Re: [dane] Network errors ARE attacks - on the end-to-end-principle

[Andrew Sullivan <ajs@anvilwalrusden.com>]

On Tue, May 15, 2012 at 07:13:16PM -0700, John Gilmore wrote:

> "Genuine network errors" from buggy proxies or intentional firewalls
> or intentional or accidental censorship systems ARE attacks.  They are
> attacks on the fundamental end-to-end premise of the Internet.

But (1) bugs are different from intentional blockage and (2) not all
of this is strictly speaking buggy.  The fact that some ancient
gateway can't cope with RRTYPEs it doesn't know is, IMO, a disgrace;
but they can say (correctly) that they just don't implement that RFC,
and be quite right.  I would like the market to reject such devices as
useless, but it hasn't yet.

> But the end result will be that (1) users will realize they are being
> censored; (2) providers will clean up the accidental and whim-related
> censorship; and (3) users will migrate to providers who offer them
> reliable end-to-end service without interruptions for the provider's
> convenience or profit.

I suppose that the above is intended to argue that the market will
reject such devices as useless.  I think we have a first mover
principle in the way, however.  These "users" of which you speak would
need to form a fairly detailed theory of operation of the Internet in
order to understand what the problem is.  I don't believe that most of
them will, and I don't think they ought to need to either.  Therefore,
I would prefer that we build documents that permit useful incremental
addition of features to the network.

To drag this back on topic, in light of the above I need to think
harder about the argument, elsewhere in this thread, that uses 2 and 3
are also undermined by the no-answer attack, because if that's the
case then I suspect DANE is undeployable as it stands.

Best,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com