[At-Large] ICANN Blog : Relying on ICANN Community-Developed Processes for a Safe, Secure Interne

bzs at theworld.com bzs at theworld.com
Fri Jan 7 01:05:58 UTC 2022


It has occurred to me that perhaps one of Putin's major goals
(assuming he is pulling these strings) is to get the rest of the world
to spend itself to death on network security much like the (possibly
apocryphal) claim that we (US) caused the USSR's demise by causing
them to spend themselves to death on defense.

It doesn't matter if that's factually true, it probably isn't. The
USSR's spending on defense didn't rise much in the claimed era. Only
whether Putin believes it to be true, or is an opportunity.

It is a game which is weighted in favor of the attacker who only has
to get it right once in a while to do a lot of damage while the
defender has to try to thwart every effort.

That said I'll say what I've been saying for decades:

We never designed the net to be secure.

We never designed it to do things which require so much security.

That was an afterthought largely beginning in the mid-90s when some
realized that they could make (and/or save) a lot of money if they
could proceed on the fiction that the net was or could be made secure.

So we (the technological community) bought into that fiction and
proceeded to try to layer on security.

It hasn't really worked. It may not even be possible.

Or, perhaps put better, we only encouraged those exploiting the net
for their own pecuniary interests to keep coming back for more
security acting as if we'd promised it was secure but haven't tried
hard enough and have let them down.

We didn't ever promise that.

Show me where, in writing, anyone ever promised anyone that.

The net was designed to share pictures of cats, bottomless talking
clubs, and document sharing, all of little importance, as
frictionlessly, cheaply, quickly, and without accountability as
possible.

If those making literally trillions off the net actually care about
security perhaps they could throw in some billions to achieve it and
stop hoping they can humiliate this vast army of largely unpaid
volunteers to deliver it to them for free.

On January 6, 2022 at 14:39 at-large at atlarge-lists.icann.org (Karl Auerbach via At-Large) wrote:
 > On 1/6/22 9:39 AM, Dev Anand Teelucksingh via At-Large wrote:
 > 
 >    
 >     ICANN Blog : Relying on ICANN Community-Developed Processes for a Safe,
 >     Secure Internet
 > 
 > In our race to be safe and secure we are forgetting about maintenance,
 > monitoring, diagnostics, and repair.
 > 
 > Our layers of security are making it harder to keep the net running.
 > 
 > I've been working on the monitor/diagnose/repair side of things for more than 4
 > decades.  I've watched as the number and strength of security walls being
 > erected, walls that make running the net hard,  is increasing.
 > 
 > Yes, we need security.  But we also need means to keep the net running and to
 > fix it when thing go awry.
 > 
 > Few have been willing to discuss this trade-off between security and
 > maintenance/repair.
 > 
 > The solution may require empowerment of people with special privileges and use
 > of privileged tools of exceptional power; a cadre of privileged internet
 > priests.
 > 
 > The creation of such a cadre has been strongly resisted when that cadre has
 > taken the form of things like backdoors into cryptography.  However, to keep
 > the net alive sometimes people and tools are going to have to go into the
 > cellars and sewers of the net where unpleasant and uncomfortable things will be
 > seen.  To my mind this all comes down to ethics and trust, the trust that those
 > who have special powers to maintain the net operate within a set of ethical
 > guidelines backed by strong enforcement.
 > 
 > At the present time the internet is like a patent on a surgical table.  Perhaps
 > the patient is sick, perhaps not, perhaps in need of immediate care.  But on
 > our present internet the doctors are locked outside the building and the the
 > surgeon is allowed only butter knives rather than sharp scalpels.
 > 
 > The internet has become a lifeline utility - health, safety, and even lives
 > depend on it.  That will increase in the future.
 > 
 > Yet we have only weak and filtered means to monitor the net, to understand its
 > pathologies; to even know when things are working badly (whether due to
 > failure, attack, or simple mis-configuration) are, at best, weak; and to make
 > repairs.
 > 
 > Questions of security must be considered, hand-in-hand, with matters of the
 > necessary access and the sharp, potentially dangerous, tools that must be
 > wielded to keep thins operating well.
 > 
 >         --karl--
 > 
 > 
 > _______________________________________________
 > At-Large mailing list
 > At-Large at atlarge-lists.icann.org
 > https://atlarge-lists.icann.org/mailman/listinfo/at-large
 > 
 > At-Large Official Site: http://atlarge.icann.org
 > _______________________________________________
 > By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


More information about the At-Large mailing list