Home page logo
/

interesting-people logo Interesting People mailing list archives

From Declan DO READ OK-- who is saying what. Either Declan is mis-reporting or Tony is wrong or both are partilaly right or wrong.
From: David Farber <dave () farber net>
Date: Fri, 12 Sep 2008 22:36:43 -0400



Begin forwarded message:

From: Declan McCullagh <declan () well com>
Date: September 12, 2008 7:45:29 PM EDT
To: dave () farber net
Cc: Jacob Appelbaum <jacob () appelbaum net>
Subject: Re: [IP] OK-- who is saying what. Either Declan is mis- reporting or Tony is wrong or both are partilaly right or wrong.

Dave,

Before writing my article, I spent a few days talking to Tony, Steve, the ITU, and other folks involved. Here's what I found:

* The ITU's Q6/17 group is meeting next week in Geneva with an eye to having a final document finished sometime in 2009 (though one editor told me it might take longer). The proceedings are not open to the public -- I applied to attend and was rejected -- and relatively few documents are public.

* China's proposal submitted in April says the "IP traceback mechanism is required to be adapted to various network environments, such as different addressing (IPv4 and IPv6), different access methods (wire and wireless) and different access technologies (ADSL, cable, Ethernet) and etc." It adds: "To ensure traceability, essential information of the originator should be logged." See:
http://politechbot.com/docs/itu.china.internet.traceback.proposal.091108.doc

* An ITU network security meeting a few years ago concluded that anonymity should not be permitted. The summary said: "Anonymity was considered as an important problem on the Internet (may lead to criminality). Privacy is required but we should make sure that it is provided by pseudonymity rather than anonymity." See:
http://www.itu.int/itunews/issue/2002/06/discussion.html

* An ITU presentation in July from Korea said that groups such as the IETF should be "required to develop standards or guidelines" that could "facilitate tracing the source of an attacker including IP-level traceback, application-level traceback, user-level traceback." Another Korean proposal -- which has not been made public -- says all Internet providers "should have procedures to assist in the lawful traceback of security incidents." See:
http://www.itu.int/dms_pub/itu-t/oth/21/04/T21040000020095PPTE.ppt

There are two issues in dispute. The first is the purpose of the IP traceback initiative, especially given that China proposed it, that the NSA is involved (although perhaps in its infosec role), and taht some participants want to ban anonymity. On the other hand, when you have multiple parties participating in such a process, not everyone is likely to see eye-to-eye, and I'm told that that is the case here.

The second issue is whether or not the ITU document -- that Steve Bellovin says he obtained as part of a ZIP file, and then confirmed its authenticity via an independent source -- is authentic. Tony says he has never seen it. Steve says it is nevertheless legitimate. If the ITU made the Q6/17 portion of its Web archive public, we might be able to answer that for ourselves, but unfortunately it has chosen not to. The disputed document is here:
http://politechbot.com/docs/itu.traceback.use.cases.requirements.091108.txt

I admit that not everything is clear. But many things in the world fall into that category, and journalists try to report on them nevertheless, adding the proper caveats as necessary. See:
http://news.cnet.com/8301-13578_3-10040152-38.html

-Declan


David Farber wrote:
A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous. The U.S. National Security Agency is also participating in the "IP Traceback" drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public. The potential for eroding Internet users' right to remain anonymous, which is protected by law in the United States and recognized in international law by groups such as the Council of Europe, has alarmed some technologists and privacy advocates. Also affected may be services such as the Tor anonymizing network. "What's distressing is that it doesn't appear that there's been any real consideration of how this type of capability could be misused," said Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, D.C. "That's really a human rights concern." U.N. agency eyes curbs on Internet anonymity | Politics and Law - CNET News
URL: http://news.cnet.com/8301-13578_3-10040152-38.html?tag=nl.e703
A United Nations telecommunications agency is drafting a proposal called 'IP traceback' and has scheduled a meeting next week. Its potential impact on anonymity is raising alarms. Read this blog post by Declan McCullagh on News - Politics and Law.
Begin forwarded message:
From: David Farber <dave () farber net>
Date: September 11, 2008 1:15:20 PM EDT
To: "ip" <ip () v2 listbox com>
Subject: [IP] Network design and operations, not political agenda
Reply-To: dave () farber net
Begin forwarded message:
From: Tony Rutkowski <trutkowski () verisign com>
Date: September 11, 2008 12:59:21 PM EDT
To: David Farber <dave () farber net>
Subject: Network design and operations, not political agenda
A blog note was recently circulated alleging that an
"An ITU study group is apparently considering a
proposal for network traceback that includes the
following among its rationales [quote on limiting
political expression]."
The allegation is not true.
I personally helped facilitate the consideration and
adoption of the work item at the April meeting of
ITU-T Study Group 17 (security). Concerns relating both
to effective network management and well as providing a
means for international caller-ID were amalgamated to
create a new work item shepherded by editors from the
U.S., China, Japan, and Korea.   The underlying
requirements relate to network management, settlements,
infrastructure protection, and law enforcement support
that pretty much exist worldwide, and include ongoing
proceedings and legislation in the U.S. Congress, the FCC,
the European Commission, and others worldwide.
Minimally, the work will pull together valuable
information concerning techniques, platforms, and
development needs.  It has no normative stature.
The international caller-ID capability would be
a nice feature for telephony.
The political motivation text was not part of any known
ITU-T proposal and certainly not the one which I helped
facilitate.   Extensive searches for the source of the
text have yet revealed nothing.
--tony
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


  By Date           By Thread  

Current thread:
  • From Declan DO READ OK-- who is saying what. Either Declan is mis-reporting or Tony is wrong or both are partilaly right or wrong. David Farber (Sep 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault