These are unedited transcripts and may contain errors.
Cooperation Working GroupThursday, 15 May, 2014, at 2 p.m.:
Alan: Hello, welcome everybody. Glad to see the room is getting fuller and
fuller. In case you are interested in hearing about routing, this is the
wrong room, right.
We are talking about interconnection and for those who have attended the Bof
this morning, this is one of the topics where there is likely to be some
overlap. I am very glad with the speakers we have for this slot, first we
will have Peter Koch talking about splinter nets. I don't know if you are
old enough to have remembered the movie Highlander I know one statement,
there can only be one. Now, Peter is going to explain that there can be
more than one. I thought there was only one Internet, apparently several
flavours out, following Angela Merkel making a comment on the European
Internet. Peter, I can't immediately locate you. You are there. The floor
is yours.
PETER KOCH: Good afternoon. I am going to talk to you about multiple
internets, multiple personalities, you name it, starting with multiple
personalities. I do work for DENIC but it has nothing to do with this
presentation except having paid my ticket so in this occasion, this is in a
personal capacity so I have given another e?mail address from the Internet
society, which I am associated with but they are also nothing to do with
this presentation. Just to set the stage a bit.
Blame it all on me. I was for one reason, we are talking about routing, the
interesting thing is all the routing experts, hey, except ran Dee, are
probably in the Routing Working Group right now so I thought I had an easy
stage. I am going to talk about development that is we have seen recently,
post snow den, green walled and since then. Let's talk about walled
gardens.
We all love the gardens because we had a walled garden ages ago, like 25
years ago we heard the Bunte /TKAO*ET enfrom Amsterdam, the Amsterdam band
its that were trying to do something illegal back then, like attaching
things to this wired stuff that was telephone network. We are glad we have
overcome again. This again after a couple of years, well many years, we
forgot about that or others forgot about that and people rushed back to this
walled garden model. You all know, and some may like, the so?called social
media, right? We don't ? the Internet any morning, the Internet is
Facebook. Big service in the middle and just dump terminals at the end,
cool, everybody likes it. Or look at it the other way: You all have your
mobile phones and tablets and everything. What is that applications, can
you run software on that, do you control that thing? You don't. You don't
control it. I just have small doors into what formerly was known as the
Internet and these are called apps and you are willingly paid for most of
them, so much for OpenSource and free software. But we can drive that even
a bit further.
And I was kind enough to mention my, well my country's chancellor, she was a
part of the game here when she had her telephone wire tapped. Well,
actually 80 millions had, but that didn't care anybody. After that,
disclosure was made and was made public, there was an outcry and something
should be done, this whole surveillance stuff, right? So, if foreign
offices, foreign institutions, foreign services, are eavesdropping on some
country's people, what should be done? Well, obviously the biggest problem
is the traffic is leaving the country and everything should stay in there,
so people came up with the idea to have a Deutschland net, a network
restricted to Germany. A bit later, somebody discovered, hang on, there is
something called Europe these days, so we might expand this, and let's give
another try and call it Schegenets. And you might actually see the ironry
here because it's not called Europe Net, it's not called EU Net, it's called
ShengNets. Five Is isn't part of Shengen.
So that is the one part.
The other one I will talk shortly about is another example of a walled
garden, not the whole Internet in national boxes but a specific service, a
service that some of you maybe don't even remember, which is e?mail, because
it's all the web today, right?
So, assume you are an incumbent and you have a great plan and you may want
to say a great deception plan, so you have heard your chancellor or
whatever, president, call you and say you need to protect your people, there
is somebody eavesdropping on this, foreign intelligence is really driving us
mad, OK. So, the big incumbent says we don't peer, we are at peer 0, we
don't do that, everybody should buy services from us and, you know, this
whole problem is only there because some traffic is actually crossing the
country's borders, and that is a bad thing. It's a security risk because,
as soon as packets leave the country, they can be eaves dropped on, not that
they couldn't be eavesdropped on in the country that doesn't really fit the
marketing picture here.
And you know what? If just everybody would buy service from us and would
connect, that would not be a problem, we could actually serve the whole
country.
So, we should start an initiative and call it, as I said, the German net,
the ShengNet, you name it and give it a shiny name and that was the rename
already, and yeah, we can just look at our many bank accounts and enjoy the
money that comes in. And by the way, this whole encryption thing, this is
geek stuff, too expensive and complicated, we don't need that, just keep the
packets inside the country.
Fine. So we have some meetings, you have high government officials, you
have lots of CEOs in the room, and you declare this and everything is fine,
and no questions asked. Here is some of the questions not asked: How much
are the ?? other traffic is really crossing the borders? How much of the
traffic is, you could say, intentionally crossing the borders because we
tend to talk or communicate with other people. We are using not only
services that are provided inside the country, some people may have heard of
an American enterprise called Google or Irish or whatever for that matter.
Maybe have service inside the country but may have other systems outside,
and actually, it isn't illegal to use other countries' services, either.
And if the traffic is crossing the borders, traffic that has a source and a
destination inside the country at what layer is it crossing the border? Is
it the IP layer, is it just the fibre that is running around, are people
doing MPLS or other stuff? How can I distinguish and control that?
And last not least, why is it safer inside the country, because foreign
intelligence cannot interfere with that traffic or not intercept the
traffic? It's interesting to see senior officials of major Internet
exchanges being challenged on various podiums on clearly stating that there
is no foreign gear in the cab bets they operate (cabinets) or in the next
rack. Give them hard time, sometimes. Actually, it's quite obvious and a
public secret, so to speak, that these things happen. And that is just the
foreign intelligence in one country, not so much talking about the own
intelligence services, I mean.
Well, that is no problem, we have them all under legal control. Really?
Wasn't this the Internet, the Internet thing you all remember, right? So we
do cross boundary, cross?country, commerce, information, communication, and
what about that? That is completely open, completely obvious, should not be
protected from eavesdropping, because yeah you are crossing the boundary,
you are leaving the country, you are out of protection, why? Does it say
anywhere that I give up all my human rights there? How would that work?
It's fine to declare had a the packet should stay inside the country, maybe
we go to the IETF and say to them we need another packet, another bit in the
IP header that says stay in the country, there are country codes, we could
attach them into the packets or whatever fancy thing. We could also
complicate the whole routing system. That hasn't really been disclosed,
right? Interesting question for tech crowd is what is so wrong with crypto
except we probably all don't really understand the algorithms, but that is
not the problem, the application is it, and while we all love our BGP and I
come to that later, there is work in crypto on various stages, again on
various layers of the whole system, so what is so bad about that, why deny
it exists and that it helps?
And then, what was this whole thing about end?to?end, actually, right? So
encrypting lines instead of encrypting the communication between the two end
points at the user level, maybe? I am so sad that these questions never
were asked.
Another example: Starting from a serious background again. So, a couple of
years ago, I actually as well as today, everybody can make the observation
that PGP and S MIME don't work well really and I am serious. For people in
the room, for some, maybe they work but you can't really sell this, maybe
some of you can sell this but you can't really explain this to the people on
the street. There are proxy solutions that work in enterprise environments,
you have an e?mail client that does the whole crypto for you, problem is you
don't have control over your keys and that can mean anything from good to
bad but probably leans towards the bad. Just see PGP as MIME doesn't work,
the applications aren't designed well enough yet.
E?government comes up, big topic, is needed, everybody wants it. Well,
maybe. But it's a strategic decision to go there. Now, we have this best
effort Internet; that is a term that should alarm everybody. That is
because, you know, it's like he did it to the best of his abilities or he
did it with best intentions. And the best effort Internet can always only
give you best effort e?mail so we are lacking something, not only lacking
confidentiality but we are also lacking reliability, especially we don't
have provable e?mail delivery. And that is important for a particular
stakeholder, especially the government and government institutions. Because
in e?government it's important that the nation, that the government can
communicate with you. For example, they want to deliver you speeding
tickets. So, why not build a service that people can subscribe to so they
can provably and securely reliably be sent their speeding tickets and other
benefits of course, but sometimes you can't control your marketing. So what
was designed, and is available today, in Germany, is an overlay network that
is actually using IP technology. In the end, you will find out, it smells
like a bit like X 400 but done over IP ?? sorry over SMTP already. What is
this distinction between this and your normal e?mail? Well, it has vetted
entry points, ADMDs and PDMDs, so vetted entry points means there is no spam
and that is a good selling point. There is also encryption, the encryption
is hop by hop, kind of. Actually the message is encrypted, it's just not
channel encryption but to protect you from malware, unfortunately the mail
has to be opened and screened. And maybe then reencrypted afterwards but it
has to be opened in between.
It gives everybody authenticity, which is important, because if you really
government it for government communications and talking to the tax
authorities back and forth you really want to know that this information
that you don't have to pay taxes is really authentic axe, and it gives you
delivery notices and non?delivery notices, of course.
So that is something that has been designed a couple of years ago. It's not
really a wide commercial success but you can subscribe to it and use it.
Now, there is the Snowden thing. How give things like that a boost. First
of all, we need another brand name, e?mail made in Germany, not that it's
complicated and boring ?? well it is complicated a bit but hopefully not
only boring. Again, it gives you encryption for e?mail, which is good.
Although this time it's really only hop by hop, it's transport security,
start TLS for the technical people in the room. It has vetted participants,
so there is a group of e?mail providers that sat together and said well,
let's do start TLS together and then let's create a website and a brand
around this, and what they also need, not only start TLS they need a
transitive trust policy which is that everybody in this circle, you can call
it a club, if we were not on record here, somebody might think of a cartel
but I haven't said that, you need a transitive trust policy which means
everybody in this club is only forwarding e?mail under this umbrella to
somebody else who is also part of the club and not outside and doesn't
receive mail from outside and afterwards, like, flag to the user with this
nice log and tick mark on your web screen that this mail was securely
transported only.
So this looks like this. That is a couple of participants, big incumbents,
you see Deutsche Telekom, free net, web GE and I guess there are a few
others have joined recently, I think. And you see that these connections
are all locked, TLS protected and so on and so forth. It's stolen from this
URL ?? it's an http URL, but never mind. There is a https equivalent as
well. And that means there is a handful of e?mail providers who have this
regime, this agreement.
Now, again, so nice that nobody asks question. Why is it safer to keep the
e?mail in the country? Part of the agreement is that all the mail servers
have to sit and stay in Germany and the traffic is only going through
Germany. Again, yeah, because it's all under legal control, really.
Probably not. Officially, yeah, but foreign intelligence, again in the rack
next to the other rack.
Again, this strange geek idea of end?to?end encryption. Doesn't really
appeal to many people. And what is this? Does this really deliver security
in e?mail? I would say it's a great improvement, but it's much ado about
start TLS. And coincidentally, last week, a very small e?mail provider went
to the press and went to the public saying, well, we have done; we are
probably not able to join this club but we have deployed DANE and TLSA and
to bore you, that is a method to publish in the DNS, in the public Internet,
the certificates needed for anybody, member of the club or not, to receive
the necessary certificates to securely and trust worthily communicate with a
remote mail server. And then you can ask, what is wrong about the picture
here?
Well the problem is not the systems on the picture reside outside the
country, the problem I think is the whole mail system shrinks down to a
group of five or six, so it's heavily centralised. And that may be ?? and I
am flagged to stop here. That is the things I want to come to. The
Internet was about smart edge dumb core, that looks bit reversed here.
Transitive trust, as was promised on the previous slide, the previous
product, is really hard. I have not only to trust you that you don't
disclose my information, I have to trust you you that you are smart enough
and knowledgeable enough to hand it only to people who also don't disclose
the information.
Yeah, crypto I mentioned. Standard technologies, that small e?mail provider
made an interesting step saying I do open standards, I apply open standards
and I don't need these many negotiations, I can do secure transport without
that. Think about decentralisation, shrinking, five e?mail providers. And
finally and most importantly, I think, knee?jerk reactions to significant
problems and the IETF has been mentioned as having identified pervasive
monitoring as a threat and problem and so have others, so knee?jerk
reactions from the Product Management Department, it's fair, that is a
competitive society, you can do that. But it's not necessarily the way to
address problems on an architectural way. What I think is we need more
steering and architecture debate instead of just discussing products. And
that means that all of us here in the room, those people with the
technology, with the technology background that can actually stand up and
say why things don't really work, like they were described on the screen or
what the drawbacks are and what the right direction might be from a
technical and operational perspective, those people need to engage in this
discussion and yeah, that is what I would like to invite you to.
(Applause)
Alan: Any questions? I see no one walking up to the mic. Randy is getting
up.
RANDY BUSH: Just a similar data point, in the kingdom of Saudi Arabia they
were worried about the similar problem and did they have a slightly more
hierarchy structure and so the Prince responsible said something that was
brilliant, he said no data between two Saudis should leave the border. And
told the regulator, solve it. And, believe it or not, how do you solve
this? Exchange points.
AUDIENCE SPEAKER: Just one question about that German?only e?mail, does it
use DNS? Because then while the DNS queries would leave Germany, I think,
and that would be a way to, somehow, interfere ??
PETER KOCH: The previous one, yeah, it uses DNS ?? actually it uses special
domains, as in reserved for that particular purpose, but otherwise equal to
what we know, and you are right, the queries might actually leak but that
was not part of the concern. The concern was about the content of the
messages. But I agree.
AUDIENCE SPEAKER: I have a question for you. How was the take?up, it's all
costing money to put it in place but actually cost versus return, how many
people are using it, is it not something which is going to be abandoned in a
couple of years?
PETER KOCH: So on this one, I don't have the figures at hand but the ?? as
I said, this one hasn't been a wide success. Last I heard is that you
actually are encouraged and receive additional gifts if you subscribe to
this service right now. In all fairness, it's kind of ?? there is kind of a
learning curve and it's early deployment, so on and so forth, but people are
missing the selling point. On this one, it's hard to measure because there
is a huge customer base with a significant, well, I think 80?plus% market
share so this is just an add?on and obviously targeting other big e?mail
providers that may not find here and don't have their headquarters inside
the country.
BRIAN NISBET: HEAnet. Honestly, these repeated things just depress me. I
have seen so many verified e?mail systems and secure e?mail systems and all
the rest that are packaged up and sold and are clubs of one kind or another
or cabals or consortiums or whatever, and I can see what they are trying to
do every time but I have yet to see one that actually in any way is going to
succeed or, well, actually, kind of deliver what they are trying to do
without breaking large bits of what the users want to do. So, it just seems
like pouring money down a hole by a lot of people that could use it for a
lot of other things on the Internet.
PETER KOCH: I am sorry for contributing to your depression. My question is
what to do about this or other examples. As I said, you can ?? walking away
and doing this finger pointing, and then walk away is probably the wrong
thing. Also, you mentioned the users, what users want. My impression is
that they don't necessarily know what they want and they learn what they
want from these marketing campaigns, and if there is a solution that looks
better than nothing, and definitely start TLS and the encryption of the
channel is better than nothing, they might stick to that. The important
part would be to demonstrate and educate people to show what else is out
there that they should ask for, that provides them with more security and
more stability.
AUDIENCE SPEAKER: Marco SIDN, just to give you an example that I don't
necessarily have an opinion about, just to spark the discussion. I am aware
of an initiative in the Netherlands of doing something that you might call a
closed user group or something with BGP and make some sort of a small closed
network and it's not to combat pervasive monitoring, but rather, to deal
with DDoS attacks on a global scale. For example, banks may participate in
that and if they are under a huge global DDoS attack they may or may not
decide to close the network a little bit more and make it just for people in
the Netherlands, for example. Just as part of the discussion a little bit,
thank you.
PETER KOCH: Thank you.
OLAF KOLKMAN: Do you know if there is any European research funding being
pored into this crap? And whether that this work leads to formal European
standardisation? Because that would worry me a lot since form standards are
still prevalent to work that is being done in ?? for consort I can't like WC
3 IETF and a whole lot more.
PETER KOCH: I think there is a need to distinguish between the two
approaches. The e?mail thing is based on IETF standards, it works by
extension headers or ?? sorry, header fields in messages and so on. So kind
of straightforward and one of the arguments well, this is Internet standard
technology, which is true, it's just the overlay there. I have seen,
actually it's really an RFC, not an IETF document but another RFC
documenting similar kind of approach from Italy which I am no further
familiar with. That is the one part.
The other, last I read, and that was actually a hot off the press this
morning, kind of in reaction to this tiny ISP coming out of the blue, the ??
the methodology with which these certificates that are used within it this
group has kind of leaked and it was also discussed ?? was also mentioned at
the group here is planning to offer that to the IETF for standardisation.
But there hasn't ban formal statement so far but just something there. So
no direct intention ?? no direct indication that EU money is involved there.
It's basically a vendor initiative, so far.
AUDIENCE SPEAKER: John Jack from ICANN, sort of note of information to
follow up on the EU, to mention that European Commission actually publically
said this was all a very bad idea and they also referred to very similar
proposal that had been made last year to create something that was nicknamed
the Schangen area for Cloud, even issued a memo called secure Cloud
computing in October last year and went at length to explain why this kind
of nationalistic approach would be really detrimental, so one outcome from
the European Commission we should keep in mind. Thank you.
JAAP AKKERHUIS: Since you mentioned Italy, I just remembered it was
actually a proposal a couple of years ago being led by the Italian postal
service to do ?? to have .Post turn into ?? thrash that network for ?? for
using digital mail instead of snail mail. I am not sure where it got
anywhere but that was some serious talk about it for a while.
PETER KOCH: Yeah, absolutely. German post former Incumbent also has
competing product to this e?mail, for example, so there are multiple
initiatives trying to do this, right?
MEREDITH WHITTAKER: I have a quick comment. I want to echo sort of what
you said about users maybe not knowing what they want or kind of expand on
that. I think users know that they want security, they knew that a sense of
national pride may be pleasant to them, they are being sold these things. I
think what the technical community needs to do is figure out to express that
is a bait and switch in language people who would otherwise buy it can
understand. This is not providing security or what is promised in the
marketing, it is something else much more limited and not as beneficial. I
think figuring out how to translate which is already very clear, into
something that can compete with the marketing pitch at some level will be
really important in sort of staving off efforts like this.
PETER KOCH: Absolutely. I would like to reiterate, this doesn't make
things worse for the users because we have multiple venues, where we have
promoted start TLS for e?mail that is channel encryption for e?mail, even
so?called opportunistic encryption which is encrypt even if you can't verify
the identify tie of your peer so that doesn't really make it worse. The
risk is it will stop there and technologies that aren't known by the general
public, by the non?technical community and more ?? even more importantly by
regulators and other government decision?makers that they don't get a chance
and this part of the innovation isn't supported and isn't really getting
traction because it all looks well enough.
OLAF KOLKMAN: I am standing at the mic but I am not quite sure how to
phrase the comment because I have the impression that we are now zooming
into a detail of your presentation, while I think I have heard an arc in
terms of very general end?to?end Internet to something that is closing down,
and I am not quite sure if that is the conclusion that I should take and
what your message is. So, can you summarise it again? That is maybe what I
am asking.
PETER KOCH: Yeah. So message as I said when I walked through the slides is
a couple of things on this final slide, important the final two. Thinking
about this decentralisation and there is nothing that the, today's
incumbents can actually probably help with, right. If everybody uses the
same e?mail provider or if one or let's go back to Geoff Huston's
presentation from the other day; if ?? I don't know what double digit
percentage of the Internet population use a certain provider for, say,
e?mail ?? for DNS resolution, that is not necessarily against the spirit of
the Net, but it's kind of in that direction. We are moving the intelligence
and the smartness more and more into the core where this core is represented
by big players. That is the one thing. And the second one that multiple
people have repeated already and reiterated on is that we shouldn't just
bluntly call this crap, some of it probably but there are really good ideas
in there and laudable goals and initiatives, but let's not stop there. We
need to engage in the discussion and make decision?makers aware that, well,
this is only part of a picture. We have interim solutions but knee?jerk
isn't enough. We need to talk about architecture and these aspects.
AUDIENCE SPEAKER: It reminds me like a lots nodes for the whole country, as
it was applied in IBM, scaled up to the whole country. Does it mean now
will ?? Internet guys?
PETER KOCH: Yeah, you judge.
Alan: Thank you, Peter.
(Applause)
Next up is, I am really excited about, is Igor Milashevskiy, I hoped I
pronounced your name correctly, my Russian is basically non?existent. Igor
is the principal advisor to the Russian minister of telecommunications and
sits in government advisory committee for ICANN so you heard Paul talk a lot
about this issue in the last couple of days, either that or you have been
asleep, basically.
So, Igor is going to give us some thoughts, some of his observations
regarding these issues. I have basically asked him to talk about whatever
he is willing to share with us publically, that might be either on the ICANN
issues or on how the Internet is evolving in Russia so it's a very open
floor and I am very excited to have him here and very curious of what Paul
says is in alignment with his views and without further ado, Igor, please.
IGOR MILASHEVSKIY: Good afternoon. Thank you for inviting. I really
consider my participation here is really important one. I am not quite
ready for the format of the discussion so probably I will share some
statements, some thoughts and then we will discuss with answers, we hope ??
first of all, what I see here is very exciting level of discussions and
really interesting questions raised and it's a pleasure to be with you. So,
the Russian Federation first time ?? so since the Russia is first time on a
meeting, I will start from general statements. We really consider the
Internet is ?? it's a driver of development, of sustainable growth,
innovation, employment, inclusiveness in economy and society. And Russian
Internet, I will bring some figures to your attention.
So, I think that Russian Internet market is the biggest one in Europe and
our audience is 68 .7 millions users. 56 ?? more than 56 million people use
Internet every day, 48% of users are outside of big cities, in towns and the
villages. Russian language is the second one in the Internet. Our
e?commerce is taking place ?? 10th in place in the world. So in our ccTLD
domains, we have a slightly less than 5 million domain in dot RU. And more
than 800,000 in dot RF. Last year, we had 38% decrease of prices for
Internet access in Russia.
What I ?? I would express something my personal and officially, I hope you
understand. What I feel is the main problem in Internet and the main task
of all discussions and in different foras and ?? by the way, I really think
that RIPE NCC is kind of reference organisation in Internet ?? Internet
governance system. So, the target is to restore confidence, the trust to
the ICT environment and to the Internet, and the task is to develop
international instruments and mechanisms to prohibit total surveillance, the
possibility of total surveillance and guarantee the impossibility of using
the Internet for non?proper purposes, like political, unlawful. I think
it's the main idea of of present work.
I also believe that the main actor in Internet is the user. The user is key
beneficiary of Internet services and multistakeholders ?? between all
stakeholders. The user is the least protected subject in the
Internet?related relations.
So, if, in real life, the rights of users ?? right of access to information,
privacy, secrecy of communications and correspondence, freedom of opinion
and expressions, are preserved and we have the mechanisms of, to protect
these rights. For on?line environment, the process just begun recently and
we are talking about rights. But my opinion we forget about, there is no
rights without duties. We are talking about freedom but there is no freedom
without responsibility. And these things are reflected in all basic
documents like universal ?? also European Convention of Human Rights. So,
at the international level should be carefully researched questions, but
particularities of freedom of expression on?line, liability for breach of
the rights, freedoms and duties of others.
In this, I would like to express that the state and the governments are the
main defender of freedom and the security of the citizens, and the
international ?? culture, language and national identity. So, the role of
governments in ? model should be recognised. And in all discussion about
multi?stakeholding, let me mention again the situation in Russia. We have a
lot of Internet companies and registries, registrars. There is no, no
governmental participation in any of these companies. We work in really
multi?stake holding environment and, at the same time, the
multi?stakeholding model could not be effective if we ? the role of
governments. They act as guarantors of the rights and freedoms of its
citizens.
Internet governance, probably we will discuss it in ?? but what I saw in San
Paulo, it was great approach to create some general document and all
representatives of all stakeholders were very active and the level of
competence was very high, but the document is not, doesn't reflect all the
contributions and we should think about it. And when ?? the main year ?? of
these transition period, I believe is the selection of functions and it's
not good to substitute this goal by just globalisation of ICANN, selections
and functions ? I mean, the functions ?? separation of technical operation
and policy making, at least, not mention the commercial activities.
So thank you.
Alan: Thank you.
(Applause)
Could I hold you on stage for one two minutes, if anyone has a question?
AUDIENCE SPEAKER: I am from RIPE NCC and I have the following question from
an audience: From nick Casiprian, and the question is as follows: How and
who shall defend proper purposes of using the Internet?
IGOR MILASHEVSKIY: So ??
AUDIENCE SPEAKER: Only passing the message.
IGOR MILASHEVSKIY: Thank you for the question. I think the Internet is ??
is universal tool, which we could be ?? which could be used for any
purposes. It is the main purpose of the Internet, to facilitate, to be the
driver of all processes in life.
AUDIENCE SPEAKER: Thank you.
AUDIENCE SPEAKER: Thank you, Paul. Desir Ray. Thank you for all your work
that you are doing around Russian IGP and ?? I had a follow?up question on
NETmundial comments you made about ping go and ring go, ping go being the
principles of Internet governance and roadmap. Part of NETMondial document
that the /SR*UGS representatives said they could not agree with. I just
wonder (Russian) if you are going to make those concerns and comments
public, what were the concerns with these principles and what were the
concerns with the road map? Thank you.
IGOR MILASHEVSKY: I am sure we will commit it publically.
PAUL RENDEK: I wanted to thank you very much for coming here today. I have
the pleasure to serve on the IGF MAG together with you and I also have the
pleasure to be another circles where we engage together. The great thing
that happened earlier on this year was that you joined our government round
table meeting and your participation there together with the other
governments in engaging with the RIPE NCC was very much appreciated.
So, having taken this step and realising that the RIPE NCC is something
important for Russia and for Russian ?? in Russian citizens and especially
with ?? in regards to the technical community, it's great to see that you
have come here and you are willing to engage with us, so I would like to
thank you very much for coming here to the RIPE NCC and we hope we can
welcome you here again. Thank you.
IGOR MILASHEVSKY: Thank you. The pleasure is mine.
ALAN: Thank you very much, Igor, thank you for coming. I am going to give
the mic back to Maria and sorry encroaching on your time slots.
MARIA HALL: We have a competition also in our Cooperation Working Group,
battling about the mic here. No, we don't really, thank you so much for
this slot in the session and we move on to the next subject which is
encryption, which has been touched upon earlier today and of course also
with Peter talking about that, so I would welcome Randy Bush on stage to
talk a little bit of that and I hope he is going to mention the very
important cryptic project that is soon at this together with many other good
organisations and so on. So the stage is yours. Maybe have this one.
RANDY BUSH: Hi, I am Randy Bush, I am an American and of course we don't
have any of these problems. That is why I live in Japan. And if you think
that is any better, forget it. Right? Pete seeinger once had a song I wand
to go an Dora because they only spend nine dollars and 40 cents on arment in
their defence.
This stuff makes you angry. I am going to talk about something we call
hardware security modules. And this is the basis of high speed encryption,
key storage, etc., here is a Wikipedia definition, I won't read it to you
and I won't make you read it. Hardware security modules are used for
locking up keys, principally. So, holding the private key for DNSSEC, RPKI,
PGP, SSH, whatever you want, locks box for private keys and by that I mean
it is responsible for seeing that the private key cannot be seen, period, by
anybody. And you will see some extreme defensive measures coming up. It's
also for encryption and decryption, VPNs, etc.
The need is every week we see a new horror about crypto and privacy. You
have seen the spy mall catalogue where my wonderful government diverts your
Amazon shipments and puts in things to transmit to them what you are typing.
Just amazing stuff. I mean, the geek part of you thinks, wow, isn't that
cool and then you think about what you are looking at and it's horrifying.
So the compromises of all the network devices, we have seen especially in
the last week, so all of the stuff for key storage is relying on hardware
security modules that are designed and made by people who work indirectly or
directly for the United States government, the Israelis, Chinese, do you
want to trust those? I don't. So, Russ Housley, the Chair of the IAB, Jari
Arco who is probably hiding in here somewhere ?? there he is back there ??
and Stephen Farrell, beat me up and said, hey, do an OpenSource version. Do
open public architecture for it. And that is what this is about. This
effort is not an IETF effort and not an ISOC project, etc., etc. OK?
Though both contribute and help. There is a saying that old Internet
engineers have, we work for the Internet. OK.
So, the goals is OpenSource reference design, we are not going to produce
hardware, we are producing design. Scaleable, the first cut is going to be
a field programme gatable, CPU, composable, you can say give me a key store
and designer suitable for DNSSEC or sutiable for X. And we get reasonable
assurance by being open, diverse design team and an incrementally assured
tool chain. And by diverse design team I mean we have a Russian
cryptographer who in his day job makes crypto chips for the Russian,
whatevers, we have, some from the States and the lead is actually Swedish,
so on and so forth.
The only way ?? how do you get assurance in this space at all, anyway?
There are only two things we can do: One, is be maximally open and
transparent and diverse, and we do this to build trust in the project
itself. So, what is it actually look like? /TW?L looks like is a feed
programmable gate away that is a chip that you can programme to any kind of
normal gate logic. It's got a couple of 100s of thousands of gates and you
blow into it. It's a friend sitting right next to it that is a core, /A*RPL
CPU or little 8086 architecture and they are paired. This does the mean
nasty fast math, the hashing, the random number generator, etc.. this does
things like key stores, encryption, EC DSA, etc., on top of it. Then, there
is things like X509 in the software layer up and then there are the
applications you are used to.
In this world you are very much worried about something we called side
channel attacks and tampering. In other words, that chip could take a
different length of time to do, depending upon what data you asked it to
encrypt. And so you could shove a lot of different data at that time and
you could gain knowledge of the public key, private key, pardon me. OK.
Similarly, power use could be different.
So ?? or somebody could pry the top off of it and start running an electron
beam at it. What you do is the chip pair detects tampering of those ??
first of all, the algorithms are specifically designed not to take different
amounts of time, not to take different amounts of power. They detect
physical attack, they wipe the chip, if it feels physically attacked or
removed from power and it has weird stuff like on board battery to buy the
time to wipe it if it's unplugged from power. So we have something called
the polling boundary, the thing that is physically encapsulated in the chip,
it handles those two layers etc..
Code in this world, you write something called /SRER LOG, up here you are
a/SEPL percent, Python, other high level languages. Languages are an issue.
The tool chain is an issue. I have a joke that says when the fan goes on in
my laptop I think it's the NSA, the Israelies and Chinese fighting to see
who owns me. We have no assurance of our current toolset. Olaf sitting
there hacking and whatever language you are hacking at the moment ?? and he
doesn't know that his come /PAOEURL isn't inserting /TPHA*Sees. And the
famous paper on this was Kent Thomson's 1984 touring award paper which shows
how you could put a self reproducing hack into the C compiler which detected
when it was compiling the login command, it put a back door in.
In 2009, finally, a solution from this problem, David wheeler doubled
diverse compilation where you can use two different compilers to compile
against. We can use this to get fairly assured compilation of, for
instance, C and move on to interpretation of Python. We still have to
inspect the source.
All these wonderful OpenSource projects, it says they are open, but who is
looking at them? Right? That is the real problem. OK.
So, there is another problem is the FPGA has written something called
Verilog and there is very hard to get an open Verilog compiler, it cannot
compile itself so we are working on methods to build trust in the FPGA tool
chain, a separate ugly messy project.
So, this is just the start, do you it behind what is called near gap, the
stuff, we may develop on our lap top here but we take it home and it's done
with something on ?? something that is not detected ? connected to the Net.
OK.
So, it needs auditing. So the tool chain goes all the way from the C
compiler to a kernel, all the way down. You know, everybody is running
Linux unaudited. You don't know what you are running. So this takes time.
We are currently looking at a couple of years to get something you can
really use, the end of this year we will have some prototypes you can play
with. Lucy Lynch insisted I put in a cat video, so this is the cat video.
This is actually what one might look like logically. And the only
interesting thing to a normal person about this, is that you can see ??
there should be multiple instance of AES. Yes. So you don't ?? this is all
runs in parallel, so where you need AES, it's not that this AES calls that
one, it's there are multiple instances of the logic. You should know there
are some interesting related projects. I complain about no auditing. True
crypt is being audited and there is a great project doing so that done their
first successful stuff at the crypto level. Open cores is how to burn a
processor into an FPGA so you don't need that side processor maybe. There
is another, as I said ?? there is two Verilog validation things, we may be
able to play against each other. So?and?so forth.
The big things are diversity and transparency. We have diverse finance,
engineering, reviewers from many places, culture, blah?blah?blah and
everything is open, finances are open, mailing lists are open, the core
mailing list of the people who actually have to decide on something, the
archive of that list is open. There is nothing closed about this.
Diversity is the way to get trust, but we still need to audit it. You
people really need to be reading the code. Right? We were having a lunch
discussion about these SSL people, they don't want money, what they want is
people to audit the code. Please. OK?
We are pretty diversely funded. And no donor can be more than 10% etc.. no
anonymous donations because it should all be on the table. We will steal
from anybody and share with anybody, etc.. as I said, we seek review. We
are intentionally disorganised. The finances are kindly provided ??
financial coordination is kindly provided by /TPHO*RPBLG Internet. We
wanted away from the United States, it's not that the Swedes are wonderful
but at least it's not the States. The administration, Maria helped champion
it and /HRA*EUF /KWROE Hanson is running with it. The technical, we are
only half a dozen senior folk and we don't have any management.
Fund?raising is all of us. We do have some running code already ?? this is
the next to last slide, don't panic ?? we have SHA 1, 2356, the start of the
random number generating process, we don't have the noise sources, OK. But
we are just two months into it.
And this is what we are running on currently. This is ?? this isn't stuff
we manufactured, this is development board, people who make this chip to let
you develop for the chip and test, etc., etc.. but I had to show you some
digital porn. And that is about it.
(Applause) and you will have to suffer through this at lightning talk
tomorrow but that will be a good time to work on those barrist at that out
there.
AUDIENCE SPEAKER: ARIN cap LAN. Where do I get a development board.
RANDY BUSH: These are 170 bucks from /TER sic. We are also trying to burn
for the, do you know the dove /AEUPB in a Board ?? think of it as a laptop
board that has an FPGA that no, sir being used on the side, and the means to
programme it, etc.. we are also going to use that in our development
environment ?? didn't I have even the name of the website up there. This is
embarrassing? Cryptech.is. That is Iceland. I hope many people in this
room know why the servers are hosted in Iceland.
AUDIENCE SPEAKER: I have another suggestion. Basically, coming also out of
the crypto paper that I co?authored and my experience is in studying maths,
I think it would be a really good idea to have actually the testing
procedure as sort of a proof recipe on the website that you just mentioned,
because like when do you a mathematical proof, basically you lay out the
proof, you lay out the testing procedure if you want to and everyone can
replicate that and must come to the same conclusion. And I think that is a
very, very reassuring procedure.
RANDY BUSH: That works for the crypto math, it works less for hardware.
But thank you for volunteering to help. We really ??
AUDIENCE SPEAKER: But for ?? even for hardware testing, just specify how to
do the test and what is supposed to come out of it and then basically let
people replicate it.
RANDY BUSH: Yes. We are familiar with some of that stuff, some of the
other things we are doing ?? by the way, we have volunteers working with
this who are not part of a paid team, for instance there is somebody who is
an expert on detecting and preventing /TROPBLG ans in FPGA burns. All this
stuff ?? the level of paranoia you have to have is crazy. I keep pine in
three piles, the one is stuff easy to do something about. One is hard to do
something about it but you have to do something about it like Trojans and
burns. The third is things that are hopeless and I try just to go to sleep
at night.
AUDIENCE SPEAKER: Eric with the University of Michigan. Thanks, this is
cool, I have been wanting to build an HSM for a while, an OpenSource one, so
this is really exciting.
I am curious though why you decided to go with the FPGA route, especially if
you are going to do a full audit of the entire stack, including all of the
Verilog and VHTL.
RANDY BUSH: As opposed to?
AUDIENCE SPEAKER: Simply using a small embedded chip and a commercial
off?the?shelf chip.
RANDY BUSH: Some of the stuff needs speed so we are going FPGA and then
ASIG.
AUDIENCE SPEAKER: What applications need speed here? Because in general
the HSMs are a few hundred crypto operations per second at most?
RANDY BUSH: Some of the encryption stuff. You are just seeing the key part
of it. People also want BOC and BOC ciphers.
AUDIENCE SPEAKER: OK. The modern chip ??
RANDY BUSH: We are not going to be sitting on encrypting a hundred?gig
line, but I think the level of worry about privacy in the Internet that we
are seeing now and we are going ?? the water on that is going to keep
rising, is going to put serious demand on performance and flexibility in
many areas. But it's a fair argument.
Oh, by the way, but on the other hand, all that FPGA Verilog, first we cut
it in Python. So in every one of the cores ?? excuse the pun on the name,
every one on the FG ?? has a Python version and Verilog version, so could
you do that trivially.
AUDIENCE SPEAKER: I had a question, you mention hardware number generators,
do you have any idea of sources?
RANDY BUSH: We are in the middle of arguments on that. One of the
dimensions of the argument is some people are saying one source is enough;
other people are saying you have to have multiple sources. The latter are
winning, or at least from my point of view because I am in that camp. And
but noisy DIODs ?? we are not sticking up a radio antenna. But please,
join, help, beat me up afterwards, anything, participate, you are welcome.
MARIA HALL: Don't beat him up, we need him.
RANDY BUSH: Thank you.
(Applause)
MARIA HALL: Thank you so much, Randy. And just have to say that we are,
from my organisation, we are so proud of being part of this very, very
thrilling and ?? thank you for doing these presentations because one of the
key things that this project is also the outreach, get people engaged and as
Randy said before.
I am not going to be on stage so much longer, I am going to hand over to
Meredith ?? I can hand almost to Chris. I am sorry I did such a lousy
introduction for you before, I am so sorry, I am a bit confused. But some
policy update and then it's time to wrap up, thank you.
CHRIS BUCKRIDGE: Thank you, Maria. I know I am going to keep this very
brief because I know the co?chairs have some administrative they want to do
afterwards. And I assume, I imagine most of you have been in a number of
sessions this week, including the Internet Governance panel on Tuesday and
NCC services session yesterday where Paul talked about our external
relations activity, hopefully you have got a fairly good idea of the things
the RIPE external relations folks have been doing in terms of Internet
governance stuff.
In that session yesterday, the NCC session, newer Annie got up and suggested
the RIPE NCC might want to do a bit more granular updating to the community,
providing shorter updates on some of the specific items and events that that
are important here. This is not that. This is the other end of the
spectrum to that. And it's a bit of an experiment, I guess. I just wanted
to see if this is useful to people because there are, as has been commented
many times, many, many acronyms flying around, different groups and forums
and interrelationships between those things. What I wanted to do is ?? I
will put the next slide up ?? give you a bit of time?line with some key
events and maybe start to think about how those events tie into each other,
what the sort, if there is a unifying strategy or something here.
And so, I will start with this slide. As you see, a sort of very rough
time?line here from the January 2014 down to December with RIPE 68 there
right in the middle, above the line the events that have happened prior to
this, we have had NETMondial which we have heard plenty about: The NTIA
announcement which you heard plenty about and which I think is a defining
moment for everything else that has happened this here. The ITU world
development conference and that happened in Dubai around the same time as
our last MENOG meeting and that is ?? the side of the ITU which we are very,
very keen and happy to engage with. That is where the governments are
talking about capacity building, they are talking about development and how
that sort of stuff can get off the ground and that is something we are
really obviously keen to work with governments on to contribute to.
I have got the ICANN meetings obviously down the side there. They are going
to be key moments particularly for this NTIA stuff. But then also the other
big thing here in the middle is the Internet governance forum, that suspects
in September this year so we are going to be preparing, building up for our
participation there. And that is going to be affected by what happened at
events like NETmundial. NETMondial, I think was an example of a
multi?stakeholder process having a bit more of a tangible outcome and that
is been something that people have been, some people have been pushing for
from the IGP. The preparation that happens for the IGF between now and
September are going to determine what that model of NETmundial for the IGF,
will there be changes and back stronger body and what will that mean for a
place that brings together stakeholders to talk and share information
openly.
But so then the biggest circle down here, and I want to speak a little bit
about this, and it I think is ?? well, is the ITU plenary potentiary
conference and I think that is really affecting a lot of what is happened ??
what has happened prior. It's affecting the strategic positions that people
throughout this Internet governance Eco system are taking, whether it's
saying that perhaps the N TA announcement had something to do with defusing
that issue going into plenary potentiary of governments saying the US
Government has too much control, well NETMondial is a means of shoring up
the multistakeholder model ahead of people saying it doesn't work. So this
is something that ?? well, I will go to the next slide. It's the supreme
organ of the ITU. I really just like that phrase, so I put it in there.
But it's the most important body in ITU activities. It's where the
direction is set for what the ITU will do and it happens every four years.
It also sees the election of the sort of key positions in the organisation,
including the Secretary General and the heads of the three different
bureaus, so that includes the standardisation sector and the development
sector, both of which we are a member of, the RIPE NCC is a member of.
Sector members such as the RIPE NCC don't really have the opportunity to
participate officially. We can attend, we can see what goes on but this is
really the Member States getting together and making these decisions. Part
of how we, I guess, address that or take a bit more of an active role is
participating in the regional groups that we are part of and that includes
the CE P T ?? talk about issues, the /AR ash group where we attend, we have
attended numerous meetings in the past and hope to continue doing that. And
RCC which is the CIS countries and Russia and where they do their planning.
So, plenary potentiary, that is a big item on our agenda for this year and I
think that is something that will be hopefully giving you a bit more
granular information about, specific information. I will do this next part
very quickly because it suddenly it does get into a lot more acronyms,
because parallel to all of this there is a whole other side process
happening in the UN system and so that includes activity in the Commission
for science, technology and development, the Cstd which has had a Working
Group on enhanced cooperation. That is fed back then into the Cstd itself,
which feeds on to the UN general assembly which will meet in committee two
later this year. I am not going into great detail beyond that, and the RIPE
NCC, it has varying amounts of engagement with any of these, we are
certainly not attending meetings of the Cstd Working Group but we are paying
attention to community members we know who are there. But this all, it all
does tie into and tie back to things like the IANA transition process. What
happens in terms of WSIS which is the multistakeholder process which started
ten years ago and launched the IGF and has tied Internet governance to the
United Nations, that is going to affect or has the potential to affect how
that whole question of oversight passing to a multi?stakeholder community,
like the RIR communities, happens; whether it can happen, whether
governments take a sort of active role in that, that development process or
go a sort of different route through the UN and surprise us all, I guess.
So, this is I guess basically just raising a lot of questions and putting
out there a lot of things saying, we are going to try and provide you with
information on this. There are links here to a number of the key events
that I mentioned, but I have said at the end there and of course right .net.
I think newer Annie's question and we have heard it from other people how we
keep you informed of what is happening in these spaces is really important.
I am not sure ?? well, we need to discuss further how we are going to do
that, whether that is a new sort of platform or whether it's using ripe.net
or whether it's focused more on the mailing lists, I think we need to talk
with people and talk internally about what is going to get this information
across most effectively. But yeah, I guess stay tuned, you will be hearing
from us. And so, questions and more and more questions? But yeah, if
anyone does have anything to say or ask right now I would certainly be happy
to attempt to answer it. Not so much.
AUDIENCE SPEAKER: It's very interesting, but more interesting to know
details. Let me tell a story from Russian DEllbations coming to IGF, there
was a lot of fun and jokes, consist of 35 people, what is going on, no one
knows. There are a lot of interesting photos of Internet that delegates
visiting shops around and so on. And it's OK for Russia but I think not OK
for European Union and community. Could you be more informative on what is
going on on events RIPE joining like this, because OK a lot of people
joining such events, I think whole communication department joins. Could
you be more informative? We met such guys talk about that, did that things,
agreed to meet again and so on. Not just three slides about ?? what is
result? Or no result it's also result. Thank you.
CHRIS BUCKRIDGE: Thank you. I mean I think we ?? we have been attempting,
I think this has been raised before and we have been attempting to move in
that direction, I think we have been providing a few more updates on things
like the NCC announce mailing list, but it is something that needs to be ??
we need to be doing more of and as was noted yesterday, a sort of shorter
format where you can be very specific about what happened and what were the
key take aways from a certainy event is something we need to be doing for
the community so that point is taken very well.
AUDIENCE SPEAKER: Phil rush tonne. Just a couple of observings. I think
you didn't do yourself justice with regards to activities in event like
plenty /PO*T and W BT C, I attended as part of the UK delegations to have
those events and it's very helpful to have expertise that you can go and
discuss and get opinion on as to what the implications to what is and what
is not good for the community and the activities that we see here.
With regards to the output of NETmundial, I also sat on the CSTD Working
Group on enhanced cooperation and we met the week after Brazil and output of
Brazil was raised and it was interesting that there were some Member States
within the CSTD Working Group said that is fine, that was last week but it
has no relevance here. So, the analysis that you have of the
interrelationships between these activities are not only driven by
technicalities but also slides, if you look at the acronyms, in my personal
opinion across all on the right?hand side, where it's looking at the WSIS
follow?up, I think is quite critical, and as I said earlier this morning,
the NTIA announcement will be pulled into that and it's critical for this
community to provide feedback and input into that debate.
CHRIS BUCKRIDGE: Thank you.
MEREDITH WHITTAKER: Thank you, Chris. And this is ?? maybe my co?chairs
can join me, I think this is really just a wrap up. That was awesome all
through. I think Alan and and I are new as co?chairs and Maria has been a
wonderful guide. We have had a lot of conversations throughout the period
between the last RIPE meeting and right now. And a lot of what we have
wanted to do is kind of structure this as the collaboration Working Group,
this is ?? governance is incredibly important but there are a number of
other stakeholders whose lives we affect every day whose decisions affect us
every day. How do we bring those people and those viewpoints into the room?
How do we communicate or expertise in ways that are actionable and
understandable to those bodies so make this a discourse session, a place
where people can bring ideas and talk with you guys about it. So I am just
going to basically put a number of open questions which have been generated
throughout a number of months by conversations between the three of us so
this is ?? I am representing the collective here. But we have thought about
things like having a sort of RIPE brain trust, these are people who are
experts in specific areas who, when Gordon does an excellent job and pulls
out problematic statements we have people who are ready and willing to
comment and give detail on why or why not that is problematic, can become
more actively engaged without having to become policy experts or experts in
another domain. We have thought about possibly putting together white
papers or technical documents that are distilled into a legible or
intelligible form, are there people who are /TPHR?D that. We are talked
about different format changes, could we hold a session that is more of a
workshop and less of a presentation session where people are talking about
hard problems from different disciplines and come to go at least a broader
shared understanding of the different viewpoints that inform everyone. I
think that is ?? those are ideas that I am putting out here and hoping I
would hear echoes back on the list or some sort of general /RAtive
discussion. So we are thinking about ways to neighbouring the coolest
Working Group and thinking about topics for next time. Paul has already
done it just now. So, we had love topic suggestions and suggestions for
what is topical, more IANA discussion and sort of following that in an
actionable way, what does it mean for me? You know, measuring content
blocking and censorship, more on privacy and security, where do we get ??
again, we had a nice spectrum of opinions there, how do we begin to engage
in topics like those and others you are interested in, this is the thing
before coffee.
NURANI NIMPUNO: Great, I love it. I have lots of ideas, I am not going to
take them all here so I am happy to discuss it and brainstorm a bit. But
just a general comment and it's a comment I have tried to make before: I
think there is a problem if we talk about Internet governance, what do you
think? The technical community doesn't think anything about Internet
governance but there are lots of specific issues we have got very strong
opinions about and there might be some people have opinions in one area but
not in another. And some people have opinions in all areas. But it's about
those specific issues, it's not about Internet governance, it's about making
those issues concrete and getting specific feedback on those specific
issues.
MEREDITH WHITTAKER: Yes. And I like the way you describe it. Internet
governance outside of this room and I will say that and people say who are
the Internet governments. Again it's a framework that is unfamiliar. But
do you want a closed door session of people in suits deciding how you get
address allocation. I think that is a question that is all of a sudden
everyone's eyes bright en, so you are thinking on thousand do that. So take
to the list and thank you and I will pass it to my co?chairs to do any other
wrap?up.
MARIA HALL: Did you a it perfect and thank you so much for your comment
because I think it's exactly the way we were trying to meet in this two
sessions to have more specific topics. But we can do more and we'd like to
have your feedback on the list. Thank you.
ALAN: I am very happy to see you all here. It's ban very, very interesting
couple of sessions we had, first time we had two sessions, very happy with
the comments we got, very happy with the work which has been done by the
people presenting, so thank you a lot from all of us. Thanks.
(Applause)
LIVE CAPTIONING BY AOIFE DOWNES RPR
DOYLE COURT REPORTERS LTD, DUBLIN IRELAND.
WWW.DCR.IE
