (centralization to a
few public resolvers have nothing to do with DoH, it existed before)
but the problem is real. Unfortunately, we don't lack examples of
centralization.