Re: [perpass] Steer 750 million euro at the EC for 'future internet' the right way

Michiel Leenaars <michiel.ml@nlnet.nl> Fri, 08 April 2016 19:29 UTC

Return-Path: <michiel.ml@nlnet.nl>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B71E12D19D for <perpass@ietfa.amsl.com>; Fri, 8 Apr 2016 12:29:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnet.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DS4ckFs2e2wm for <perpass@ietfa.amsl.com>; Fri, 8 Apr 2016 12:29:14 -0700 (PDT)
Received: from open.nlnet.nl (open.nlnet.nl [185.49.140.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3A7212D10C for <perpass@ietf.org>; Fri, 8 Apr 2016 12:29:14 -0700 (PDT)
Received: from open.nlnet.nl (localhost [127.1.0.1]) by open.nlnet.nl (Postfix) with ESMTP id 68EAC295E5; Fri, 8 Apr 2016 21:29:13 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnet.nl; h= content-type:content-type:in-reply-to:mime-version:user-agent :date:date:message-id:from:from:references:subject:subject :received:received; s=gerrit; t=1460143752; x=1461958153; bh=FdF 4968JFdjHK3Gantta1ax01+5IChrgIvkHW6PI8XE=; b=H3uP0lu7ybGx9rH+FCu NcqPBKGnjFdEmSPBZYIUoulNHWJo3r0DyvT8m18HWDacCRe9W3f72F2GdW3RCYQo mdCC2QkKkK14O1dgOSg+dnmyACI9nNp6aLz4gk3F3j0BVAmPsdtW3QzcnmJ2f1Zq x73hBv0dgkOfLbzLYtrL8zOs=
X-Virus-Scanned: amavisd-new at nlnet.nl
Received: from open.nlnet.nl ([127.1.0.1]) by open.nlnet.nl (open.nlnet.nl [127.1.0.1]) (amavisd-new, port 10026) with ESMTP id uaLunANbDHyg; Fri, 8 Apr 2016 21:29:12 +0200 (CEST)
Received: from [IPv6:2001:984:2ab3:1:202:2aff:fed8:6f46] (unknown [IPv6:2001:984:2ab3:1:202:2aff:fed8:6f46]) by open.nlnet.nl (Postfix) with ESMTPSA id A3BD0295DB; Fri, 8 Apr 2016 21:29:12 +0200 (CEST)
To: Watson Ladd <watsonbladd@gmail.com>, Harry Halpin <hhalpin@w3.org>
References: <5707966C.1020100@nlnet.nl> <5707BDAE.6060800@nlnet.nl> <5707CFC5.9010700@w3.org> <CACsn0cnnOtTMB=3wQWcy5So9SOkWeiqirwg98YsLgWBn_oUSxg@mail.gmail.com>
From: Michiel Leenaars <michiel.ml@nlnet.nl>
X-Enigmail-Draft-Status: N1110
Message-ID: <5708068C.3030205@nlnet.nl>
Date: Fri, 8 Apr 2016 21:29:16 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.7.0
MIME-Version: 1.0
In-Reply-To: <CACsn0cnnOtTMB=3wQWcy5So9SOkWeiqirwg98YsLgWBn_oUSxg@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="X7n9K25u33ExtSE7fp0WAop2AVcQWtnMb"
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/OvAPjg3XEqzMzAHFCkoaQVbH2V4>
Cc: perpass@ietf.org
Subject: Re: [perpass] Steer 750 million euro at the EC for 'future internet' the right way
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2016 19:29:17 -0000

Hi Harry, Watson,

> There are fundamental architectural issues with Internet and Web
> security that cannot be fixed, only patched around.

I've spoken to the EC as well, in fact I was one of the ten invited
experts attending the closed workshop they organised some weeks ago.
Within the EC there does not seem to be much awareness let alone a
sense of great urgency in the way that the internet technical community
and in particular the people on this list feel it. None of their plans
mention surveillance, or Edward Snowden, or even the words security and
privacy.

And that is the reason why I'm informing people about this consultation
and the opportunity to get across how necessary a large investment is.
Without simple and unambiguous input from many people that we need to
free as much of this budget as possible to revisit every nook and cranny
of the design of the internet, the money will evaporate. It is the
bigger picture that is missing, and I agree with Watson that we should
not be happy with the breadcrumbs and the small wins - this 750 million
euro is exactly what is needed to address things properly. At the
standards side, at the open source side and at the practical deployment
side. Of course the NSA and its many counterparts have much much bigger
budgets, but if the EC money is used to empower the right  ideas from
the community we have a fighting chance.

We don't need to settle or even debate the technical course at this
moment, it is important now to get enough money allocated to solving the
problems of the real internet instead of surfing the hype curve with
huge projects that fail horribly. And step two is turning around the
processes at the EC, and making them compatible with the way the
internet operates - smaller, more agile, bottom up. These budgets have
been around for a long time, but I cannot name a single real success
story despite billions and billions put in - and to a large degree that
is the fault of working with a few very large consortia that suffer from
inbreeding.

To summarize: I don't think we should settle for 'patches' here and
there, we deserve a thoughtful and thorough sanitisation of the whole
architecture of the internet and of the web (issues like Rowhammer.js to
me are the beginning of the end of the Javascript era).

Anyway: hope many of you will respond. The questionnaire is here:

https://ec.europa.eu/eusurvey/runner/nextgen-internet

And I suggest to keep it simple - the more obscure and technical your
comments, the less likely it is to be included in the outcome. Simple
wording (the internet is broken, please fix it) might be the most
strategic option, although looking at the length of this mail alone I'm
afraid that it is very tempting to violate this principle.

Best,
Michiel Leenaars