RE: [members-discuss] Re: RIPE NCC Position On The ITU IPv6 Group (fwd)
CB3ROB scribbled:
let the riots commence 2.0....
Oh dear oh dear...
keep in mind, most telcos and ISPs (the founders and members of the current IANA -> RIRS -> LIRs model resulting in a global internet which is hard to censor) do not agree on this ITU proposal...
I wonder who those ITU members are then? Are those all currently non-internet-offering telco's?
If we allow them to go forward, this WILL result in a "per country" easy-to-filter internet in a few years when ipv6 is the only serious protocol left.
/me hands CB3ROB some tinfoil and mumbles : "believers, start your FOLDING!"
we only need to point out how easy it was for the DDR to simply route all phonecalls to "the west" through a room where people monitored telephone conversations, and this "country specific prefix" is just what the ITU seems to want for the internet.
Not comparing this to the former-DDR or Chinese situation (please refer to my tin-foil remark above) a per-country specific prefix is not necessarily a bad thing and may even have an upside.
In order to accomplish that they want to create their own address registry, for now "secondary" to the ISP/telco run bottom-down RIR system (RIPE,ARIN,APNIC,AFRINIC,APNIC) but ofcourse we can't expect it to take long before repressive governments start to force "the internets" "in their country" to use only the ITU registry...
Why?
now -we- can always move our office to some other country and take our tax money to some other resort, not a biggie, but don't come complaining to me when germany at some point uses this to build their own chinese bigass
golden firewall with flames coming out of its ass to make it faster.
Sven, I think several less-democratic nations have already proven that if they require total control of the internet within the boundaries of their country (sic) they can and will implement this anyhow. They don't require ITU nor the UN for this. They will just demand Cisco and Google to implement it and the corporate chiefs will just answer "How soon?"...
methods available to isps/telcos to stop this:
- point out to governments that -we- own the internet
You don't 'own' the internet, at most you own the infra within your own AS. At least you and others don't own my part of the internet :)
their economy runs over it as a "courtesy" and that we can send them back to the stoneage at any time we like by simply dropping 'their' traffic.
Now that is a very smart thing to say. Another reason for the UN to gain total control... Go on, hand them more sticks.
(considering the fact that governments themselves are not capable of running anything but a gray-cheese-with-a-dial telephone network
Hm, I was under the impression that ARPANET was a government run network...
they need us, we don't need them
If they install legislation that forbids anyone without a license to run a telecommunications network of ANY kind, surely you need them, with or without ITU and/or RIR's.
Ask not what you can do for your country, ask what has your country ever done for you.
Oh please Sven, let's not go there :)
we have the biggest stick in this matter.
*bzzzz* Sorry, wrong again. The government ultimately draws the longest straw. Always... If they want to, they will. Now let's stop folding tin hats. -- Met vriendelijke groet / Kind Regards, Worldmax Operations B.V. Arjan van der Oest Network Design Engineer T.: +31 (0) 88 001 7912 F.: +31 (0) 88 001 7902 M.: +31 (0) 6 10 62 58 46 E.: arjan.van.der.oest@worldmax.nl W.:www.worldmax.nl W.:www.aerea.nl GPG: https://keyserver.pgp.com/ (Key ID: 07286F78, fingerprint: 2E9F 3AE2 0A8B 7579 75A9 169F 5D9E 5312 0728 6F78) Internet communications are not secure; therefore, the integrity of this e-mail cannot be guaranteed following transmission on the Internet. This e-mail may contain confidential information. If you have received this e-mail in error, please notify the sender and erase this e-mail. Use of this e-mail by any person other than the addressee is strictly forbidden. This e-mail is believed to be free of any virus that might adversely affect the addressee's computer system; however, no responsibility is accepted for any loss or damage arising in any way from its use. All the preceding disclaimers also apply to any possible attachments to this e-mail.
Hm, I was under the impression that ARPANET was a government run network...
Not since 1992......what you're looking for these days is NIPRnet and SIPRnet, and ESnet, etc, etc, etc. ARPANET only lives on in reverse dns.....
On 3/1/2010 9:55 AM, Adam Waite wrote:
Hm, I was under the impression that ARPANET was a government run network...
Not since 1992......what you're looking for these days is NIPRnet and SIPRnet, and ESnet, etc, etc, etc.
ARPANET only lives on in reverse dns.....
And that is only the TLD label. Is there still a DARPANET, ARPANET's successor? -- "Government big enough to supply everything you need is big enough to take everything you have." Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
On 03/01/2010 09:04 AM, Larry Sheldon wrote:
On 3/1/2010 9:55 AM, Adam Waite wrote:
Hm, I was under the impression that ARPANET was a government run network...
Not since 1992......what you're looking for these days is NIPRnet and SIPRnet, and ESnet, etc, etc, etc.
ARPANET only lives on in reverse dns.....
And that is only the TLD label.
Is there still a DARPANET, ARPANET's successor?
On the us military side the successor to Arpanet was Milnet, NIPRnet, DDN etc. In some respects the modern analog is DREN ESNET and so on.
On Mon, 01 Mar 2010 11:04:19 -0600 Larry Sheldon <LarrySheldon@cox.net> wrote:
On 3/1/2010 9:55 AM, Adam Waite wrote:
Hm, I was under the impression that ARPANET was a government run network...
Not since 1992......what you're looking for these days is NIPRnet and SIPRnet, and ESnet, etc, etc, etc.
ARPANET only lives on in reverse dns.....
And that is only the TLD label.
Is there still a DARPANET, ARPANET's successor?
Depends on what you mean. As noted, there are government-only IP networks, some of which are not connected to the public Internet. SIPRNET, for example, is the "Secret IP Router Network", for lightly-classified traffic. --Steve Bellovin, http://www.cs.columbia.edu/~smb
On 3/1/2010 12:53 PM, Steven M. Bellovin wrote:
On Mon, 01 Mar 2010 11:04:19 -0600 Larry Sheldon <LarrySheldon@cox.net> wrote:
On 3/1/2010 9:55 AM, Adam Waite wrote:
Hm, I was under the impression that ARPANET was a government run network...
Not since 1992......what you're looking for these days is NIPRnet and SIPRnet, and ESnet, etc, etc, etc.
ARPANET only lives on in reverse dns.....
And that is only the TLD label.
Is there still a DARPANET, ARPANET's successor?
Depends on what you mean.
I meant "is there still a DARPAnet" separate and apart from its progeny, fragments, and follow-ons. -- "Government big enough to supply everything you need is big enough to take everything you have." Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
On Mar 1, 2010, at 11:55 PM, Adam Waite wrote:
Hm, I was under the impression that ARPANET was a government run network...
Not since 1992......what you're looking for these days is NIPRnet and SIPRnet, and ESnet, etc, etc, etc.
ARPANET only lives on in reverse dns.....
Um, actually, I would say that in all of those cases, including ARPANET when it existed, you are dealing with a government sponsored network rather than a government run network. Generally, in each of those cases, the government provides some or all of the money to keep the network going, but, has very little to do with dictating policy or operational aspects of the network. Owen
On Tue, 2 Mar 2010, Owen DeLong wrote:
On Mar 1, 2010, at 11:55 PM, Adam Waite wrote:
Not since 1992......what you're looking for these days is NIPRnet and SIPRnet, and ESnet, etc, etc, etc.
Um, actually, I would say that in all of those cases, including ARPANET when it existed, you are dealing with a government sponsored network rather than a government run network.
Generally, in each of those cases, the government provides some or all of the money to keep the network going, but, has very little to do with dictating policy or operational aspects of the network.
I think DISA and DoD would argue about that claim with regard to NIPRNet and SIPRNet :) Antonio Querubin 808-545-5282 x3003 e-mail/xmpp: tony@lava.net
Date: Mon, 01 Mar 2010 16:55:43 +0100 From: Adam Waite <awaite@tuenti.com>
Hm, I was under the impression that ARPANET was a government run network...
Not since 1992......what you're looking for these days is NIPRnet and SIPRnet, and ESnet, etc, etc, etc.
While ESnet is funded by the Department of Energy and they certainly define the strategic policy of ESnet, they don't make design decisions nor get involved with the technical end of the network. ESnet is run by the University of California's Berkeley Lab under contract to the DOE. This may sound like hair splitting, but it is really very different from Fednets like NIPR and SIPR (and many, many others) including the Department of Energy's own DOEnet. Note that DOEnet is used for DOE business operations while ESnet is use support DOE funded research. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
just to undermine the ITU's (only) point, why don't we simply have IANA delegate lets say 25% of the available ipv6 space to AFRINIC and APNIC now, like, -now- already... if they're so concerned about the "developing countries" surely, most of them would be in those regions :P and that should cover their need for centuries to come... On Mon, 1 Mar 2010, Kevin Oberman wrote:
Date: Mon, 01 Mar 2010 16:55:43 +0100 From: Adam Waite <awaite@tuenti.com>
Hm, I was under the impression that ARPANET was a government run network...
Not since 1992......what you're looking for these days is NIPRnet and SIPRnet, and ESnet, etc, etc, etc.
While ESnet is funded by the Department of Energy and they certainly define the strategic policy of ESnet, they don't make design decisions nor get involved with the technical end of the network.
ESnet is run by the University of California's Berkeley Lab under contract to the DOE. This may sound like hair splitting, but it is really very different from Fednets like NIPR and SIPR (and many, many others) including the Department of Energy's own DOEnet. Note that DOEnet is used for DOE business operations while ESnet is use support DOE funded research. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
---- If you don't want to receive mails from the RIPE NCC Members Discuss list, please log in to your LIR Portal account at: http://lirportal.ripe.net/ First click on General and then click on Edit. At the bottom of the Page you can add or remove addresses.
---- If you don't want to receive mails from the RIPE NCC Members Discuss list, please log in to your LIR Portal account at: http://lirportal.ripe.net/ First click on General and then click on Edit. At the bottom of the Page you can add or remove addresses.
On Mar 1, 2010, at 7:42 AM, Arjan van der Oest wrote:
keep in mind, most telcos and ISPs (the founders and members of the current IANA -> RIRS -> LIRs model resulting in a global internet which is hard to censor) do not agree on this ITU proposal...
I wonder who those ITU members are then? Are those all currently non-internet-offering telco's?
Government departments/ministries? Even in the case of sector members, the folks who attend ITU generally are not the folks who attend RIR/NANOG meetings.
Not comparing this to the former-DDR or Chinese situation (please refer to my tin-foil remark above) a per-country specific prefix is not necessarily a bad thing and may even have an upside.
There are, of course, plusses and minuses to country based allocations. On the plus side, it makes geo-location easier. On the minus side, it makes geo-location easier. It would also likely increase the number of routing prefixes announced by multi-nationals (not that this matters all that much in the grand scheme of things). It may also greatly simplify a return to the settlements-based regime that was the norm before around 1996 or so. However, I suspect the biggest change is that the moves where address policy is made away from the folks who are directly impacted by that policy (ISPs) to governments/PTTs. Please read some of the contributions at http://www.itu.int/net/ITU-T/ipv6/itudocs.aspx and determine for yourself whether you think they would make good policies.
In order to accomplish that they want to create their own address registry, for now "secondary" to the ISP/telco run bottom-down RIR system (RIPE,ARIN,APNIC,AFRINIC,APNIC) but ofcourse we can't expect it to take long before repressive governments start to force "the internets" "in their country" to use only the ITU registry...
Why?
Because they are repressive?
Now let's stop folding tin hats.
It has been noted in the past that you're not necessarily paranoid if they really are out to get you. Regards, -drc
On Mon, 01 Mar 2010 16:42:15 +0100, Arjan van der Oest said:
(considering the fact that governments themselves are not capable of running anything but a gray-cheese-with-a-dial telephone network
Hm, I was under the impression that ARPANET was a government run network...
I would not be surprised if some of the bigger providers now have bigger networks in their test labs than the ARPANET/MILNET combo was - ISTR it was on the order of 4,000 total nodes in the 1984 era. I remember being surprised when my then-current employer joined both networks that the 3,000+ nodes on Bitnet and the size of the Arpa/Mil aggregate being comparable (and Bitnet may have been even bigger at some points). And let's face it - the Arpa/Milnet was a test network, not a production network.
On Mar 1, 2010, at 9:25 AM, Valdis.Kletnieks@vt.edu wrote:
On Mon, 01 Mar 2010 16:42:15 +0100, Arjan van der Oest said:
(considering the fact that governments themselves are not capable of running anything but a gray-cheese-with-a-dial telephone network
Hm, I was under the impression that ARPANET was a government run network...
And let's face it - the Arpa/Milnet was a test network, not a production network.
It may have started as a research network, but was very much used for production activities by late 70's and early 80's. --Ron (Site coordinator for Arpanet IMP #3)
On Mar 1, 2010, at 11:42 PM, Arjan van der Oest wrote:
CB3ROB scribbled:
let the riots commence 2.0....
Oh dear oh dear...
keep in mind, most telcos and ISPs (the founders and members of the current IANA -> RIRS -> LIRs model resulting in a global internet which is hard to censor) do not agree on this ITU proposal...
I wonder who those ITU members are then? Are those all currently non-internet-offering telco's?
The voting members of the ITU are national governments. The telcos get to speak at some ITU sessions and get to attend most of them, but, they don't generally get to vote as I understand it.
If we allow them to go forward, this WILL result in a "per country" easy-to-filter internet in a few years when ipv6 is the only serious protocol left.
/me hands CB3ROB some tinfoil and mumbles : "believers, start your FOLDING!"
we only need to point out how easy it was for the DDR to simply route all phonecalls to "the west" through a room where people monitored telephone conversations, and this "country specific prefix" is just what the ITU seems to want for the internet.
Not comparing this to the former-DDR or Chinese situation (please refer to my tin-foil remark above) a per-country specific prefix is not necessarily a bad thing and may even have an upside.
Care to explain what that could possibly be? (I simply don't see an upside to making it easy to censor the internet by national identity).
In order to accomplish that they want to create their own address registry, for now "secondary" to the ISP/telco run bottom-down RIR system (RIPE,ARIN,APNIC,AFRINIC,APNIC) but ofcourse we can't expect it to take long before repressive governments start to force "the internets" "in their country" to use only the ITU registry...
Why?
Because such is the nature of repressive governments?
now -we- can always move our office to some other country and take our tax money to some other resort, not a biggie, but don't come complaining to me when germany at some point uses this to build their own chinese bigass
golden firewall with flames coming out of its ass to make it faster.
Sven, I think several less-democratic nations have already proven that if they require total control of the internet within the boundaries of their country (sic) they can and will implement this anyhow. They don't require ITU nor the UN for this. They will just demand Cisco and Google to implement it and the corporate chiefs will just answer "How soon?"...
In fact, so far, said countries have had only minimal success with this approach. Look at the tunneling out of Iran during the recent events and the amount of "unauthorized" information which made it out to the world via the internet. In general, the current internet regards censorship as damage and routes around it. Giving repressive regimes the ability to know that all the addresses they want to allow to communicate are in a defined prefix would make effective censorship much easier and make working around that problem much harder. In spite of this fact, that is not the primary reason to oppose the ITU proposal. Competing Internet Registry structures where one structure is not bound by the stratagems of RFC-2050, or, for that matter, any form of policy other than what each national IR chooses to implement is a recipe for disaster in address policy. Imagine, for example, what happens when $NATION decides that spammers are a good source of revenue and starts selling them rotating address chunks for a fee. Pretty soon, the IPv6 address space could end up looking like the island of Nauru. (http://www.lawanddevelopment.org/docs/nauru.pdf)
(considering the fact that governments themselves are not capable of running anything but a gray-cheese-with-a-dial telephone network
Hm, I was under the impression that ARPANET was a government run network...
No, ARPANET was a government sponsored network run by researchers. The fact that it is a cooperative anarchy rather than a highly structured centralized management structure pretty much proves that although the government funded it and pointed in a vague development direction, they had little to do with the implementation details and even less to do with the operational details.
they need us, we don't need them
If they install legislation that forbids anyone without a license to run a telecommunications network of ANY kind, surely you need them, with or without ITU and/or RIR's.
And yet so long as a given country has at least one licensed carrier doing some level of international IP based services it becomes almost impossible to inflict deeper policy on what use those IP based services are put to. OTOH, a wide-spread crackdown of national control over prefix distribution could make that much worse. Owen
Not comparing this to the former-DDR or Chinese situation (please refer to my tin-foil remark above) a per-country specific prefix is not necessarily a bad thing and may even have an upside.
Care to explain what that could possibly be? (I simply don't see an upside to making it easy to censor the internet by national identity).
Maintenance of "GeoIP"-databases becomes easier and less error-prone ? Possible less out of date because of it. We've seen complaints about those many times on this list.
Care to explain what that could possibly be? (I simply don't see an upside to making it easy to censor the internet by national identity).
Maintenance of "GeoIP"-databases becomes easier and less error-prone ?
Possible less out of date because of it.
We've seen complaints about those many times on this list.
There are much better ways to handle geolocation than reconfiguring the structure of the IP address space. See also: <http://tools.ietf.org/wg/geopriv/> <http://tools.ietf.org/html/draft-ietf-geopriv-http-location-delivery> <http://tools.ietf.org/html/draft-ietf-geopriv-lis-discovery> <http://tools.ietf.org/html/draft-ietf-geopriv-held-identity-extensions> Regardless of the technical merits of those specific protocols, which have been debated here and elsewhere, geolocation is an application-layer concept, and shouldn't be forced down onto the network layer. --Richard
On 03/02/2010 11:46 PM, Richard Barnes wrote:
Care to explain what that could possibly be? (I simply don't see an upside to making it easy to censor the internet by national identity).
Maintenance of "GeoIP"-databases becomes easier and less error-prone ?
Possible less out of date because of it.
We've seen complaints about those many times on this list.
There are much better ways to handle geolocation than reconfiguring the structure of the IP address space. See also: <http://tools.ietf.org/wg/geopriv/> <http://tools.ietf.org/html/draft-ietf-geopriv-http-location-delivery> <http://tools.ietf.org/html/draft-ietf-geopriv-lis-discovery> <http://tools.ietf.org/html/draft-ietf-geopriv-held-identity-extensions>
Regardless of the technical merits of those specific protocols, which have been debated here and elsewhere, geolocation is an application-layer concept, and shouldn't be forced down onto the network layer.
--Richard
I never said we should do so. :-) I just mentioned it's possible.
On Mar 3, 2010, at 6:38 AM, Leen Besselink wrote:
Not comparing this to the former-DDR or Chinese situation (please refer to my tin-foil remark above) a per-country specific prefix is not necessarily a bad thing and may even have an upside.
Care to explain what that could possibly be? (I simply don't see an upside to making it easy to censor the internet by national identity).
Maintenance of "GeoIP"-databases becomes easier and less error-prone ?
Um, you say that like it's a good thing.
Possible less out of date because of it.
True.
We've seen complaints about those many times on this list.
Yes, geolocation by IP is a fundamentally broken idea and process. That's, frankly, a good thing in my opinion. However, ignoring all of that for a moment, what makes you assume that CIRs would only delegate prefixes within their own nation under this scheme? I suspect several countries will likely be happy to sell or rent address space to the highest bidder. Owen
participants (14)
-
Adam Waite -
Antonio Querubin -
Arjan van der Oest -
David Conrad -
Joel Jaeggli -
Kevin Oberman -
Larry Sheldon -
Leen Besselink -
Owen DeLong -
Richard Barnes -
Ron Broersma -
Steven M. Bellovin -
Sven Olaf Kamphuis -
Valdis.Kletnieks@vt.edu