[discuss] we need to fix what may be broken
Alejandro Pisanty
apisanty at gmail.com
Wed Apr 16 01:31:49 UTC 2014
Carlos,
there surely are many points of view on the logical consequences of
identifying these and many other issues as problems to be solved.
One of the things they surely illustrate is the advantage of loose
couplling in the growth of the Internet and its governance.
Right now, the DMARC situation is being dealt with in the email space
(including accepted standards, emerging standards, operational practice,
and users); the OpenSSL illustrates more the peculiarities of open-source
software and tests the strengths of the approach, and again is dealt with
in the OpenSSL community and its alternatives, as well as large (server,
say) and small (client, say) users.
Remember Port 25. In loosely coupled systems, it was solved fast (ten or
more years ago); in strongly coupled systems, it was only closed last year,
thus keeping open relays as a route for spam and phishing for a decade in
very significant countries. In some analyses, what is going on with DMARC
has strong, useful analogies with the Port 25 open-relay story, and lessons
from it could be applied at the very least at a framework level.
The post-Snowden state of affairs shows how the layers principle works.
Until national intelligence services agree among themselves to limit their
efforts at peeking into communications there is nothing that
high-principled declarations about privacy can change the exposure of email
and other messaging communications, nor the tracing of the origin of web
and other publications. This is "surveillance governance" and in fact the
efforts leading to NetMundial have deviated time, effort and attention
resources that would best be applied to "surveillance reform."
Fortunately, thanks to loose coupling, the IETF, the TOR community and so
many others are making it possible for those threatened by undue private or
public surveillance to harden their communications while the above goes
unsolved.
Now to NetMundial: if some players intend for the outcome of NetMundial to
be other than loose coupling (except maybe for better communication
channels, for which IGF is already the proven best), it seems that the
logical alternative is stronger coupling. If that in turn means for example
that Yahoo! must go to a sort of higher authority to ask permission to
change its one parameter, and before that have DMARC authorized and
certified as flawless and endowed with unanimous consent; or that OpenSSL
must be tested flawless against any possible present of future
vulnerability of attack before deployment, we would be entering a very
non-Internet territory.
Alejandro Pisanty
On Tue, Apr 15, 2014 at 8:00 PM, Carlos A. Afonso <ca at cafonso.ca> wrote:
> Grande George,
>
> Actually I have enumerated a partial list of symptoms (all of which
> happened or came to our knowledge in less than a year) of a broader
> problem which, yes, is a problem of Internet governance.
>
> Thinking of your girlfriend paradigm, I can think of a doctor detecting
> several apparently unrelated symptoms (all serious) to arrive at a
> diagnostic. We cannot just insist they are unrelated, or that each one
> already has someone accountable for it and will take or is taking care
> of it, like "don't worry, be happy, take this pill for your fever" etc.
>
> I read one interesting response writing that the SSL case is a problem
> of the open source community which developed it. So is TPC/IP, the IPv6
> protocols and so on -- when a system is widely adopted like these open
> source systems are, it becomes a concern for the governance of the net.
> When one of these breaks spetacularly and causes a major disaster (we
> are still reeling from the consequences of the SSL snafu), it becomes a
> major challenge for IG.
>
> How to, is the big question. Diagnostics might be plenty, but we may
> need a strategy to deal with the problems they identify in a coordinated
> fashion. Maybe the roadmap being discussed in São Paulo will help us
> find the proper directions.
>
> Thank you for your good comments.
>
> fraternal regards
>
> --c.a.
>
> On 04/15/2014 07:42 PM, George Sadowsky wrote:
> > Carlos,
> >
> > To be fair, you have enumerated a lot of issues, of which I would agree
> > that the majority are real problems. But some are not problems that
> > specifically relate to Internet governance unless you dramatically
> > expand the meaning of the term; they are the result of the availability
> > of the Internet and the inevitable migration of ALL forms of human
> > behavior to the the net.
> >
> > But most of the problems that you mention are not at issue in terms of
> > the NTIA-IANA transition. Now your intervention is perfectly OK if
> > you believe that Net Mundial should cover so many problems at so many
> > levels. If you do so, however, the current plans for the Net Mundial
> > structure are hopelessly inadequate, and we will need a meeting of at
> > least 3-4 weeks, appropriately segmented, to deal with the issues you
> raise.
> >
> > I would like again to argue strongly for well defined problem
> > statements, so that we have the possibility of addressing each
> > separately and definitively. Until we do this, the mix of generalities,
> > allegations, and misinformation will prevail.
> >
> > There’s an old joke that I think applies here.
> >
> > You take your girlfriend and some friends to a night club. She has too
> > much to drink, takes off some of her clothes, gets up on top of the
> > table and starts dancing.
> >
> > If you are embarrassed, that is _your_ problem.
> >
> > If your friends become embarrassed, that is _their_ problem.
> >
> > If your girlfriend gets arrested by the police, that is _her_ problem.
> >
> > When defining problems, it is really quite important to determine whose
> > problem it really is. I suggest that this method be applied to your
> > list of problems.
> >
> > As usual, fraternal regards,
> >
> > George
> >
> >
> >
> >
> >
> >
> > On Apr 15, 2014, at 6:07 PM, Alejandro Pisanty <apisanty at gmail.com
> > <mailto:apisanty at gmail.com>> wrote:
> >
> >> Carlos,
> >>
> >> if a request for a clear problem statement is considered
> >> stone-throwing we had better not attend NetMundial at all.
> >>
> >> I understand that the rest of the organization is trying to remain
> >> open to ideas and challenges, and surely Carlos's reaction to my
> >> polite request is not representative of the whole. I still expect
> >> Brazil to be as usual a welcoming host.
> >>
> >> Alejandro Pisanty
> >>
> >>
> >> On Tue, Apr 15, 2014 at 5:04 PM, Carlos A. Afonso <ca at cafonso.ca
> >> <mailto:ca at cafonso.ca>> wrote:
> >>
> >> Dear folks, I forgot to say that I expect some hard
> stone-throwing...
> >> but also good comments.
> >>
> >> fraternal regards
> >>
> >> --c.a.
> >>
> >> On 04/15/2014 06:55 PM, Alejandro Pisanty wrote:
> >> > Carlos
> >> >
> >> > so many of your statements here are false or twisted in your
> assumed
> >> > implications that it hurts. No time to go over each of them;
> >> plus it may
> >> > become one more massive distraction. Let's go on to something
> >> concrete:
> >> >
> >> > How do you propose to fix it? can you provide an example of a
> system
> >> > that works like you wish to be the outcome of NetMundial? Like, a
> >> > country that has started some serious, scalable fixes? Direct
> >> > cause-effect links would be preferrable. Pick any paragraph if
> >> you don't
> >> > want to go over the whole list at once.
> >> >
> >> > Alejandro Pisanty
> >>
> >> _______________________________________________
> >> discuss mailing list
> >> discuss at 1net.org <mailto:discuss at 1net.org>
> >> http://1net-mail.1net.org/mailman/listinfo/discuss
> >>
> >>
> >>
> >>
> >> --
> >> - - - - - - - - - - - - - - - - - - - - - - - - - - -
> >> Dr. Alejandro Pisanty
> >> Facultad de Química UNAM
> >> Av. Universidad 3000, 04510 Mexico DF Mexico
> >> +52-1-5541444475 FROM ABROAD
> >> +525541444475 DESDE MÉXICO SMS +525541444475
> >> Blog: http://pisanty.blogspot.com <http://pisanty.blogspot.com/>
> >> LinkedIn: http://www.linkedin.com/in/pisanty
> >> Unete al grupo UNAM en LinkedIn,
> >> http://www.linkedin.com/e/gis/22285/4A106C0C8614
> >> Twitter: http://twitter.com/apisanty
> >> ---->> Unete a ISOC Mexico, http://www.isoc.org <http://www.isoc.org/>
> >> . . . . . . . . . . . . . . . .
> >> _______________________________________________
> >> discuss mailing list
> >> discuss at 1net.org <mailto:discuss at 1net.org>
> >> http://1net-mail.1net.org/mailman/listinfo/discuss
> >
>
> _______________________________________________
> discuss mailing list
> discuss at 1net.org
> http://1net-mail.1net.org/mailman/listinfo/discuss
>
--
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Dr. Alejandro Pisanty
Facultad de Química UNAM
Av. Universidad 3000, 04510 Mexico DF Mexico
+52-1-5541444475 FROM ABROAD
+525541444475 DESDE MÉXICO SMS +525541444475
Blog: http://pisanty.blogspot.com
LinkedIn: http://www.linkedin.com/in/pisanty
Unete al grupo UNAM en LinkedIn,
http://www.linkedin.com/e/gis/22285/4A106C0C8614
Twitter: http://twitter.com/apisanty
---->> Unete a ISOC Mexico, http://www.isoc.org
. . . . . . . . . . . . . . . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://1net-mail.1net.org/pipermail/discuss/attachments/20140415/fba29f0a/attachment-0001.html>
More information about the discuss
mailing list