Re: WCIT outcome?

Phillip Hallam-Baker <hallam@gmail.com> Wed, 02 January 2013 16:30 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E2DA21F8438 for <ietf@ietfa.amsl.com>; Wed, 2 Jan 2013 08:30:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.565
X-Spam-Level:
X-Spam-Status: No, score=-3.565 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id osXgti7F6rMp for <ietf@ietfa.amsl.com>; Wed, 2 Jan 2013 08:30:07 -0800 (PST)
Received: from mail-ob0-f171.google.com (mail-ob0-f171.google.com [209.85.214.171]) by ietfa.amsl.com (Postfix) with ESMTP id 7D77221F8433 for <ietf@ietf.org>; Wed, 2 Jan 2013 08:30:07 -0800 (PST)
Received: by mail-ob0-f171.google.com with SMTP id dn14so12919032obc.16 for <ietf@ietf.org>; Wed, 02 Jan 2013 08:30:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=McdWUephajfZmU7PkGUJ5JTvypre4fSGohcI+dpj4AI=; b=xphqZRuPTd6leBXmUtRuf8tP0BwC/WHmL/An9TFlkV+QDvgMJk4TwIw2hKWuMvb1qQ G8o+3qyAPBKcxuNjZjDJ4+/Wx/eKVQfC6CQfHFsSVTI19dxSUCWHfdKs8chDMdJrbrZ2 19t+36Kf99hzuh5l4eXwcRISxi6uBCdmhmOmzcSZ2vt2F1hy8+Rfco4qDYC+aTsGo7CV 33RpKe37IpiZfSD8ZK/NUI22P7R3M2Qfo6TwFsD6fK548+9bYrrdUHtfEwOprizAu4yY N86Ihuo7uAPWjnN3KdawAPtTRP/dZCtem3eKz12ZL/s9jvzpJbbeBxZgCLBkERcH0p4F 14Og==
MIME-Version: 1.0
Received: by 10.60.29.193 with SMTP id m1mr25433944oeh.36.1357144207039; Wed, 02 Jan 2013 08:30:07 -0800 (PST)
Received: by 10.76.19.43 with HTTP; Wed, 2 Jan 2013 08:30:06 -0800 (PST)
In-Reply-To: <a06240834cd09f3ec48a7@10.0.1.3>
References: <CAMm+Lwh2cHRY+Dk2_SDtZZmUbPcgRpP89u3DHUcniJDrKrX_pw@mail.gmail.com> <CAMzo+1a0-90dnjnvs48a9DcNN9DY_edF5hH0__4XRuCaLHtL6Q@mail.gmail.com> <CAMm+LwjzjLc2-=4EdxwHOi21B3dOBUohYc5hhXZHL_Pk+iBBmQ@mail.gmail.com> <6.2.5.6.2.20121229192941.0aae33e8@resistor.net> <CAMm+LwiC0xtJU4vnGFPvAG4VKZdj7Tf3LfW0+pzwxKWTegRREw@mail.gmail.com> <a06240800cd074efd45b8@10.0.1.3> <CAMm+Lwiq+DCzXw572wKs78DG+XzYsJtwCVSPvNuVHSrT=Cr2nA@mail.gmail.com> <a06240809cd0799fee029@10.0.1.3> <6.2.5.6.2.20130102023406.0b4b7d68@resistor.net> <CAMm+LwgsgaV7L-FY4MnM2Einaapo-BdiddBU+nYzTS6DMPXzQw@mail.gmail.com> <a06240834cd09f3ec48a7@10.0.1.3>
Date: Wed, 02 Jan 2013 11:30:06 -0500
Message-ID: <CAMm+Lwhcv9wSpzixYp8QOx0fwTwcmOEcPaR2-gw6V+ObB2UFaA@mail.gmail.com>
Subject: Re: WCIT outcome?
From: Phillip Hallam-Baker <hallam@gmail.com>
To: John Day <jeanjour@comcast.net>
Content-Type: multipart/alternative; boundary="e89a8ff242a15e9c1f04d250c220"
Cc: SM <sm@resistor.net>, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jan 2013 16:30:08 -0000

On Wed, Jan 2, 2013 at 9:46 AM, John Day <jeanjour@comcast.net> wrote:

> **
> Interesting as always.
>
> But beyond the illegitimate concerns, there are some important legitimate
> ones. In particular a country like France has to be concerned that if it
> gets into a trade dispute with the US that the US administration can't
> force it into submission by threatening to cut off its connection to the
> Internet or any other essential communication technology.
>
> This is not a theoretical consideration. The reason that there is no
> central repository for RFID product identifiers is that the French
> government decided that the proposals on the table would give the US the
> ability to control the sale of French products by ordering the maintainer
> of the registry not to publish them. That would effectively make it
> impossible to sell them through the electronic supply chain. So they made
> sure that the registry did not happen.
>
>
>
> Then the RFID folks had written a lousy standard.  It is pretty easy to
> design a decentralized name space methodology, such that no one can control
> the whole thing.  Regulating to protect stupidity interferes with Darwin.
> ;-)
>

Which was my on-topic conclusion.

If IETF wants to avoid government level politics then we have to design the
technology in such a way that we eliminate or mitigate any control points.

The WebPKI has been successfully deployed precisely because it has
sufficient hierarchy to  be scalable without establishing a single control
point like the PEM proposal.

I don't think we will see DNSSEC or BGPSEC being allowed to propagate
unless attention is paid to the legitimate interest of states to avoid
technology capture.


DNSSEC does not replace the WebPKI, nor does BGPSEC. But we need all three
security layers if we are going to achieve a comprehensive security
solution for the Internet. Each technology has a very specific purpose:

BGPSEC: Prevent/mitigate Denial of Service attacks through bogus route
advertisement

DNSSEC: Distribute security policy information tied to the Internet naming
system

WebPKI: Establish accountability of the parties at the Internet end points.


At the moment we have a broken system because DNSSEC is being sold as a
'free' replacement for WebPKI which is a losing proposition as (1) the cost
of deploying DNSSEC is many times the cost of buying a domain validated SSL
certificate (2) the real purpose of the WebPKI is to establish
accountability which requires a stronger credential than merely having
bought a DNS name.

-- 
Website: http://hallambaker.com/