Re: [v6ops] [SUSPECTED SPAM] RE: Google Alert - IPv6
Ole Troan <otroan@employees.org> Fri, 27 October 2017 06:49 UTC
Return-Path: <otroan@employees.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C148139605 for <v6ops@ietfa.amsl.com>; Thu, 26 Oct 2017 23:49:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QSR07LEvwfOk for <v6ops@ietfa.amsl.com>; Thu, 26 Oct 2017 23:49:10 -0700 (PDT)
Received: from accordion.employees.org (accordion.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84517139203 for <v6ops@ietf.org>; Thu, 26 Oct 2017 23:49:10 -0700 (PDT)
Received: from [172.20.4.49] (207-47-24-11.static-ip.telepacific.net [207.47.24.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by accordion.employees.org (Postfix) with ESMTPSA id AAC992D50F8; Fri, 27 Oct 2017 06:49:09 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Ole Troan <otroan@employees.org>
X-Mailer: iPhone Mail (15A372)
In-Reply-To: <787AE7BB302AE849A7480A190F8B93300A05F0FC@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Date: Thu, 26 Oct 2017 23:49:09 -0700
Cc: Dave O'Reilly <rfc@daveor.com>, "v6ops@ietf.org" <v6ops@ietf.org>, Tore Anderson <tore@fud.no>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3A035E3A-13FC-4E7D-BD2D-46E9AE169144@employees.org>
References: <f403045ef57ac52962055bd88b84@google.com> <20395E98-DA55-447F-BEFE-CB581A88BB78@gmail.com> <alpine.DEB.2.20.1710190655260.31961@uplift.swm.pp.se> <20171019083506.6627a166@echo.ms.redpill-linpro.com> <alpine.DEB.2.20.1710190856530.31961@uplift.swm.pp.se> <787AE7BB302AE849A7480A190F8B93300A056EB5@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <CAHw9_iLWAMexrfXwsdB8duGa5ueJMofqVRqNck6DeOzA=KChqA@mail.gmail.com> <C4E37677-A2FB-49F8-B362-C29B28DFD570@daveor.com> <CE4906A4-E0CC-4C3F-A1F8-D2B5BED294D7@employees.org> <787AE7BB302AE849A7480A190F8B93300A05F0FC@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
To: mohamed.boucadair@orange.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/PSInkr4PahutrH-hfacOCVXUYGU>
Subject: Re: [v6ops] [SUSPECTED SPAM] RE: Google Alert - IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Oct 2017 06:49:13 -0000
Med, > On 26 Oct 2017, at 23:43, <mohamed.boucadair@orange.com> <mohamed.boucadair@orange.com> wrote: > > Hi Ole, > > Please see inline. > > Cheers, > Med > >> -----Message d'origine----- >> De : v6ops [mailto:v6ops-bounces@ietf.org] De la part de Ole Troan >> Envoyé : jeudi 26 octobre 2017 23:26 >> À : Dave O'Reilly >> Cc : v6ops@ietf.org; Tore Anderson >> Objet : Re: [v6ops] Google Alert - IPv6 >> >> Dave, >> >> Thanks for an eloquently written draft! >> >> Just a few things that occurred to me while reading through. >> >> Two minor comments. >> >> 1) You might want to reference the other IPv4 sharing mechanisms too >> (RFC7598, 7599 etc). Although they don't require logging by the IPv4 >> sharing operator > > [Med] A logging/binding is needed to be done by the v4 sharing operator even for A+P. Perhaps you meant the logging is not required at the BR for MAP/E-T. Not sure what you mean. The operator of a stateless A+P solution like map-e or t or lw46 does not need logging. Do you disagree with that? The server operator of course still need to log source port. While timestamp is of less importance . Ole > > , they have the same issue with source port + timestamp >> required. >> >> 2) I'd suggest you drop mentioned of suspects and criminal activity in >> general. Also it reads in places like it is written with too much of a >> particular jurisdiction in mind. >> >> Major comment: >> 3) The document talks about identifying an individual, and in places a >> subscriber endpoint. What it does identify, is the _originating network_. >> What you get is the public interface address of the customer CPE. Which >> looks like a network from the inside. >> Make it very clear that this does not identify individual hosts. And it >> might be worth noting that traffic my enter the originating network from >> outside. E.g. through VPNs, TOR exits, shared WIFI and whatnot. >> >> Best regards, >> Ole >> >> >> >> >>> On 26 Oct 2017, at 13:15, Dave O'Reilly <rfc@daveor.com> wrote: >>> >>> Hello everybody, >>> >>> I’m the author of https://tools.ietf.org/html/draft-daveor-cgn-logging- >> 01. Warren brought this thread to my attention so I would like to throw in >> a few thoughts for people to consider, if I may. I have attempted to >> address as many as possible of the points raised by others in the thread >> in one big response below. >>> >>> Thanks for taking the time to read this and I look forward to any >> feedback you might have, >>> daveor >>> >>> >>> On the topic of “CGNAT is a bad idea” >>> —————————————————————————————— >>> >>> I am not too sure how much mileage there is getting caught up in this >> point. CGNAT is out there in the world, along with a suite of other large- >> scale address sharing technologies, and although the transition to IPv6 is >> ongoing, it is painfully slow and transitionary arrangements will be >> required for the foreseeable future. >>> >>> It would be, in my opinion, remiss of the criminal justice system not to >> consider this issue. The argument that the CGNAT problem will go away if >> we were all to just move to IPv6 doesn’t help solve the murder that >> happened today or catch the person distributing child pornography on the >> Internet. >>> >>> Can we regulate our way out of this problem? >>> —————————————————————————————— >>> >>> There are plenty of business reasons why an operator might choose to >> deploy CGNAT, maybe they don’t like the risk associated with changing to >> IPv6, maybe they’re waiting for someone else to move first, maybe they >> can’t afford to migrate infrastructure, maybe they just don’t want to. >>> >>> Considering regulation as a way to adjust economic incentives, there is >> indeed an opportunity to help to shift things along in one or more >> countries through regulation, but to what extent will this help with the >> global issue of crime attribution? It is clear that if the number of >> subscribers that can be simultaneously behind a CGNAT is limited, the >> deployment of IPv6 increases, and the IPv6 adoption in Belgium bears that >> out. >>> >>> However, the obvious question to ask is - are the Belgian authorities >> catching any more criminals now that they have such a high adoption rate >> of IPv6? Has the problem of crime attribution due to CGNAT gone away for >> them, or does it actually require global adoption of IPv6? I don’t have >> answers to these questions, but before leaping on a regulatory solution it >> would be very useful to know whether the regulatory solution achieves the >> desired effect. >>> >>> Let’s also not forget that CGNAT is not uncommon in areas outside >> telecoms, such as in an increasing number of IoT deployments. >>> >>> Does migration to IPv6 actually solve the problem >>> —————————————————————————————— >>> >>> One possible solution frequently cited to the problem of CGNAT is >> migration to IPv6.However, does migration to IPv6 ACTUALLY solve the >> problem of crime attribution due to large-scale address sharing? >>> >>> Let’s also not forget that the problem is not limited to the set of >> technologies commonly referred to as CGNAT. Any large-scale IP address >> sharing technology will have a similar problem, including 4-to-6 >> technologies. Therefore, until there is total global adoption of IPv6, and >> in fact until IPv4 is no longer routable on the Internet, this problem is >> going to persist. >>> >>> The evidence is very sparse and, again, I refer to the questions that I >> posed above about the effectiveness of regulation in the Belgian case >> towards achieving the actual goal, which (for the purposes of this >> discussion) is improved crime attribution, not migration to IPv6. >>> >>> The reason I am making this point is to emphasise that the problem of >> crime attribution arising from large-scale address sharing is not going >> away in the medium term, perhaps even not in the long term. >>> >>> Alternatives to source port logging for crime attribution >>> —————————————————————————————— >>> >>> There is already regulation in place requiring ISPs to be able to >> identify their subscribers, including the requirement to identify people >> behind a CGN (within the EU at least), which is the data retention >> directive. I know that the future of this directive is unsure right now >> but today, as we write this, the legislation of every country in the EU >> requires ISPs to keep this data. The problem is that law enforcement >> agencies do not have the required information to be able to ask the ISP >> for the subscriber identity - because source ports are required and not >> logged anywhere. >>> >>> So the question becomes how to address this information gap. One >> possibility is that ISPs must record all destination IP addresses for all >> TCP connections, and I think you also refer to this possibility. This >> solution has, in my opinion, two major challenges - firstly that the >> storage requirements (and therefore the cost) for ISPs is very substantial >> indeed and secondly there are significant privacy implications arising >> from the storage of such a volume of data on (predominantly) innocent >> people. Some of the references provided by Mohamed Boucadair touch on >> these points, and they are also addressed in my draft. >>> >>> The alternative, that I propose in the Internet Draft, is that if there >> is a shift to routine logging of source port alongside IP address, this >> will achieve the same goal but with significantly less privacy >> implications and with significantly less impact on operator (meaning that, >> in my opinion at least, operators should favour this approach). >>> >>> Support for logging source port >>> —————————————————————————————— >>> >>> This is something that I study in the Internet Draft. The majority of >> server software examined support logging of source port in some way, but >> in some cases it involves enabling a distressingly high level of logging >> verbosity, and this is a scenario where I refer to source port logging as >> “Possible” but not “Feasible”. About 70% of server software that I >> examined supported logging of source port in a way that could be >> considered “Feasible”. Only one had logging of source port enabled as a >> default. >>> >>> The contribution of my Internet Draft >>> —————————————————————————————— >>> >>> The key RFC upon which my Internet Draft builds is RFC6302, which >> contains the recommendation that servers log source port. My document >> attempts to contribute to the discussion by considering (a) why, despite >> recommendations of RFC6302, source port logging is not routine and (b) to >> identify possible solutions and workarounds for some of these objections. >>> >>> The role of the IETF in this >>> —————————————————————————————— >>> >>> Right from the front page of the IETF website: "The mission of the IETF >> is to make the Internet work better by producing high quality, relevant >> technical documents that influence the way people design, use, and manage >> the Internet.” >>> >>> Large scale address sharing technologies present a challenge to the >> management of the Internet so that seems to fit right within the remit of >> the IETF to me. Correct me if I’m wrong... >>> >>> Other things I have been doing >>> —————————————————————————————— >>> >>> Finally, and for your information, I thought you might be interested to >> know what else I have been doing to try to move this conversation forward. >>> >>> You might be aware that of the OWASP (https://www.owasp.org/) who >> produce amongst many other fine documents, secure coding guidelines. One >> of the aspects of their guidance is logging and they have a list of fields >> that should be logged…and source port isn’t on it. I have been trying to >> reach out to people in OWASP to have the conversation about including >> source port in the list of fields to be logged in their guidance. So far I >> have received no response but I will keep trying. >>> >>> >>> >>> >>>> On 26 Oct 2017, at 16:00, Warren Kumari <warren@kumari.net> wrote: >>>> >>>> On Thu, Oct 19, 2017 at 5:23 AM, <mohamed.boucadair@orange.com> wrote: >>>>> Hi Mikael, Tore, all, >>>>> >>>>> You may want read: https://tools.ietf.org/html/draft-daveor-cgn- >> logging-00 which relies on the Europol threat assessment report >> (https://www.europol.europa.eu/sites/default/files/documents/europol_iocta >> _web_2016.pdf) >>>>> >>>> >>>> I'm somewhat hijacking an old thread, but it would be great if we >>>> could get some more review of draft-daveor-cgn-logging -- I know Dave >>>> would really appreciate comments / review. >>>> >>>> W >>>> >>>> >>>>> As far as the IETF is concerned, I do believe that we have done our >> part of the job: >>>>> >>>>> 1. Identify logging as an issue in address sharing: RFC 6269 >>>>> >>>>> 2. Require address sharing to enable a logging function: RFC 6269 >>>>> and RFC 6888 >>>>> >>>>> 3. Identify a minimal set of information to be logged: RFC 6269, >>>>> RFC 6888, and RFC 6908 >>>>> >>>>> 4. Identify and discuss trade-offs of solutions to achieve logging: >>>>> RFC 6269, RFC 6908 >>>>> >>>>> 5. Specify means to optimize logging (port range allocation, >>>>> deterministic NAT): draft-ietf-softwire-stateless- >>>>> 4v6-motivation, RFC 7596, RFC 7597, RFC 7599, RFC 7753, and >>>>> RFC7422 >>>>> >>>>> 6. Recommend servers to log source port: RFC 6302 >>>>> >>>>> 7. An initial survey of servers supporting source port logging: RFC >>>>> 7768 >>>>> >>>>> 8. Retrieve NAT session loggings: draft-ietf-behave-syslog-nat- >>>>> logging, draft-ietf-behave-ipfix-nat-logging >>>>> >>>>> 9. Enable address sharing logging function by means of NETCONF: >>>>> draft-ietf-opsawg-nat-yang >>>>> >>>>> 10. CPU and memory issues: RFC 6908 >>>>> >>>>> Cheers, >>>>> Med >>>>> >>>>>> -----Message d'origine----- >>>>>> De : v6ops [mailto:v6ops-bounces@ietf.org] De la part de Mikael >>>>>> Abrahamsson >>>>>> Envoyé : jeudi 19 octobre 2017 09:03 >>>>>> À : Tore Anderson >>>>>> Cc : v6ops@ietf.org >>>>>> Objet : Re: [v6ops] Google Alert - IPv6 >>>>>> >>>>>>> On Thu, 19 Oct 2017, Tore Anderson wrote: >>>>>>> >>>>>>> * Mikael Abrahamsson <swmike@swm.pp.se> >>>>>>> >>>>>>>> If they do have a port, then LEA can have a single subscriber. >>>>>>> >>>>>>> Reading the original article (linked below) I am left with the >> feeling >>>>>>> that the problem is that they generally *don't* know the source >> port, >>>>>>> and therefore end up, quote, «[unable] to identify internet >> subscribers >>>>>>> on the basis of an IP address». >>>>>>> >>>>>>> https://www.europol.europa.eu/newsroom/news/are-you-sharing-same-ip- >>>>>> address-criminal-law-enforcement-call-for-end-of-carrier-grade-nat- >> cgn-to- >>>>>> increase-accountability-online >>>>>>> >>>>>>> The article proceeds to define «CGN» as «technologies which allow >>>>>>> sharing of IPv4 addresses with multiple internet users». In that >>>>>>> context, MAP, even though it is not technically CGNAT, is just as >>>>>>> problematic (to answer Rajiv). >>>>>>> >>>>>>> C'est la vie! If Europol don't like IP address sharing, I think the >>>>>>> only thing they actually could do about it would be to put pressure >> on >>>>>>> regulators and/or lawmakers to accelerate IPv6 adoption. I >> understand >>>>>>> that's what already happened in Belgium with impressive results. >>>>>> >>>>>> So I have no idea what's really going on here, but I can imagine >> someone >>>>>> doing CGN and just NATing people left and right, and not logging >> anything. >>>>>> Then it's near impossible to find who did what. >>>>>> >>>>>> At least when I looked into this issue, the message I got back was >> that >>>>>> narrowing down the user list to a few tens of subscribers was still >> vastly >>>>>> better than no information at all. Of course LEAs don't like it, but >> it's >>>>>> a lot better than nothing. >>>>>> >>>>>> Also, services who are typically involved in being targeted for >> crimes >>>>>> should start logging the source port of whoever is talking to them. >> This >>>>>> option is available in most web servers and has been for a >> considerable >>>>>> amount of time. >>>>>> >>>>>> Mandating IPv6 is a hard sell. Mandating ISPs to log what subscriber >>>>>> accounts was behind an IPv4 address at a given point in time >> including >>>>>> port used by what account, that's less far fetched. >>>>>> >>>>>> -- >>>>>> Mikael Abrahamsson email: swmike@swm.pp.se >>>>> _______________________________________________ >>>>> v6ops mailing list >>>>> v6ops@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/v6ops >>>> >>>> >>>> >>>> -- >>>> I don't think the execution is relevant when it was obviously a bad >>>> idea in the first place. >>>> This is like putting rabid weasels in your pants, and later expressing >>>> regret at having chosen those particular rabid weasels and that pair >>>> of pants. >>>> ---maf >>>> >>>> >>>> >>>> --===============7090974386904564375==-- >>>> >>>> --===============4172498714441195205== >>>> Content-Type: text/plain; charset="us-ascii" >>>> MIME-Version: 1.0 >>>> Content-Transfer-Encoding: 7bit >>>> Content-Description: Digest Footer >>>> >>>> _______________________________________________ >>>> v6ops mailing list >>>> v6ops@ietf.org >>>> https://www.ietf.org/mailman/listinfo/v6ops >>> >>> _______________________________________________ >>> v6ops mailing list >>> v6ops@ietf.org >>> https://www.ietf.org/mailman/listinfo/v6ops >
- Re: [v6ops] Google Alert - IPv6 Paul Marks
- Re: [v6ops] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Brian E Carpenter
- Re: [v6ops] Google Alert - IPv6 Rajiv Asati (rajiva)
- Re: [v6ops] Google Alert - IPv6 Ca By
- Re: [v6ops] Google Alert - IPv6 Erik Kline
- Re: [v6ops] Google Alert - IPv6 Mikael Abrahamsson
- Re: [v6ops] Google Alert - IPv6 Tore Anderson
- Re: [v6ops] Google Alert - IPv6 Mikael Abrahamsson
- Re: [v6ops] Google Alert - IPv6 mohamed.boucadair
- Re: [v6ops] Google Alert - IPv6 Ca By
- Re: [v6ops] Google Alert - IPv6 Lorenzo Colitti
- Re: [v6ops] Google Alert - IPv6 Alexandre Petrescu
- Re: [v6ops] Google Alert - IPv6 Warren Kumari
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ca By
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 mohamed.boucadair
- Re: [v6ops] [SUSPECTED SPAM] RE: Google Alert - I… Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] RE: Google Alert - I… mohamed.boucadair
- Re: [v6ops] Google Alert - IPv6 Lee Howard
- Re: [v6ops] Google Alert - IPv6 Erik Nygren
- Re: [v6ops] Google Alert - IPv6 Lee Howard
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Fred Baker
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 Fernando Gont
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Gert Doering
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Mark Smith
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Fred Baker
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 Mark Smith
- Re: [v6ops] Google Alert - IPv6 DY Kim
- Re: [v6ops] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 DY Kim
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Mark Andrews
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Lee Howard
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 t.petch
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Mark Smith