Return-Path: <ietf-bounces@ietf.org>
Received: from murder ([unix socket])
	 by eikenes.alvestrand.no (Cyrus v2.2.8-Mandrake-RPM-2.2.8-4.2.101mdk) with LMTPA;
	 Wed, 20 Jul 2005 23:32:56 +0200
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost.localdomain [127.0.0.1])
	by eikenes.alvestrand.no (Postfix) with ESMTP id 2EA9D61B7A
	for <harald@alvestrand.no>; Wed, 20 Jul 2005 23:32:56 +0200 (CEST)
Received: from eikenes.alvestrand.no ([127.0.0.1])
 by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 17342-02 for <harald@alvestrand.no>;
 Wed, 20 Jul 2005 23:32:51 +0200 (CEST)
X-Greylist: domain auto-whitelisted by SQLgrey-1.4.8
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71])
	by eikenes.alvestrand.no (Postfix) with ESMTP id D13B661B4C
	for <harald@alvestrand.no>; Wed, 20 Jul 2005 23:32:16 +0200 (CEST)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.32)
	id 1DvMA6-0001OC-Da; Wed, 20 Jul 2005 17:31:30 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.32) id 1DvMA0-0001M4-Eb
	for ietf@megatron.ietf.org; Wed, 20 Jul 2005 17:31:25 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA05016
	for <ietf@ietf.org>; Wed, 20 Jul 2005 17:31:21 -0400 (EDT)
Received: from montage.altserver.com ([63.247.74.122])
	by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1DvMdt-0004th-37
	for ietf@ietf.org; Wed, 20 Jul 2005 18:02:18 -0400
Received: from i03m-212-195-148-209.d4.club-internet.fr ([212.195.148.209]
	helo=jfc.afrac.org) by montage.altserver.com with esmtpa (Exim 4.44)
	id 1DvM9m-00017w-Eo; Wed, 20 Jul 2005 14:31:10 -0700
Message-Id: <6.2.1.2.2.20050720175020.049466d0@mail.jefsey.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2
Date: Wed, 20 Jul 2005 23:30:51 +0200
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>,
	"Stephen Kent" <kent@bbn.com>
From: "JFC (Jefsey) Morfin" <jefsey@jefsey.com>
In-Reply-To: <198A730C2044DE4A96749D13E167AD37250416@MOU1WNEXMB04.vcorp.
	ad.vrsn.com>
References: <198A730C2044DE4A96749D13E167AD37250416@MOU1WNEXMB04.vcorp.ad.vrsn.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-AntiAbuse: This header was added to track abuse,
	please include it with any abuse report
X-AntiAbuse: Primary Hostname - montage.altserver.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jefsey.com
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac
Cc: Keith Moore <moore@cs.utk.edu>,
	John Kristoff <jtk@northwestern.edu>, ietf@ietf.org
Subject: RE: Port numbers and IPv6(was:	I-D
 ACTION:draft-klensin-iana-reg-policy-00.txt)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>,
	<mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>,
	<mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
X-Virus-Scanned: amavisd-new at alvestrand.no

At 17:44 20/07/2005, Hallam-Baker, Phillip wrote:
> > layered defenses are a good notion, but mostly when the layers are
> > under the same administrative control. all too often people forget
> > that relying on the security provided by someone else is a risky
> > proposition, as in your example of ISPs providing ingress filtering.
>
>I would restate your assertion:
>
>It is a bad idea to rely on another party that cannot be held
>accountable to you.
>
>We all rely on other parties, the Internet is an example of extended
>interdependency. The critical issue is accountability.

Dear Hallam,
This precisely the purpose of an intergovernance to apply what they call 
the "Internet Governance". The idea that an interdependence is managed by a 
"concept" is not trustworthy: the intergovernance is the complex relational 
system of all the "local" or "specialised" and "private" governance. The 
inter-accountability matrix roots in many aspects which can be technical, 
political, societal, or economics. This results into trust degrees which 
permit to build a strategy of protection, starting with priorities. In the 
recent USG Statements, the USA just say that: a country cannot depend on 
the good will concept of an external voluntary system.

>So in the question of ingress filtering what I am looking at is
>mechanisms to create accountability.

Just beware that accountability in an interdependence system can only based 
on the threat of retaliation. What means that you must be a little be more 
equal than you peers for it to succeed.

The mechanism of intergovernance is to make the numbers of peers in 
_subsidiarity_ to replace the threat of retaliation. If your mechanism is 
"provide me a good protection in area A and I will provide one in area B" 
and your only way to enforce it is that if A degrades, you degrade B, you 
are better of in having no agreement. If the mechanism is "if A degrades, 
we all are better off in helping/forcing it to improve" it will work 
better, or we will have the possibility/help to get A somewhere else.

> > If it weren't a good analogy I don't think I would have received so
> > many private responses congratulating me for it :-)
>
>This forum is very much wedded to a security architecture based on a
>particular set of academic theories. It is no surprise that you find
>support here, any more than the original pontifex maximus would no doubt
>receive congratulations on his correct determinationof the auspices from
>the entrails of a goat.
>
>The fact is that in the wider arena of security practitioners the view
>you are advancing is a distinctly minority one that holds almost no
>support.
>
>The Internet cannot be secured using an architecture based on
>traditional computer security mechanism that absolutely prevent
>prohibited actions in advance. It is not possible to know what they are
>in advance.
>
>The approach has to be accountability based.

Beware that whatever the accountability, when you are dead, you are dead. 
Your heirs can revenge you, but you failed your target.

The problem here is if you consider the security of the global system with 
possible errors corrected through accountability mechanisms; or if you 
consider the risk zero security you want for your own self within the 
network. Police accepts a few assassinations a year, and fight their 
increase through an accountability system based upon investigation and 
Justice. This is certainly better than telling the murderers to keep quite, 
but I suppose you prefer making sure you are not to be among the killed ones?

This boils down to three architecture frameworks: authority centric - the 
law should be obeyed, network centric - mutual accountability framework, 
user centric - self protection. Real world is a blend of the three, I 
suppose the Internet makes no exception.
jfc


_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf