On Mon, Jul 21, 2014 at 5:31 AM, Michael Conlen <mike@conlen.org> wrote:
On Jul 18, 2014, at 2:32 PM, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
But the part that will really bend your mind is when you realize that there is no such thing as "THE Internet".
"The Internet as "the largest equivalence class in the reflexive, transitive, symmetric closure of the relationship 'can be reached by an IP packet from'" -- Seth Breidbart.
I happen to like this idea but since we are getting picky and equivalence classes are a mathematical structure 'can be reached by an IP packet from’ is not an equivalence relation. I will use ~ as the relation and say that x ~ y if x can be reached by an IP packet from y
In particular symmetry does not hold. a ~ b implies that a can be reached by b but it does not hold that b ~ a; either because of NAT or firewall or an asymmetric routing fault. It’s also true that transitivity does not hold, a ~ b and b ~ c does not imply that a ~ c for similar reasons.
One might argue, however, that Seth's definition would hold for the original, open, end-to-end connectivity model of the internet; and that by extension, what many people think of as being on the internet, huddling behind their NATs and their firewalls, is not really truly on the internet. Yes, I realize that's a much narrower definition, and most people would argue against it; but it does rather elegantly frame "The Internet" as the set of fully-connected, unshielded IP connected hosts.
Therefore, the hypothesis that ‘can be reached by an IP packet from’ partitions the set of computers into equivalence classes fails.
Not quite; the closure *does* create an equivalence class--it's just not the one you were expecting it to be. That is, the fully-connected internet equivalence class of Seth's definition is smaller than what you'd like to consider "The Internet" to be, but it is a valid equivalence class.
Perhaps if A is the set of computers then “The Internet” is the largest subset of AxA, say B subset AxA, such for (a, b) in B the three relations hold and the relation partitions B into a single equivalence class.
That really doesn’t have the same ring to it though does it.
And one might argue that it's a more liberal interpretation of "The Internet" than what Seth had intended. As a though exercise...imagine a botnet owner that used encrypted payloads in ICMP packets for the command-and-control messages for her botnet army; no 'ack' is required, the messages simply need to make it from the control node to the zombies. She pops up a control node using unallocated, unannounced IP space; the host sends out control messages, never expecting to get responses, as the IP address it's using has no corresponding route in the global routing table. Is that control host part of "The Internet?" Seth's definition makes it clear that control host, spewing out its encrypted ICMP control messages in a one-way stream, is *not* part of "The Internet." Do we concur? Or is there some notion of that control host still being somehow part of "The Internet" because it's able to send evil nasty icky packets at the rest of the better-behaved Internet, even if we can't respond in any way? I find myself leaning towards Seth's definition, and supporting the idea that even though that host is sending a stream of IP traffic at my network, it's not part of "The Internet"--even though that conflicts with what my security team would probably say ("if it can attack me with IP datagrams, it's part of the internet."). It's actually a deceptively tough question to wrestle with.
— Mike
Thanks! Matt