[ga] Re: ICANN and Internet Security and Stability Protection

[Jefsey Morfin <jefsey@wanadoo.fr>]

Dear Michiel, dear Siegfried,
On 11:26 11/10/01, Michiel Leenaars said:
>I don't think ICANN is an appropriate forum to discuss this sort of 
>matter. I looked into the ICANN agenda too, to find if they had changed 
>course, but there seems to be no mention of anything.
>Am I missing something? They only do domain names, and nothing else.

>agreed. siegfried

The question is not that much if the ICANN is or not the proper place. The 
point is that the ICANN -  under stress or/and pressures from he USG - has 
decided without prior debate to dedicate its coming main yearly meeting to 
Security, to the detriment of its pending urgent issues. Making it a press 
focal point on the matter.

Crash training and inadequate debates as planed will show the world an 
apparent distrust in the current security solutions, an ignorance of the 
matter and an inability to propose (for reasons I develop in the last 
part). This is endangering the security and the stability of the Internet.

>In fact it is the IETF, IAB and IESG (www.ietf.org) who will really be 
>doing this kind of thing, I guess, in cooperation with organisations like 
>EuroISPA, RIPE/NCC and ISOC.

I am sorry: here I disagree. There is a need for an Security and Stability 
Protection Internet governance advisory center. The structures you quote 
and their solutions will be scrutinized as the ICANN, as any other Internet 
aspect. The internal review solutions are to be reviewed. They may just 
fine, but they are the first to probe. This is like virus tracking: we have 
to start with the anti-virus program itself. We are at something serious.


So, this is a good occasion as any to initiate it such a necessary process. 
The ICANN is a good place as any, I would say a better place because the 
dialog will certainly include governments and the GAC is a proper interface.

>I don't think we should be too paranoid and panicky about it all, too.

You are absolutely right. As Talleyrand said: "slow, slow: we are in 
hurry". It has to be an open process by professionals from every area. I am 
just initiating the idea: there are many around to take the lead in many areas.

>There are infrastructures (like the electricity infrastructure) that are 
>more important and far easy to be targeted, IF that would ever be 
>realistic (I personally feel that the recent events showed more symbolism 
>- attacking the military and capitalist heart of the country) than actual 
>mass scale disruptive tactics. There is little terror in my internet 
>connection not working (if you can do that, at any rate). And sane use of 
>internet in critical applications should know fallback on or off the net.

I am afraid we do not speak of the same thing, or quite remotely. To keep 
with your electricity infrastructure image, the situation of the Internet 
is like if most of the current electricity network was still using wood 
poles, had no nuclear controlling agencies, no one cared about its 
stability and no international agreements had been worked on the matter nor 
environment protection. Tchernobyl.


The world has become dependable on the Internet, much more that on the WTC 
business messages. Yet the first problem I had reported on Sept 11th was 
the distress of VietNamese peasants not knowing how they would survive the 
loss of the WTC messages for their current rice campaign.


The first target is that we may tell the press one month from now: the 
Internet Community has acknowledged the need, work is under way, there is a 
method, there are professionals involved, please help them through your and 
your reader contributions. To turn a, initial security and stability break 
into a positive thing.

The second target is to benefit from the permanence and the importance of 
the security theme to proceed to a complete review from a logical and real 
life point of view of the current data network interconnecting solutions of 
the world and future needs. Some planing strategy is necessary. These is 
Internet: a consensus by its users. But it is nevertheless a major 
international industrial, economical, cultural, political, social, legal 
etc.. deployment. Time has come to consider how to make it secure and 
stability protected as such.


I expect from this several major break through. Innovation, architecture 
updates, etc. We have major deployments ahead -TV, new services, proximity 
networks, teleurbanism, etc.. and an dramatic increase of the existing 
usages. This calls for a far more secure and stable system.

Up to now people have too much looked into the "net" and not enough into 
the "inter", to the technicalities and not enough in the social vector, to 
the business and not enough to the infrastructure. Users and applications 
also makes the architecture of the Internet: how they can be used to add to 
the global resilience is an important question. As an example, we cannot 
continue to have the world  most distributed system ever to depend on a 
centralized process on a limited set of 13 machines responding from a data 
file of 66 K 10.000 queries a second, 60% of them being a user typo. Nor to 
have its deployment limited to the capacity of negotiation of confusing 
contracts by two ICANN lawyers. etc... etc...


The concerns range from viruscoms (tricking the DNS in misrouting) or ISP 
hacking to NASDAQ crisis, e-mail spying, whois misuse, international DoS 
attacks, national protection, resilience to a cut from the root servers, 
anti-internet laws, public distrust, e-economy instability, dominance vs 
governance,  alternative architecture, Internet replacement, social 
modelization dependance, reliability in period of crisis, political unrest 
dues to e-cultural unbalances, domain name hijacking and legal definition, 
private greed or business strategy impacts, IPv6 bottle necks, world 
economy dependance, legal status of the Internet corporations, VAT 
organization and money laundering,  collocation industry, noometry and 
authentification, interpol, governance organization, security and stability 
warning definition, etc.. etc...

This is terra incognita. It calls on everyone from the governance with 
experience To work out an analysis methodology and a modelization with 
observatories and test/warning criteria. From then to propose an Internet 
Security and Stability Protection Advisory Committee to Govs and governance.
This to be used to filter out/in innovations and proposed changes.

Jefsey Morfin
icp4-subscribe@yahoogroups.com


--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html