Re: ITU-T Dubai Meeting

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 03 August 2012 07:18 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17BF221F8C7B for <ietf@ietfa.amsl.com>; Fri, 3 Aug 2012 00:18:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.465
X-Spam-Level:
X-Spam-Status: No, score=-101.465 tagged_above=-999 required=5 tests=[AWL=0.226, BAYES_00=-2.599, RCVD_ILLEGAL_IP=1.908, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9VnEarWQPURg for <ietf@ietfa.amsl.com>; Fri, 3 Aug 2012 00:18:20 -0700 (PDT)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 370CE21F8C03 for <ietf@ietf.org>; Fri, 3 Aug 2012 00:18:20 -0700 (PDT)
Received: by wgbdr13 with SMTP id dr13so200306wgb.13 for <ietf@ietf.org>; Fri, 03 Aug 2012 00:18:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=2dKtozmg8mCWPInUW7vaVZCmpxz4xHosZOv6Cus3oCY=; b=uqEN9NsC+2u1rdb6XM74wFV5eRTY6ZDnRjASC5uRtFZn3GUMEe20znS5oy/uCVcJss 0fQYm6IGFvMEc+bHyfPDgIT0SAuGjK9ndnq/3RICSRcQZWBYdmfGyEnUUpzD1geo2RLw b0ZBnpS3cpMPMMIVUaFQ+wJ7n2JkgF9d+uF/oGhvRSDj7r7BFQvWDk4e9JrX1hhrhG0/ QIpijc3GQvgevEm0tjmlF8LBQPL0B/KMhoSss982FXzkUUxg3XhRBkuAqOgmJt5CuW/f KJF5SLZ/QLo0Wz0yrRFw3TGZfs2c6niBrPXRoLRZNjGN7LYQ2KEMfY8u572uLtdhc9t9 TCFg==
Received: by 10.216.208.104 with SMTP id p82mr385275weo.119.1343978299161; Fri, 03 Aug 2012 00:18:19 -0700 (PDT)
Received: from [192.168.1.64] (host-2-102-217-126.as13285.net. [2.102.217.126]) by mx.google.com with ESMTPS id k20sm38060606wiv.11.2012.08.03.00.18.16 (version=SSLv3 cipher=OTHER); Fri, 03 Aug 2012 00:18:17 -0700 (PDT)
Message-ID: <501B7B43.70202@gmail.com>
Date: Fri, 03 Aug 2012 08:18:27 +0100
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Steven Bellovin <smb@cs.columbia.edu>
Subject: Re: ITU-T Dubai Meeting
References: <20120802184436.87A0318C11F@mercury.lcs.mit.edu> <B6033EB2-3B90-4524-A123-38852C5E2698@virtualized.org> <4401D68C-F9BB-4777-845A-A7011C50F1EA@cs.columbia.edu>
In-Reply-To: <4401D68C-F9BB-4777-845A-A7011C50F1EA@cs.columbia.edu>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org, Noel Chiappa <jnc@mercury.lcs.mit.edu>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Aug 2012 07:18:21 -0000

On 02/08/2012 21:30, Steven Bellovin wrote:
> On Aug 2, 2012, at 1:24 PM, David Conrad wrote:
> 
>> On Aug 2, 2012, at 11:44 AM, jnc@mercury.lcs.mit.edu (Noel Chiappa) wrote:
>>>> we should instead focus on the ways that the technical architecture of
>>>> the Internet creates control points that are vulnerable to capture and
>>>> consider ways in which those control points can be made capture-proof.
>>> Agreed.
>> The challenge of course is that one of the simple/efficient mechanisms to implement desirable features (e.g., security, scalability, manageability) is to create hierarchies, but those very hierarchies provide control points that can (at least in theory) be captured.  The DNS root is one such, the proposed RPKI root is another.  Perhaps a variation of the Software Engineering Dilemma ("fast, good, cheap: pick two") applies to Internet architecture: secure, scalable, manageable: pick two?
>>
>>>> If the ITU-T wants to also be in the business of handing out IPv6
>>>> address names then give then a /21 or a /16 and tell them to go
>>>> party.
>> I don't think this is what the ITU is after.  My impression is that the ITU is arguing that member states should get the /<whatever> directly.
>>
>>> I basically agree. It could have negative impacts on the routing, by impacting
>>> route aggregatability, but it can hardly be worse that those bletcherous PI
>>> addresses, so if it makes them happy to be in charge of a large /N, why not?
>> I believe the routing scalability risk lies not in the allocation body, but rather the policies imposed around the allocations.  That is, imagine a world of 200+ National Internet Registries instead of 5 Regional Internet registries.  If the government behind an NIR then decides that to use the Internet in their country, you must use addresses allocated by the NIR of that country, you then run the risk of having 200+ prefixes for each entity that operates globally.  This risk could be addressed if it didn't matter where you get your addresses, however that isn't true with the existing model and there are political pressures that would likely ensure that it would not be true in the NIR model.
> 
> 
> It also implies entry into a country through a few official gateways/exchange points -- that way, there are only ~200 entries plus your own country's that you need in your RIB...  (Telecom used to be that way -- PTTs and other monopolies (e.g., AT&T) loved it.)

Exactly. It is intended to defeat the Internet's historical growth model
of independence from national administrations and monopolies, by imposing
a geographical addressing scheme. Since the Internet actually works with
a topological addressing scheme, the effect is to force the topology
to be congruent with the geography. If you want central control, that's
a desirable result.

It isn't a harmless concession. We've been playing whack-a-mole against
this for a number of years now.

   Brian Carpenter