Re: ITU-T Dubai Meeting
Doug Barton <dougb@dougbarton.us> Thu, 02 August 2012 21:30 UTC
Return-Path: <dougb@dougbarton.us>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E45E021F896D for <ietf@ietfa.amsl.com>; Thu, 2 Aug 2012 14:30:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mdkBuY+v+Ttp for <ietf@ietfa.amsl.com>; Thu, 2 Aug 2012 14:30:56 -0700 (PDT)
Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5]) by ietfa.amsl.com (Postfix) with ESMTP id 9116021F89DD for <ietf@ietf.org>; Thu, 2 Aug 2012 14:30:49 -0700 (PDT)
Received: (qmail 25039 invoked by uid 399); 2 Aug 2012 21:30:40 -0000
Received: from unknown (HELO ?172.17.127.241?) (dougb@dougbarton.us@12.207.105.210) by mail2.fluidhosting.com with ESMTPAM; 2 Aug 2012 21:30:40 -0000
X-Originating-IP: 12.207.105.210
X-Sender: dougb@dougbarton.us
Message-ID: <501AF187.3020408@dougbarton.us>
Date: Thu, 02 Aug 2012 14:30:47 -0700
From: Doug Barton <dougb@dougbarton.us>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: ITU-T Dubai Meeting
References: <20120802184436.87A0318C11F@mercury.lcs.mit.edu> <B6033EB2-3B90-4524-A123-38852C5E2698@virtualized.org>
In-Reply-To: <B6033EB2-3B90-4524-A123-38852C5E2698@virtualized.org>
X-Enigmail-Version: 1.4.3
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Aug 2012 21:30:57 -0000
On 8/2/2012 1:24 PM, David Conrad wrote: > On Aug 2, 2012, at 11:44 AM, jnc@mercury.lcs.mit.edu (Noel Chiappa) wrote: >>> we should instead focus on the ways that the technical architecture of >>> the Internet creates control points that are vulnerable to capture and >>> consider ways in which those control points can be made capture-proof. >> >> Agreed. > > The challenge of course is that one of the simple/efficient mechanisms to implement desirable features (e.g., security, scalability, manageability) is to create hierarchies, but those very hierarchies provide control points that can (at least in theory) be captured. The DNS root is one such, the proposed RPKI root is another. Perhaps a variation of the Software Engineering Dilemma ("fast, good, cheap: pick two") applies to Internet architecture: secure, scalable, manageable: pick two? > >>> If the ITU-T wants to also be in the business of handing out IPv6 >>> address names then give then a /21 or a /16 and tell them to go >>> party. > > I don't think this is what the ITU is after. My impression is that the ITU is arguing that member states should get the /<whatever> directly. > >> I basically agree. It could have negative impacts on the routing, by impacting >> route aggregatability, but it can hardly be worse that those bletcherous PI >> addresses, so if it makes them happy to be in charge of a large /N, why not? > > I believe the routing scalability risk lies not in the allocation body, but rather the policies imposed around the allocations. That is, imagine a world of 200+ National Internet Registries instead of 5 Regional Internet registries. If the government behind an NIR then decides that to use the Internet in their country, you must use addresses allocated by the NIR of that country, you then run the risk of having 200+ prefixes for each entity that operates globally. This risk could be addressed if it didn't matter where you get your addresses, however that isn't true with the existing model and there are political pressures that would likely ensure that it would not be true in the NIR model. > > There are also risks associated with upkeep of registration data, which is already a challenge with the existing limited set of registries. I imagine this would get worse with more registries. In addition to the very valid points that David made, there are also other risks. Such as, if the national government is the only source of IP addresses then they have much greater control over who can get on the network in-country. And if all of the traffic from a given country is coming into my country via the same prefix it makes it that much easier to apply censorship, tariffs, etc. The whole concept of a global network, with no centralized control, that permits (nay, encourages) the free flow of information is anathema to many national governments. They are desperate to choke that off, by any means necessary. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909)
- ITU-T Dubai Meeting Phillip Hallam-Baker
- Re: ITU-T Dubai Meeting Noel Chiappa
- Re: ITU-T Dubai Meeting SM
- Re: ITU-T Dubai Meeting David Conrad
- Re: ITU-T Dubai Meeting Steven Bellovin
- Re: ITU-T Dubai Meeting Phillip Hallam-Baker
- Re: ITU-T Dubai Meeting Doug Barton
- Re: ITU-T Dubai Meeting Steven Bellovin
- Re: ITU-T Dubai Meeting Doug Barton
- Re: ITU-T Dubai Meeting Dmitry Burkov
- Re: ITU-T Dubai Meeting Daniel Karrenberg
- Re: ITU-T Dubai Meeting Brian E Carpenter
- Re: ITU-T Dubai Meeting Patrik Fältström
- Re: ITU-T Dubai Meeting Ole Jacobsen
- Re: ITU-T Dubai Meeting David Conrad
- Re: ITU-T Dubai Meeting Mark Andrews
- Re: ITU-T Dubai Meeting Dmitry Burkov
- Re: ITU-T Dubai Meeting SM
- Re: ITU-T Dubai Meeting Daniel Karrenberg
- Re: ITU-T Dubai Meeting Randy Bush
- Re: ITU-T Dubai Meeting Steven Bellovin
- Re: ITU-T Dubai Meeting Arturo Servin
- Re: ITU-T Dubai Meeting Martin Rex
- Re: ITU-T Dubai Meeting Brian E Carpenter
- Re: ITU-T Dubai Meeting Martin Rex
- Re: ITU-T Dubai Meeting Brian E Carpenter
- Re: ITU-T Dubai Meeting Noel Chiappa
- RE: ITU-T Dubai Meeting Worley, Dale R (Dale)
- Re: ITU-T Dubai Meeting Yoav Nir
- Re: ITU-T Dubai Meeting Noel Chiappa
- Re: ITU-T Dubai Meeting Yoav Nir
- Re: ITU-T Dubai Meeting Noel Chiappa
- Re: ITU-T Dubai Meeting Yoav Nir
- Re: ITU-T Dubai Meeting Doug Barton
- Re: ITU-T Dubai Meeting Mark Andrews
- Re: ITU-T Dubai Meeting Martin Rex
- Re: ITU-T Dubai Meeting Doug Barton
- Re: ITU-T Dubai Meeting Doug Barton
- Re: ITU-T Dubai Meeting Martin Rex
- Re: ITU-T Dubai Meeting Brian E Carpenter
- Re: ITU-T Dubai Meeting Daniel Karrenberg
- Re: ITU-T Dubai Meeting David Conrad
- Re: ITU-T Dubai Meeting Arturo Servin
- Re: ITU-T Dubai Meeting Doug Barton
- Re: ITU-T Dubai Meeting Phillip Hallam-Baker
- Re: ITU-T Dubai Meeting Randy Bush
- Re: ITU-T Dubai Meeting Phillip Hallam-Baker
- Re: ITU-T Dubai Meeting Randy Bush
- Re: ITU-T Dubai Meeting Phillip Hallam-Baker
- Re: ITU-T Dubai Meeting Randy Bush
- Re: ITU-T Dubai Meeting Phillip Hallam-Baker
- Re: ITU-T Dubai Meeting Michael Richardson