Re: [dane] Network errors ARE attacks - on the end-to-end-principle

On 16 May 2012, at 04:13, John Gilmore wrote:

>> But it's better then disabling TLSA at all in the face
>> of DNS errors (where we assume most errors are genuine network errors
>> and not attacks).
> 
> "Genuine network errors" from buggy proxies or intentional firewalls
> or intentional or accidental censorship systems ARE attacks.  They are
> attacks on the fundamental end-to-end premise of the Internet.
> 
> The default state of the networking world, pre-Internet, is that
> network providers felt free to block or modify data in transit, for
> their own convenience, profit, whim, or by accident.  They'd control
> what services you could access, what channels you could watch, etc,
> etc, etc.  It was assumed that the owner of the communications channel
> had every right and every business reason to limit who you were allowed
> to talk to, and on what topics.
> 
> The Internet changed all that, making it clear what a huge benefit the
> public could derive from a system that delivered end-users' data
> end-to-end, unmodified, from anywhere, to anywhere.  Finally you could
> access YOUR CHOICE of data and services from anywhere -- not "this
> service is only available on France Telecom's Teletext system" and
> "You can't email that guy because he's on MCI Mail and you're on The
> Source".  Now that Moore's Law's newly available crunchons enabled
> today's complex radio modulations and equally complex presentation
> protocols, you can get all those same services wirelessly, instead of
> what the incumbent providers kept designing over and over ("You can
> only get this WAP-based information service on AT&T mobile phones" and
> "To watch this TV show that you've already paid for, you have to be
> physically plugged into this coaxial cable.")
> 
> Since the public rise of the Internet in the '90s was not
> cryptographically secured end-to-end, providers eventually realized
> that they could somewhat go back to their old ways of messing with
> end-users' data for their own convenience, profit, whim, or by
> accident.  Like Comcast blocking BitTorrent traffic by forging RST
> packets, AT&T Mobile deliberately dropping packets when it had the
> capacity to carry them, just to discourage "unlimited" usage, or
> certain carriers declining to carry packets for "over the top" video.
> Or shipping buggy DNS proxies that mess up Port 53 UDP traffic in
> their subnet.  Most users didn't notice, which allowed the providers
> to often get away with censoring the ones who did notice.
> 
> DNSSEC and DANE are just part of the leading edge of a trend to secure
> Internet traffic end-to-end.  This will make more such blockages and
> modifications much more apparent -- turning them from
> possibly-unnoticed inconveniences into denial-of-service failures.
> 
> But the end result will be that (1) users will realize they are being
> censored; (2) providers will clean up the accidental and whim-related
> censorship; and (3) users will migrate to providers who offer them
> reliable end-to-end service without interruptions for the provider's
> convenience or profit.
> 
> And in that way, the Internet will route around these attacks on the
> end-to-end principle.
> 
> This is a good thing, despite the distributed pain involved in fixing
> all those broken devices and misguided providers.

I completely agree. Thanks for putting it so clearly. 

> 
> 	John
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane

Social Web Architect
http://bblfish.net/