Re: [arch-d] possible new IAB programme on Internet resilience

Christian <> Tue, 31 December 2019 17:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BE6BA1200EB for <>; Tue, 31 Dec 2019 09:20:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.219
X-Spam-Status: No, score=-1.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RKsocYUa7-AK for <>; Tue, 31 Dec 2019 09:20:33 -0800 (PST)
Received: from ( [IPv6:2001:41c8:51:8b8::184]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5D95B120058 for <>; Tue, 31 Dec 2019 09:20:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=tranquility; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject; bh=Auab9I/JtVMo8Ird9oB7MUgs/WuQt9+QNUWNCkLdSX0=; b=cRbRflFJCyE+M9x08d91VtiaaTfDEncaAX4qkgzf/9GSumXhnhz/ygiaMLHFIdKtqVgPGmQRCAdWBbbbkoqH3ivRhTYGCFVdOXiHOFSjTktm54gPnsPBAPXTBVUkthC20Rp+OxdRWaQoWIpqUo44XDBwpU60FrT3fu4e4biNevg=;
Received: from [] (helo=[]) by with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <>) id 1imLC1-0006Rd-MN; Tue, 31 Dec 2019 17:20:29 +0000
To: Vittorio Bertola <>, =?UTF-8?B?UGF0cmlrIEbDpGx0c3Ryw7Zt?= <>
References: <> <> <> <> <LO2P265MB05733E4BD5A72EDEF96D3DE2C2290@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM> <> <> <> <> <> <> <> <> <> <>
From: Christian <>
Message-ID: <>
Date: Tue, 31 Dec 2019 17:20:28 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [arch-d] possible new IAB programme on Internet resilience
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 31 Dec 2019 17:20:35 -0000

On 30/12/2019 12:04, Vittorio Bertola wrote:
>> Il 30/12/2019 12:35 Christian <> ha scritto:
>> Hi Vittorio,
>> I don't understand your objections.
>> Are they?
> This is not yet another discussion on DoH - yes I have problems with how it is being deployed, though mostly different from the ones you list(*), but this is not the topic here.


> The discussion is rather about the IETF's pretense not to be making Internet policy (DoH is just an example where this pretense has been widely challenged) and about the idea of global Internet policy-making processes.
So are you talking about Internet / technical policy or Political Policy?

I'd say IETF is heavily and overtly engaged in technical policy. The 
shift to encompass end to end security following the Snowdon revelations 
is a testament to that.

But that is not IETF engaging in political Policy. It is not saying to 
the world anything more than the utility of the Internet requires 
dependability of communications end to end.  It is clear that political 
Policy failed in providing sufficient protections for users on network 
paths which are not secure. So it makes total sense to secure them and 
do so at scale.

It makes no sense to have heavy duty data privacy and protection laws 
and for that data to be communicated routinely in the clear or for its 
path to be insecurely supported. Data paths have to be secured.

Let's for a moment assume that IETF is determining Policy in the round 
and its protocols are built to reflect that.

How is it then that these protocols are being used to both provide end 
to end connectivity through open infrastructures but also used to build 
national and regional firewalls such as in China, Russia etc. where that 
connectivity is broken and made insecure at gateway boundaries?

IETF technical policy may say something like. Doing this thing will 
break these things - be aware. It is for political Policy to then work 
out what those breakages mean for society and the law.

| (*) if you're interested in this, here is a recent panel discussion 
with multiple views:

So this followed ISPAs pretty ridiculous Internet villain award for DoH 
/ Mozilla etc. Ridiculous enough for them to hastily backtrack. Just 
because UK ISPs  and politicians have ignored for decades people who 
have made architectural warnings that depending on insecure protocol 
paths to assert laws or manage behaviour over a network is not 
sustainable, as those paths will in time either be replaced with secure 
protocols or new technologies which in either case render the practice 
and potentially the enforcement of those laws to uselessness.