RE: [members-discuss] Re: RIPE NCC Position On The ITU IPv6 Group (fwd)

Mailman List Mirror (Read Only)
1

CB3ROB scribbled:

let the riots commence 2.0....

Oh dear oh dear...

keep in mind, most telcos and ISPs (the founders and members of the
current IANA -> RIRS -> LIRs model resulting in a global internet which

is

hard to censor) do not agree on this ITU proposal...

I wonder who those ITU members are then? Are those all currently
non-internet-offering telco's?

If we allow them to go forward, this WILL result in a "per country"
easy-to-filter internet in a few years when ipv6 is the only serious
protocol left.

/me hands CB3ROB some tinfoil and mumbles : "believers, start your
FOLDING!"

we only need to point out how easy it was for the DDR to simply route
all phonecalls to "the west" through a room where people monitored
telephone conversations, and this "country specific prefix" is just

what

the ITU seems to want for the internet.

Not comparing this to the former-DDR or Chinese situation (please refer
to my tin-foil remark above) a per-country specific prefix is not
necessarily a bad thing and may even have an upside.

In order to accomplish that they want to create their own address
registry, for now "secondary" to the ISP/telco run bottom-down RIR

system

(RIPE,ARIN,APNIC,AFRINIC,APNIC) but ofcourse we can't expect it to

take

long before repressive governments start to force "the internets" "in
their country" to use only the ITU registry...

Why?

now -we- can always move our office to some other country and take our

tax

money to some other resort, not a biggie, but don't come complaining

to me

when germany at some point uses this to build their own chinese bigass

golden firewall with flames coming out of its ass to make it faster.

Sven, I think several less-democratic nations have already proven that
if they require total control of the internet within the boundaries of
their country (sic) they can and will implement this anyhow. They don't
require ITU nor the UN for this. They will just demand Cisco and Google
to implement it and the corporate chiefs will just answer "How soon?"...

methods available to isps/telcos to stop this:

- point out to governments that -we- own the internet

You don't 'own' the internet, at most you own the infra within your own
AS. At least you and others don't own my part of the internet :slight_smile:

their economy runs
over it as a "courtesy" and that we can send them back to the stoneage

at

any time we like by simply dropping 'their' traffic.

Now that is a very smart thing to say. Another reason for the UN to gain
total control... Go on, hand them more sticks.

(considering the fact that governments themselves are not capable of
running anything but a gray-cheese-with-a-dial telephone network

Hm, I was under the impression that ARPANET was a government run
network...

they need us, we don't need them

If they install legislation that forbids anyone without a license to run
a telecommunications network of ANY kind, surely you need them, with or
without ITU and/or RIR's.

Ask not what you can do for your country, ask what has your country

ever

done for you.

Oh please Sven, let's not go there :slight_smile:

we have the biggest stick in this matter.

*bzzzz* Sorry, wrong again. The government ultimately draws the longest
straw. Always... If they want to, they will.

Now let's stop folding tin hats.

2

Hm, I was under the impression that ARPANET was a government run
network...

Not since 1992......what you're looking for these days is NIPRnet and SIPRnet, and ESnet, etc, etc, etc.

ARPANET only lives on in reverse dns.....

3

keep in mind, most telcos and ISPs (the founders and members of the
current IANA -> RIRS -> LIRs model resulting in a global internet which is
hard to censor) do not agree on this ITU proposal...

I wonder who those ITU members are then? Are those all currently
non-internet-offering telco's?

Government departments/ministries? Even in the case of sector members, the folks who attend ITU generally are not the folks who attend RIR/NANOG meetings.

Not comparing this to the former-DDR or Chinese situation (please refer
to my tin-foil remark above) a per-country specific prefix is not
necessarily a bad thing and may even have an upside.

There are, of course, plusses and minuses to country based allocations. On the plus side, it makes geo-location easier. On the minus side, it makes geo-location easier. It would also likely increase the number of routing prefixes announced by multi-nationals (not that this matters all that much in the grand scheme of things). It may also greatly simplify a return to the settlements-based regime that was the norm before around 1996 or so.

However, I suspect the biggest change is that the moves where address policy is made away from the folks who are directly impacted by that policy (ISPs) to governments/PTTs. Please read some of the contributions at http://www.itu.int/net/ITU-T/ipv6/itudocs.aspx and determine for yourself whether you think they would make good policies.

In order to accomplish that they want to create their own address
registry, for now "secondary" to the ISP/telco run bottom-down RIR system
(RIPE,ARIN,APNIC,AFRINIC,APNIC) but ofcourse we can't expect it to take
long before repressive governments start to force "the internets" "in
their country" to use only the ITU registry...

Why?

Because they are repressive?

Now let's stop folding tin hats.

It has been noted in the past that you're not necessarily paranoid if they really are out to get you.

Regards,
-drc

4

And that is only the TLD label.

Is there still a DARPANET, ARPANET's successor?

5

Hm, I was under the impression that ARPANET was a government run
network...

Not since 1992......what you're looking for these days is NIPRnet and
SIPRnet, and ESnet, etc, etc, etc.

ARPANET only lives on in reverse dns.....

And that is only the TLD label.

Is there still a DARPANET, ARPANET's successor?

On the us military side the successor to Arpanet was Milnet, NIPRnet,
DDN etc.

In some respects the modern analog is DREN ESNET and so on.

6

I would not be surprised if some of the bigger providers now have bigger
networks in their test labs than the ARPANET/MILNET combo was - ISTR it was on
the order of 4,000 total nodes in the 1984 era. I remember being surprised
when my then-current employer joined both networks that the 3,000+ nodes on
Bitnet and the size of the Arpa/Mil aggregate being comparable (and Bitnet may
have been even bigger at some points).

And let's face it - the Arpa/Milnet was a test network, not a production
network.

7

It may have started as a research network, but was very much used for production activities by late 70's and early 80's.

--Ron
(Site coordinator for Arpanet IMP #3)

8

CB3ROB scribbled:

let the riots commence 2.0....

Oh dear oh dear...

keep in mind, most telcos and ISPs (the founders and members of the
current IANA -> RIRS -> LIRs model resulting in a global internet which

is

hard to censor) do not agree on this ITU proposal...

I wonder who those ITU members are then? Are those all currently
non-internet-offering telco's?

The voting members of the ITU are national governments. The telcos
get to speak at some ITU sessions and get to attend most of them,
but, they don't generally get to vote as I understand it.

If we allow them to go forward, this WILL result in a "per country"
easy-to-filter internet in a few years when ipv6 is the only serious
protocol left.

/me hands CB3ROB some tinfoil and mumbles : "believers, start your
FOLDING!"

we only need to point out how easy it was for the DDR to simply route
all phonecalls to "the west" through a room where people monitored
telephone conversations, and this "country specific prefix" is just

what

the ITU seems to want for the internet.

Not comparing this to the former-DDR or Chinese situation (please refer
to my tin-foil remark above) a per-country specific prefix is not
necessarily a bad thing and may even have an upside.

Care to explain what that could possibly be? (I simply don't see an
upside to making it easy to censor the internet by national identity).

In order to accomplish that they want to create their own address
registry, for now "secondary" to the ISP/telco run bottom-down RIR

system

(RIPE,ARIN,APNIC,AFRINIC,APNIC) but ofcourse we can't expect it to

take

long before repressive governments start to force "the internets" "in
their country" to use only the ITU registry...

Why?

Because such is the nature of repressive governments?

now -we- can always move our office to some other country and take our

tax

money to some other resort, not a biggie, but don't come complaining

to me

when germany at some point uses this to build their own chinese bigass

golden firewall with flames coming out of its ass to make it faster.

Sven, I think several less-democratic nations have already proven that
if they require total control of the internet within the boundaries of
their country (sic) they can and will implement this anyhow. They don't
require ITU nor the UN for this. They will just demand Cisco and Google
to implement it and the corporate chiefs will just answer "How soon?"...

In fact, so far, said countries have had only minimal success with this
approach. Look at the tunneling out of Iran during the recent events
and the amount of "unauthorized" information which made it out to
the world via the internet.

In general, the current internet regards censorship as damage and
routes around it. Giving repressive regimes the ability to know that
all the addresses they want to allow to communicate are in a defined
prefix would make effective censorship much easier and make
working around that problem much harder.

In spite of this fact, that is not the primary reason to oppose the ITU
proposal. Competing Internet Registry structures where one structure
is not bound by the stratagems of RFC-2050, or, for that matter, any
form of policy other than what each national IR chooses to implement
is a recipe for disaster in address policy. Imagine, for example, what
happens when $NATION decides that spammers are a good source
of revenue and starts selling them rotating address chunks for
a fee. Pretty soon, the IPv6 address space could end up looking
like the island of Nauru.

(http://www.lawanddevelopment.org/docs/nauru.pdf)

(considering the fact that governments themselves are not capable of
running anything but a gray-cheese-with-a-dial telephone network

Hm, I was under the impression that ARPANET was a government run
network...

No, ARPANET was a government sponsored network run by researchers.
The fact that it is a cooperative anarchy rather than a highly structured
centralized management structure pretty much proves that although the
government funded it and pointed in a vague development direction,
they had little to do with the implementation details and even less to
do with the operational details.

they need us, we don't need them

If they install legislation that forbids anyone without a license to run
a telecommunications network of ANY kind, surely you need them, with or
without ITU and/or RIR's.

And yet so long as a given country has at least one licensed carrier
doing some level of international IP based services it becomes almost
impossible to inflict deeper policy on what use those IP based services
are put to.

OTOH, a wide-spread crackdown of national control over prefix
distribution could make that much worse.

Owen

9

Um, actually, I would say that in all of those cases, including ARPANET when it existed, you are
dealing with a government sponsored network rather than a government run network.

Generally, in each of those cases, the government provides some or all of the money to keep
the network going, but, has very little to do with dictating policy or operational aspects of the
network.

Owen

10

Depends on what you mean. As noted, there are government-only IP
networks, some of which are not connected to the public Internet.
SIPRNET, for example, is the "Secret IP Router Network", for
lightly-classified traffic.

    --Steve Bellovin, http://www.cs.columbia.edu/~smb

11

I think DISA and DoD would argue about that claim with regard to NIPRNet and SIPRNet :slight_smile:

Antonio Querubin
808-545-5282 x3003
e-mail/xmpp: tony@lava.net

12

I meant "is there still a DARPAnet" separate and apart from its progeny,
fragments, and follow-ons.

13

Not comparing this to the former-DDR or Chinese situation (please refer
to my tin-foil remark above) a per-country specific prefix is not
necessarily a bad thing and may even have an upside.

Care to explain what that could possibly be? (I simply don't see an
upside to making it easy to censor the internet by national identity).

Maintenance of "GeoIP"-databases becomes easier and less error-prone ?

Possible less out of date because of it.

We've seen complaints about those many times on this list.

14

Care to explain what that could possibly be? (I simply don't see an
upside to making it easy to censor the internet by national identity).

Maintenance of "GeoIP"-databases becomes easier and less error-prone ?

Possible less out of date because of it.

We've seen complaints about those many times on this list.

There are much better ways to handle geolocation than reconfiguring
the structure of the IP address space. See also:
<http://tools.ietf.org/wg/geopriv/&gt;
<http://tools.ietf.org/html/draft-ietf-geopriv-http-location-delivery&gt;
<http://tools.ietf.org/html/draft-ietf-geopriv-lis-discovery&gt;
<http://tools.ietf.org/html/draft-ietf-geopriv-held-identity-extensions&gt;

Regardless of the technical merits of those specific protocols, which
have been debated here and elsewhere, geolocation is an
application-layer concept, and shouldn't be forced down onto the
network layer.

--Richard

15

I never said we should do so. :slight_smile:

I just mentioned it's possible.

16

Not comparing this to the former-DDR or Chinese situation (please refer
to my tin-foil remark above) a per-country specific prefix is not
necessarily a bad thing and may even have an upside.

Care to explain what that could possibly be? (I simply don't see an
upside to making it easy to censor the internet by national identity).

Maintenance of "GeoIP"-databases becomes easier and less error-prone ?

Um, you say that like it's a good thing.

Possible less out of date because of it.

True.

We've seen complaints about those many times on this list.

Yes, geolocation by IP is a fundamentally broken idea and process.
That's, frankly, a good thing in my opinion.

However, ignoring all of that for a moment, what makes you assume
that CIRs would only delegate prefixes within their own nation under
this scheme? I suspect several countries will likely be happy to sell
or rent address space to the highest bidder.

Owen