Home page logo
/

interesting-people logo Interesting People mailing list archives

The ITU vs The Internet
From: David Farber <dave () farber net>
Date: Sat, 13 Sep 2008 05:41:42 -0400



Begin forwarded message:

From: "Bob Frankston" <Bob19-0501 () bobf frankston com>
Date: September 13, 2008 12:52:21 AM EDT
To: <dave () farber net>, "'ip'" <ip () v2 listbox com>
Cc: "'Declan McCullagh'" <declan () well com>, "Steven M. Bellovin" <smb () cs columbia edu >
Subject: The ITU vs The Internet

The very idea that we can mandate traceability is an example of the damage the ITU can do even with the best intentions.

Apparently the original design of the web required backpointers. It sounds like a great idea but in practice it’s unworkable. If I rename a file on my PC do I need to notify everyone in the world who might have a link? Fortunately implementation trumped requirements.

While traceability has many political implications it’s far more problematic from a technical point of view. It means that one can’t evolve protocols. Today’s Internet compromises the end-to-end principle by depending on an IP address from a central authority. I’ve been arguing that we need to rediscover the Internet by assuring that local networks are not dependent upon a central authority for their names and addresses.

I use the example of defining a relationship between a light switch and a fixture in my house without any outside source of identity. This relationship should still be meaningful if I take the switch with me as a I travel around the world.

There can’t be a central registry of end-point identifiers nor a single global network. I need to be able to use whatever transport is available with any combination of logical and physical links. One big problem I found with the current protocols is that if I am connected to two pipes I can’t really make use of the power because each TCP connection is limited to a single path. If the relationship is independent of the path (AKA the IP address) then I could have the pockets go out either pipe and return via either but there needn’t be any inherent relationship between the two connections because I could specify the routing myself.

Instead of increasing our dependency on the IP address (and DNS) we should recognize the limitations and move on.

Imagine if we had limited the web to only those cases where backpointers could work? How could you even do that – if you shut your PC down for a few minutes …

One more point – thinking of traceback as Caller-ID also misses the point of the Internet. It harks back to the days when a call was considered complete when it rang, not when it answered. I don’t care what phone is calling, I want to know who is calling and, even better, why.

-----Original Message-----
From: David Farber [mailto:dave () farber net]
Sent: Friday, September 12, 2008 22:37
To: ip
Subject: [IP] From Declan DO READ OK-- who is saying what. Either Declan is mis-reporting or Tony is wrong or both are partilaly right or wrong.



Begin forwarded message:

From: Declan McCullagh <declan () well com>
Date: September 12, 2008 7:45:29 PM EDT
To: dave () farber net
Cc: Jacob Appelbaum <jacob () appelbaum net>
Subject: Re: [IP] OK-- who is saying what. Either  Declan is mis-
reporting or Tony is wrong or both are partilaly right or wrong.

Dave,

Before writing my article, I spent a few days talking to Tony, Steve,
the ITU, and other folks involved. Here's what I found:

* The ITU's Q6/17 group is meeting next week in Geneva with an eye to
having a final document finished sometime in 2009 (though one editor
told me it might take longer). The proceedings are not open to the
public -- I applied to attend and was rejected -- and relatively few
documents are public.

* China's proposal submitted in April says the "IP traceback mechanism
is required to be adapted to various network environments, such as
different addressing (IPv4 and IPv6), different access methods (wire
and wireless) and different access technologies (ADSL, cable,
Ethernet) and etc." It adds: "To ensure traceability, essential
information of the originator should be logged." See:
http://politechbot.com/docs/itu.china.internet.traceback.proposal.091108.doc

* An ITU network security meeting a few years ago concluded that
anonymity should not be permitted. The summary said: "Anonymity was
considered as an important problem on the Internet (may lead to
criminality). Privacy is required but we should make sure that it is
provided by pseudonymity rather than anonymity." See:
http://www.itu.int/itunews/issue/2002/06/discussion.html

* An ITU presentation in July from Korea said that groups such as the
IETF should be "required to develop standards or guidelines" that
could "facilitate tracing the source of an attacker including IP-level
traceback, application-level traceback, user-level traceback." Another
Korean proposal -- which has not been made public -- says all Internet
providers "should have procedures to assist in the lawful traceback of
security incidents." See:
http://www.itu.int/dms_pub/itu-t/oth/21/04/T21040000020095PPTE.ppt

There are two issues in dispute. The first is the purpose of the IP
traceback initiative, especially given that China proposed it, that
the NSA is involved (although perhaps in its infosec role), and taht
some participants want to ban anonymity. On the other hand, when you
have multiple parties participating in such a process, not everyone is
likely to see eye-to-eye, and I'm told that that is the case here.

The second issue is whether or not the ITU document -- that Steve
Bellovin says he obtained as part of a ZIP file, and then confirmed
its authenticity via an independent source -- is authentic. Tony says
he has never seen it. Steve says it is nevertheless legitimate. If the
ITU made the Q6/17 portion of its Web archive public, we might be able
to answer that for ourselves, but unfortunately it has chosen not to.
The disputed document is here:
http://politechbot.com/docs/itu.traceback.use.cases.requirements.091108.txt

I admit that not everything is clear. But many things in the world
fall into that category, and journalists try to report on them
nevertheless, adding the proper caveats as necessary. See:
http://news.cnet.com/8301-13578_3-10040152-38.html

-Declan


David Farber wrote:
> A United Nations agency is quietly drafting technical standards,
> proposed by the Chinese government, to define methods of tracing the
> original source of Internet communications and potentially curbing
> the ability of users to remain anonymous.
> The U.S. National Security Agency is also participating in the "IP
> Traceback" drafting group, named Q6/17, which is meeting next week
> in Geneva to work on the traceback proposal. Members of Q6/17 have
> declined to release key documents, and meetings are closed to the
> public.
> The potential for eroding Internet users' right to remain anonymous,
> which is protected by law in the United States and recognized in
> international law by groups such as the Council of Europe, has
> alarmed some technologists and privacy advocates. Also affected may
> be services such as the Tor anonymizing network.
> "What's distressing is that it doesn't appear that there's been any
> real consideration of how this type of capability could be misused,"
> said Marc Rotenberg, director of the Electronic Privacy Information
> Center in Washington, D.C. "That's really a human rights concern."
> U.N. agency eyes curbs on Internet anonymity | Politics and Law -
> CNET News
> URL: http://news.cnet.com/8301-13578_3-10040152-38.html?tag=nl.e703
> A United Nations telecommunications agency is drafting a proposal
> called 'IP traceback' and has scheduled a meeting next week. Its
> potential impact on anonymity is raising alarms. Read this blog post
> by Declan McCullagh on News - Politics and Law.
> Begin forwarded message:
> From: David Farber <dave () farber net>
> Date: September 11, 2008 1:15:20 PM EDT
> To: "ip" <ip () v2 listbox com>
> Subject: [IP] Network design and operations, not political agenda
> Reply-To: dave () farber net
> Begin forwarded message:
> From: Tony Rutkowski <trutkowski () verisign com>
> Date: September 11, 2008 12:59:21 PM EDT
> To: David Farber <dave () farber net>
> Subject: Network design and operations, not political agenda
> A blog note was recently circulated alleging that an
> "An ITU study group is apparently considering a
> proposal for network traceback that includes the
> following among its rationales [quote on limiting
> political expression]."
> The allegation is not true.
> I personally helped facilitate the consideration and
> adoption of the work item at the April meeting of
> ITU-T Study Group 17 (security). Concerns relating both
> to effective network management and well as providing a
> means for international caller-ID were amalgamated to
> create a new work item shepherded by editors from the
> U.S., China, Japan, and Korea.   The underlying
> requirements relate to network management, settlements,
> infrastructure protection, and law enforcement support
> that pretty much exist worldwide, and include ongoing
> proceedings and legislation in the U.S. Congress, the FCC,
> the European Commission, and others worldwide.
> Minimally, the work will pull together valuable
> information concerning techniques, platforms, and
> development needs.  It has no normative stature.
> The international caller-ID capability would be
> a nice feature for telephony.
> The political motivation text was not part of any known
> ITU-T proposal and certainly not the one which I helped
> facilitate.   Extensive searches for the source of the
> text have yet revealed nothing.
> --tony
> -------------------------------------------
> Archives: https://www.listbox.com/member/archive/247/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/247/
> Powered by Listbox: http://www.listbox.com
> -------------------------------------------
> Archives: https://www.listbox.com/member/archive/247/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/247/
> Powered by Listbox: http://www.listbox.com




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

  By Date           By Thread  

Current thread:
  • The ITU vs The Internet David Farber (Sep 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault