IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Adam Novak <interfect@gmail.com> Fri, 06 September 2013 17:30 UTC

Return-Path: <interfect@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AABB21E80BE for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 10:30:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RdO5Cjq2Gj2E for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 10:30:09 -0700 (PDT)
Received: from mail-ie0-x22f.google.com (mail-ie0-x22f.google.com [IPv6:2607:f8b0:4001:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id A9C0311E80F2 for <ietf@ietf.org>; Fri, 6 Sep 2013 10:30:09 -0700 (PDT)
Received: by mail-ie0-f175.google.com with SMTP id u16so7149058iet.6 for <ietf@ietf.org>; Fri, 06 Sep 2013 10:30:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=IWF+G0bWAZXgCVWPFdtJch2N1sJztw7rY2VVpxc23m8=; b=aPhU4SYRRVsm113/evQT3fKONg8MZrOHG4l5sAp71jD7hKCYql5+xc1FFS4HoISeqt 8UNiekI1efu0Q89W0Mf64++2NzIyCTb9Fj61ds9d/4A2TsND01/0XKCzeoGjgNdc4HX3 xJpZ8i38IHEWc/dL0gKZU/8Jo+oY9fpYmnMs0q1tB8AFGg5F0XpjYYNMqSpWwx+EK0El Z7vWJdcNP4MM7PFou2suUqs7U917SR6AsR1ZkFfl88bBE3u7ba23grTYEqDzkK24In6W Tw0Zdguk47bU4otJLaoNO64TBQZR/3XngnnN+gaOIWt2Oht1cLEitxazT/gTOUOu1+gv sW5Q==
X-Received: by 10.50.13.104 with SMTP id g8mr10909628igc.30.1378488609186; Fri, 06 Sep 2013 10:30:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.50.61.101 with HTTP; Fri, 6 Sep 2013 10:29:48 -0700 (PDT)
In-Reply-To: <20130906142239.40EDB18C0DA@mercury.lcs.mit.edu>
References: <20130906142239.40EDB18C0DA@mercury.lcs.mit.edu>
From: Adam Novak <interfect@gmail.com>
Date: Fri, 06 Sep 2013 10:29:48 -0700
Message-ID: <CADPp2fCnfsyowOKqP2=zjrVK4-4tiO6vteFT2Ndh-THSwCeK8w@mail.gmail.com>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
To: Noel Chiappa <jnc@mercury.lcs.mit.edu>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 17:30:10 -0000

You're right that a flat mesh is not the best topology for
long-distance communication, especially with current routing
protocols, which require things like global lists of all routeable
prefixes.

On the protocol front, I suggest that the IETF develop routing
protocols that can work well in a flat mesh topology. Parallelizing
traffic streams over many available routes, so it all doesn't try to
take the shortest path, would appear to be a particularly important
feature, as would preventing all of a node's links from being swamped
by through traffic that other nodes want it to route.

The problem with long-distance traffic over flat mesh networks is less
with throughput (if everything isn't taking the shortest path) than
with the latencies involved in sending traffic over a very large
number of hops. I think the solution there is to send traffic that's
leaving your local area over the existing (tapable) long-distance
infrastructure. The idea is to make tapping expensive, not impossible.

There's also the point to be made that current traffic patterns depend
to a significant extent on current Internet architectural decisions.
If everyone had a gigabit connection to their neighbors, but only a 10
megabit uplink to route long-distance traffic over, they might find a
use for all that extra local bandwidth.

On Fri, Sep 6, 2013 at 7:22 AM, Noel Chiappa <jnc@mercury.lcs.mit.edu> wrote:
>     > One way to frustrate this sort of dragnet surveillance would be to
>     > reduce centralization in the Internet's architecture.
>     > ...
>     > [If] The IETF focused on developing protocols (and reserving the
>     > necessary network numbers) to facilitate direct network peering between
>     > private individuals, it could make it much more expensive to mount
>     > large-scale traffic interception attacks.
>
> I'm not sure this is viable (although it's an interesting concept).
>
> With our current routing tools, switching to a flat mesh, as opposed to the
> current fairly-structured system, would require enormous amounts of
> configuration/etc work on the part of smaller entities.
>
> Also, traffic patterns being what they are (e.g. most of my traffic goes
> quite a distance, and hardly any to things close by), everyone would wind up
> handling a lot of 'through' traffic - orders of magnitude more than their
> current traffic load.
>
>         Noel

v2.23.0 | Report a Bug | By Email