Re: WCIT outcome?

Phillip Hallam-Baker <> Mon, 31 December 2012 18:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 851F621F8792 for <>; Mon, 31 Dec 2012 10:05:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.558
X-Spam-Status: No, score=-3.558 tagged_above=-999 required=5 tests=[AWL=0.040, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id uFlUPa9QSdpG for <>; Mon, 31 Dec 2012 10:05:22 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 3AEE321F8781 for <>; Mon, 31 Dec 2012 10:05:22 -0800 (PST)
Received: by with SMTP id dn14so11685475obc.16 for <>; Mon, 31 Dec 2012 10:05:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=7Ql2fqnEEXcKFKkLCjQdd7n+0LU9dCZUiAIY9Y/vWGs=; b=HrI2lmKSN/Kgt6pVIBvpiRN6g/xaX38FODsbWYd59ne7+tyw5Bj8uj1IwRitg7KQ5l Sgk8OJVm7CMlGr+/sNYZjWXOJsDT1YkmmM+bcvxJ50sxSxOoNaKrPMOtoZVJF/xh2K1/ ELzuhQcNsIkeNd0c1uZcSKKboAIOwRCyrjaUuwIeKGam9Kqo8Yn29xpELXH3x8ATK0u/ 1+VsQG9ItU5TlLn1676ztACr4rdziYATDxKF66t4o+Jc6FBCZvPuA3vAWryccUUNuMg0 gOxgtpB1npJSt+Na7VkT/zu/SJTxfiK2FORFJFbDcmH5PG+rCrhSlzM8mqMvfRpd18+8 QfbA==
MIME-Version: 1.0
Received: by with SMTP id ng2mr34110679obc.81.1356977121727; Mon, 31 Dec 2012 10:05:21 -0800 (PST)
Received: by with HTTP; Mon, 31 Dec 2012 10:05:21 -0800 (PST)
In-Reply-To: <a06240800cd074efd45b8@>
References: <> <> <> <> <> <a06240800cd074efd45b8@>
Date: Mon, 31 Dec 2012 13:05:21 -0500
Message-ID: <>
Subject: Re: WCIT outcome?
From: Phillip Hallam-Baker <>
To: John Day <>
Content-Type: multipart/alternative; boundary="e89a8f6438f24f142304d229dbef"
Cc: SM <>, IETF Discussion Mailing List <>, Patrik Fältström <>
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 31 Dec 2012 18:05:23 -0000

On Mon, Dec 31, 2012 at 9:51 AM, John Day <> wrote:

> **
> Phillip,
> The reason that rule is useful is that just as it is ridiculous for the US
> representative to the ITU to attempt to convey the positions of Comcast and
> Google, it is no more practical for one person to represent the position of
> Cisco or Microsoft.
> Then I take it from this comment that you believe that all forms of
> representative government (and reaching agreements) are ridiculous?

MPs and Congressmen are elected decision makers. ITU participants can make
decisions but they are not binding on anyone and only have effect if people
like me choose to implement them.

Representative democracy without the elections part has neither.

And it may have escaped your notice but pretty much every government in the
developed world tries to limit the scope of their authority these days.
They have discovered that they prefer to concentrate their influence on a
narrow scope and thus maximize it.

> Surely you don't believe that pure democracy will work?  That myth had
> been dispelled 250 years ago.

I lived in Switzerland for two years. They have a government that passes a
budget. How is yours doing?

> The process of a representative form for creating agreements seems to be
> (as flawed as it is) about the best we have come up with.

ITU is not a democratic organization, nor does it aspire to be. So it is
not representative in the slightest. Reciting slogans does not mean they
are applicable

> Wrt its application in standards outside the ITU it works the same way.
> When a voluntary standards organization organizes by country, it is to give
> voice to the small companies as well as the Ciscos and Microsofts.  The big
> guys can send 10s of people (which represents a different problem) to
> meetings all over the world.  The little companies can't afford that but
> they have an interest.  Providing the means for them to agree on what their
> interest is and to make it heard is equally important.
> It sounds like you are arguing for the hegemony of the robber barons moved
> to the 21stC.

I deal with the world as I find it. It is very difficult to change the
Internet without the support of a Microsoft or a Google or a Cisco. There
are a ten billion endpoints deployed. The real obstacle is the hegemony of
the installed base.

Where the problem comes in is when you have a proposal that requires the
> active support and participation of stakeholders like VeriSign. When I told
> the IETF that DNSSEC would be deployed in if and only if the
> opt-in proposal was accepted, I was stating the official position of a
> stakeholder whose participation was essential if DNSSEC was going to be
> deployed.
> It was a really minor change but the reason it was blocked was one
> individual had the crazy idea that blocking deployment of DNSSEC would
> cause VeriSign to lose dotcom. He was not the only person with that idea
> but he was the only person in a position to wreck all progress in the IETF
> if he didn't get his way.
> For projects like IPv6 the standards development process needs to be
> better at identifying the necessary stakeholders and ensuring that enough
> essential requirements of enough stakeholders are met. Otherwise we end up
> with yet another Proposed Standard RFC that everyone ignores.
> I would disagree slightly.  It is not task of the SDO to identify the
> necessary stakeholders but to ensure all of the stakeholder are represented
> at all levels.  The problems you describe above result from breaking that
> rule.

I think the idea that the stakeholders want to participate is a mistaken
one. VeriSign particpates in IETF. Some of the backbone providers do. But
many do not.

So the frequent result is that IETF develops a widget and the deployment
showstoppers are only discovered during deployment.

It can get really lonely pointing out to a group of people with some idea
their are bursting to implement that they need to at least talk to the
application providers they need to adopt their idea.

The question is what, if anything, is there left relating to wireline
> communication that requires agreement among *governments*?  I can't think
> of much.

They need to come to an agreement to ban cyber-sabotage like they have
banned chemical and biological weapons.

Right now we have a group of US, Russian and Chinese military types all
looking to make their careers at the forefront of the new cyber arms race.
The military managed to piss away trillions of dollars in wealth with their
cold war, now they want to do the same in cyber. The cold war was
ultimately won because the youth of East Germany simply walked away from
the regime.

Like chemical weapons, cyber weapons are far more bark than bite and what
bite there is can hit the attacker. Stuxnet and Flame were crafted to
attack Iran, the vectors were repurposed and targeted at the US days after
they were discovered. We also have the interesting precedent that the UK
has launched a cyber sabotage attack against a nuclear facility declared as
civil and under an IAEA inspection regime.

We can't stop everyone from developing cyber-sabotage capabilities but we
can push efforts that occur so far underground that they can't poison
attempts to deploy effective defenses. The US and Chinese critical
infrastructures may be separate at a physical level but they are tightly
coupled at a logical and economic level. Any weapon that affects one is at
least capable of bringing down the other.

That is the task that the ITU should be addressing. It might as well get
started on it because one consequence of the Dubai debacle is that the
remaining ITU standards efforts have been compromised.