Re: [ALSC-Forum] Re: a proposed action statement

From: Sandy Harris
Subject: Re: [ALSC-Forum] Re: a proposed action statement
Date: Sat, 27 Oct 2001 14:04:27 -0700
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Mike Roberts wrote:
 
> ... a group of determined religious fanatics using our own technology
> on us to cause the death of thousands of innocent people.

These same fanatics are often strongly opposed to the openness of the
Internet. Taliban banned it as "unIslamic":

http://www.dfn.org/focus/afghanistan/internetban.htm   

So one way to fight these guys is to keep the net open, and try to make
it secure enough to be useful to those who oppose various repressive
governments world wide.

> It's different now.  It's not world government because national
> governments are evil; ...

It never was, but the openness of the net has long been one force
acting to balance various gov't. excesses. 

See for example these papers on the role of electronic communication
in stopping the 1991 coup attempt in Russia: 

http://info.astrian.net/jargon/terms/k/kremvax.html
http://www.mit.edu/afs/net/user/tytso/usenet/americast/ieee/4
 
> It's serious.  It's first things first.  It's about keeping people
> from being killed by terrorist plots hatched over the net.

Yes, but also about maintaining freedom of speech, no matter who
wants police state tapping powers, or why.

> All of a sudden it matters that you know what you are talking about.
> If you are an Internet engineer, what about nailing down the RFC's
> needed for secure new functionality in the DNS?

Don't forget the appriately numbered RFC 1984, the IAB and IESG
policy statement:

| ... various governments have actual or proposed policies on access
| to cryptographic technology ... 
|
|    (a) ... export controls ...
|    (b) ... short cryptographic keys ...
|    (c) ... keys should be in the hands of the government or ...
|    (d) prohibit the use of cryptology ... 
|
| We believe that such policies are against the interests of consumers
| and the business community, are largely irrelevant to issues of
| military security, and provide only a marginal or illusory benefit
| to law enforcement agencies, ... 
|
| The IAB and IESG would like to encourage policies that allow ready
| access to uniform strong cryptographic technology for all Internet
| users in all countries.

These are the Internet Architecture Board and Internet Engineering
Steering Group, the bodies that oversee the IETF.

> Important people are watching, people who have the ability to
> nationalize you overnight if you're not carrying your weight in
> making the Internet more secure.

Methinks I'm doing my part by working on IPsec for Linux.
http://www.freeswan.org/

A difficulty with your claim above is that there are at least three
possible interpretations of "making the Internet more secure".

It could mean making the network itself more reliable, less vulnerable
to various attacks. ICANN might have role here, ensuring that contracts
require registrars to comply with various "Best Current Practise" RFCs:

ftp://ftp.isi.edu/in-notes/rfc2182.txt     Secondary DNS servers
ftp://ftp.isi.edu/in-notes/bcp/bcp46.txt   ISP security
and especially:
ftp://ftp.isi.edu/in-notes/bcp/bcp40.txt   Root name servers

Government might also have a role, for example providing funding or
tax breaks for infrastructure improvements, or allowing gov't machines
to be used as backup (secondary DNS, alternate routes, ...) for some
parts of the private infrastructure. 

I'm inclined to think the most effective single thing they could do
would be to alter laws so that companies distributing flawed software
could be held liable, irrespective of any disclaimers in their licenses.
Methinks holding them legally responsible is the only way to wake them
up, but let's not divert into that debate.

I'm much in favour of any of those moves, any attempt to make the net
more reliable and less vulnerable.

I'd support any ICANN or gov't. move to deploy much-needed security
technologies like IPsec and DNSsec more quickly. Perhaps even IPv6
since that would make IPsec universal, but I don't know enough about
the complications that would entail to have strong opinion.

> The Japanese government and the
> United States government are sending cabinet level officers to speak
> at the November ICANN meeting about how serious this really is.

The problem comes with the other two interpretations of "making the
Internet more secure". 

  Does it mean making it more secure for users, allowing them to
  communicate privately and perhaps anonymously as various IETF
  protocols (Open PGP, IPsec, SSL, ...) allow?

  Or does it mean making it easier for law enforcement and intelligence
  agencies of various nations to wiretap anyone they suspect?

I don't think the two can be reconciled or balanced.
References:
- [ALSC-Forum] Re: a proposed action statement
  - From: Mike Roberts
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]