[ih] IETF relevance (was Memories of Flag Day?)

Jack Haverty jack at 3kitty.org
Tue Sep 5 21:36:54 PDT 2023


Hi Vint,

Glad to see that the political world has joined the Internet team! It's 
good to see progress ... but I'm not sure it's in the traditional direction.

I looked the summary at the GDPR info at gdpr.eu.   They seem to be 
farther along than NIS2.  I'm not sure what DMA or DSA are... Google 
suggests Democratic Socialists of America and Data Marketing 
Association.  Sounds unlikely...

What I see is a huge gap between the political and technical worlds of 
the Internet.   The GDPR is responding to an important problem, and its 
solution is to legally mandate a host of "Data Protection Principles" 
and associated rules and laws.  But there's no indication of what one 
must do to comply, such as a reference to any technology requirements 
(RFCs, Standards, whatever).   How to comply is left up to the 
individual companies, governments, courts, lawyers, et al to figure out, 
and they may not be technically savvy.

One concrete example....

The GPRD site comments "GDPR compliance is easier with**encrypted 
email", but gives no indication of how to accomplish that.

In the US, we've encountered a similar situation earlier, in the context 
of HIPAA (privacy constraints on medical information) as well as laws 
about financial information and services.  There may be Internet 
technologies "on the shelf" that could be used to meet such 
requirements.  Or if those technologies are insufficient, they could 
perhaps be modified to meet the needs.   I don't believe HIPAA indicates 
how Internet Standards might be used to satisfy the legal requirements.

Rather than researching through the "shelf" of Internet Standards, I 
suspect it was easier, for all the IT staffs associated with the medical 
and financial industries, to simply invent their own solutions, very 
simple, very understandable, and very easy to convince management (and 
the lawyers) that it satisfies the legal requirements.

I just have my own data point, but I now have perhaps 10 to 20 separate 
and distinct "message" boxes, where I can get access to medical, 
financial, legal, governmental, and other such personal material via the 
Internet.   Our classic Internet email system, i.e., SMTP et al, is used 
only to inform me that I have a message waiting inside their particular 
silo.   I have to go there if I want to read it, reply, etc.

So instead of one mailbox, I now have several dozen, all providing the 
same service as "Internet Email", but none interoperable with anything else.

My email program claims to have the ability to handle encrypted email, 
cryptographically verified signatures, certificates, and such, and there 
are lots of RFCs/Standards describing mechanisms for secure email.   I 
don't know why none of my legal, medical, or financial providers chose 
to use such "on the shelf" technologies. Perhaps they weren't aware of 
them, or don't see how to apply them, or have discovered they aren't 
sufficiently secure, or ???  Or perhaps it was just easier and less 
risky to create yet another email silo, relying only on HTTPS or a VPN 
to provide the required security to get to the silo.   Or just require 
use of their own "app" on your smart device which can use whatever 
privacy or security mechanisms it chooses.

A similar progression has occurred in video conferencing.  Back in the 
dark ages of the Internet there was a lot of work on conferencing, with 
mechanisms such as the mBone functioning even with the limited network 
capacity we had in the 80s.   Today there is quite powerful 
videoconferencing available, but as far as I can tell, each system is 
its own silo, not able to interact with any other.   I don't know if any 
of those silos use or are based on any current or past Internet 
Standards or if each uses proprietary designs.

So, although there is some movement to add regulations and some 
semblance of "control" on the Internet, I'm not confident it will result 
in the kind of interoperability that we strove for in the early days.

I'll be pleased to be proven wrong!

Jack Haverty

**


On 9/4/23 10:32, Vint Cerf wrote:
> many regulations are in place or in development - the Internet has not 
> escaped. There is a major cybercrime treaty in negotiation for 
> example. The UN Global Digital Compact is in development. The 
> Europeans are imposing major rules that will like escape Europe and be 
> adopted or emulated elsewhere. Think of the GDPR, NIS 2, DMA, DSA, .....
>
>
> v
>
> On Mon, Sep 4, 2023 at 1:23 PM Jack Haverty via Internet-history 
> <internet-history at elists.isoc.org> wrote:
>
>     Two excellent observations about the early days!  1) Someone was in
>     charge and in control.  2) The goal was to make the system work
>     and be
>     actually used.
>
>     Back in late 1981, you (Vint) asked me to take on the Gateway
>     Project at
>     BBN, explicitly to make the Internet operate as a 24x7 reliable
>     service,
>     following the lead that the Arpanet had developed over more than a
>     decade of operation as an infrastructure.   More about that here
>     for the
>     curious:
>     https://elists.isoc.org/pipermail/internet-history/2019-November/005595.html
>
>     That task could have been a research effort, producing protocols,
>     algorithms, and mechanisms documented in RFCs for anyone to use. But
>     there wasn't time to wait, so instead we just copied the
>     mechanisms of
>     the Arpanet, translating them into the world of TCP/IP.   Much of the
>     Arpanet "management" technology wasn't well known or documented,
>     but by
>     locating the "Gateway Group" physically near the Arpanet control
>     center
>     (NOC), and recruiting some people from that world, it was possible
>     to do
>     "technology transfer" (a buzzword at the time).   The Internet
>     acquired
>     "operations" tools by plagiarizing what had been working for years in
>     the Arpanet.   That was the fastest way to "make it work".
>
>     Separately, there were efforts, initiated by someone, to
>     orchestrate the
>     "Flag Day" on the Arpanet, to declare TCP/IP a DoD Standard, to
>     define
>     and implement a formal certification program for new TCP
>     implementations, and probably other efforts I never knew about.
>
>     Someone was in charge, and someone was doing lots of things to
>     "make it
>     work".
>
>     It wasn't perfect.   Actually it was a bit chaotic IIRC.
>
>     For example... Jon Postel took on the task of documenting TCP/IPV4
>     so it
>     could be referenced as a Standard.  RFCs were released.   DoD
>     declared
>     them mandatory for all military systems that involved communicating
>     computers.
>
>     A bit later, at BBN we were assisting various pieces of the
>     government
>     in getting their computer systems up and running with their vendor's
>     brand-new, certified, standard TCPIPV4s.  It was a big surprise to
>     discover that, although TCP/IP was there, none of the other
>     "tools" we
>     had been using for years had been implemented on those machines.
>
>     Much of that missing functionality was called "ICMP", well
>     documented in
>     RFC 792.  But only TCP/IP had been declared a DoD Standard.
>     Government
>     contractors, who had not been involved in the research community,
>     had to
>     implement the Standard.   But the Standard didn't include ICMP. 
>     So they
>     didn't implement it.
>
>     That made it much more difficult to "make it work".  For example,
>     without ICMP as the Internet's Swiss Army Knife, you couldn't even
>     "ping" a DoD Standard computer.   I remember we raised quite a fuss
>     about that, and implementations started to appear.  I'm not sure
>     if the
>     Standard was ever modified to require ICMP.
>
>     Other things, like SNMP, were useful but also missing.  Many people
>     apparently didn't consider ICMP and its cohorts to be part of TCP/IP.
>     We considered such technology essential to be able to "make it work".
>
>     -----
>
>     Looking back from 2023...
>
>     IMHO, one of the inflection points occurred when the culture shifted
>     from "make it work" to "make money from the Internet".
>     Interoperability
>     (everyone can interact with everyone else) is part of "make it work",
>     and conformance to Metcalfe's Law (google it...).   Silos
>     (everyone can
>     interact, as long as you stay in *our* silo) are (thought to be)
>     preferable for "make money".
>
>     I wasn't very involved in the Internet growth as NSF joined and
>     later as
>     the first ISPs spun off to become commercial services. Perhaps
>     someone
>     remembers if they had any kind of "standards" or "certification"
>     involved as the culture shifted.  E.g., was there a "FRICC
>     Standard" for
>     computers joining their 'nets?  I recall there were AUPs
>     (Acceptable Use
>     Policies), at least at first.   Did these "fade away" and turn
>     into "pay
>     us to get on the Internet and you can do whatever you want"?
>
>     It's still puzzling (to me) that the Internet has become a global
>     infrastructure, and hasn't been surrounded by the web of regulations,
>     laws, codes, agencies, treaties, and such non-technical mechanisms
>     that
>     have developed around other infrastructures.  Roads and vehicles,
>     electric power, marine activities, air transport, railroads, finance,
>     water, and even the air we breathe all have such mechanisms.
>
>     Is the Internet different?  Or just still too young to have accreted
>     such "management" mechanisms?
>
>     Jack Haverty
>
>     On 9/2/23 02:19, vinton cerf via Internet-history wrote:
>     > I have only a brief moment to respond. The Arpanet, PRNET,
>     SATNET, Internet
>     > sequence gets its primary stability from the sole source funding
>     of ARPA,
>     > initially, and the pooling of resources from other DoD
>     components using
>     > Arpanet. Arpanet was managed by BBN initially (later under
>     contract to DCA
>     > vs ARPA). It really helped that the Internet development funding
>     came from
>     > a single source. Decision making was largely in the hands of the
>     ARPA
>     > program managers, well-informed by the people doing the work. In the
>     > mid-1980s, ARPA, NSF, DOE and NASA collaborated through the Federal
>     > Research Internet Coordinating Committee (FRICC) made up of program
>     > managers from each agency. ESNET, NSINET and NSFNET joined
>     Arpanet as
>     > backbones of the Internet. Again, common purpose welded the
>     effort into a
>     > coherent whole. MERIT played a major role in the NSFNET
>     development which
>     > really elaborated on the multi-network aspect of Internet. MERIT
>     had to
>     > deal with scaling of the Internet to a dozen or more
>     intermediate level
>     > networks linked together through the NSFNET backbone. BGP came
>     out of that
>     > work and has scaled well - now needing more security from
>     abuse/mistakes.
>     >
>     > I think there was a common thread in all of this work: people
>     who were
>     > working on different aspects of the Internet and its constituent
>     networks
>     > really wanted this system to work. The goal was interoperability
>     linking so
>     > many different packet switched networks together. Even the Xerox
>     PARC team,
>     > whose work on PUP and later XNS was proprietary, did their best
>     to give
>     > hints to the Stanford development team (mostly me and my
>     graduate students
>     > during the 1974 campaign to specify TCP).
>     >
>     > It also helped that commonality and interoperability were key
>     desirable
>     > properties of the Internet system. These were the metrics by
>     which success
>     > was measured.
>     >
>     > That's all I have time for now - not sure this addresses your
>     questions
>     > squarely.
>     >
>     > v
>     >
>     >
>     > On Fri, Sep 1, 2023 at 2:14 PM Miles Fidelman
>     <mfidelman at meetinghouse.net>
>     > wrote:
>     >
>     >> Thanks Vint!
>     >>
>     >> To follow up, if I might - since you were there from the
>     beginning (I
>     >> landed at MIT in 1971, just before Ray's first email, and saw
>     how MIT
>     >> adopted ARPANET technology, then got to BBN in 1985, just in
>     time to help
>     >> split off the DDN - the period leading up to the Flag Day is mostly
>     >> anecdotal history for me)...
>     >>
>     >> I've long used the Internet as a model for how communities can
>     approach
>     >> infrastructure master planning - serving as the basis for our
>     work at the
>     >> Center for Civic Networking, running a growth planning exercise for
>     >> Cambridge, and later, in our work with communities around municipal
>     >> broadband.
>     >>
>     >> Now, I'm gearing up a new effort, focused on community-level
>     crowdsourcing
>     >> for major infrastructure overhaul (as is started to be mandated by
>     >> electrification ordinances).  The simple notion being that of
>     forming local
>     >> working groups, to run grand-challenge like exercises, design
>     charettes,
>     >> crowd funding for projects like a complete infrastructure
>     rebuild for a
>     >> condo complex (like the one I'm living in, and serving on the
>     board of).
>     >> How to pull such groups together remains a black art - and
>     insights from
>     >> the original model are always helpful.
>     >>
>     >> In that context, might you share some pithy observations of
>     significant
>     >> events in the early life of the ARPANET & Internet - how
>     various working
>     >> groups came together in the days following Lick's initial
>     posting to
>     >> ARPA/IPTO.  Who did what, to whom, leading to a bunch of folks
>     coming
>     >> together into ad hoc & ongoing working groups of various
>     sorts?  And, in
>     >> particular, what conditions/events provided impetus, urgency,
>     and built
>     >> momentum?
>     >>
>     >> Thanks Very Much,
>     >>
>     >> Miles
>     >>
>     >>
>     >>
>     >> vinton cerf wrote:
>     >>
>     >> TCP/IP came out of work that Bob Kahn and I did along with my
>     graduate
>     >> students at Stanford. But the INWG (slightly more formal
>     extension of NWG
>     >> when it became IFIP WG 6.1) contributed in a highly
>     collaborative fashion.
>     >> So did UCL and BBN in early implementation phases of TCP and
>     TCP/IP.
>     >>
>     >> I tend to associate NWG with Arpanet Host-Host Protocols (and
>     application
>     >> protocols)
>     >> and IAB (later IETF) with TCP/IP and associated applications
>     >>
>     >> v
>     >>
>     >>
>     >> On Wed, Aug 30, 2023 at 10:29 AM Miles Fidelman <
>     >> mfidelman at meetinghouse.net> wrote:
>     >>
>     >>> Well Vint might have a definitive voice on this.
>     >>>
>     >>> So... Vint,
>     >>>
>     >>> Would you consider TCP/IP to have been initiated by the NWG?
>     >>>
>     >>> What about SMTP - which originated as a late-night hack (that
>     eventually
>     >>> became SMTP)?  As I recall, that was initially announced via a
>     postal mail
>     >>> packet.
>     >>>
>     >>> Cheers,
>     >>>
>     >>> Miles
>     >>>
>     >>> vinton cerf wrote:
>     >>>
>     >>> +1
>     >>> v
>     >>>
>     >>>
>     >>> On Wed, Aug 30, 2023 at 9:57 AM Steve Crocker via
>     Internet-history <
>     >>> internet-history at elists.isoc.org> wrote:
>     >>>
>     >>>> Well...
>     >>>>
>     >>>> The original suite of protocols for the Arpanet -- NCP,
>     Telnet, FTP, et
>     >>>> al
>     >>>> -- were developed by the Network Working Group (NWG).  The
>     NWG evolved
>     >>>> over
>     >>>> the years into the IETF.  The formal creation of the IETF was
>     roughly
>     >>>> mid-1980s.  The process of formally declaring a protocol a
>     >>>> proposed/draft/(full) standard evolved over the years. 
>     Depending on how
>     >>>> precise you want to be about the existence of the IETF and the
>     >>>> formalization of protocols, I think you can make the case
>     either way.
>     >>>> From
>     >>>> my perspective, I would say the original suite of protocols
>     did indeed
>     >>>> originate in the (predecessor of) the IETF.
>     >>>>
>     >>>> Steve
>     >>>>
>     >>>> On Wed, Aug 30, 2023 at 12:48 PM Miles Fidelman via
>     Internet-history <
>     >>>> internet-history at elists.isoc.org> wrote:
>     >>>>
>     >>>>> Traditionally, protocols have never "originated" with the
>     IETF - they
>     >>>>> become standardized, and maybe standards through the RFC
>     process, under
>     >>>>> the IETF aegis.  Right back to the original DoD Protocol
>     Suite (did the
>     >>>>> IETF even exist when the DDN Protocol Handbook was first
>     printed?).
>     >>>>>
>     >>>>> Miles
>     >>>>>
>     >>>>> Brian E Carpenter via Internet-history wrote:
>     >>>>>> On 29-Aug-23 05:52, Miles Fidelman via Internet-history wrote:
>     >>>>>>> Dave Crocker via Internet-history wrote:
>     >>>>>>>> On 8/24/2023 4:07 PM, John Klensin via Internet-history
>     wrote:
>     >>>>>>>>> Probably a larger fraction of applications work has come
>     to the
>     >>>>>>>>> IETF already half-developed and in search of refinement and
>     >>>>>>>>> validation by
>     >>>>>>>>> the community
>     >>>>>>>> I'm sure there are examples, but I can't think of an
>     application
>     >>>>>>>> protocol that was originated in the IETF over, say, the
>     last 25
>     >>>> years,
>     >>>>>>>> that has seen widespread success.
>     >>>>>>>>
>     >>>>>>>> d/
>     >>>>>>>>
>     >>>>>>> Seems to me that HTTP remains under the IETF umbrella.
>     >>>>>> But it did *not* originate in the IETF. It actually
>     originated about
>     >>>>>> 20 metres horizontally and 3 metres vertically from my
>     office at
>     >>>> CERN,
>     >>>>>> more than a year before TimBL presented it at IETF 23 (I
>     was wrong a
>     >>>> few
>     >>>>>> days ago to assert that IETF 26 was Tim's first
>     attendance). The WWW
>     >>>> BOF
>     >>>>>> at IETF 26 was more than 2 years after HTTP was first
>     deployed, to my
>     >>>>>> personal knowledge.
>     >>>>>>
>     >>>>>>> Is it not the
>     >>>>>>> RFC process, and IANA, that actually matter, in the scheme of
>     >>>> things?
>     >>>>>> In the case of HTTP, it was running code that long preceded
>     both
>     >>>> rough
>     >>>>>> consensus and an RFC. I think this is completely normal and
>     still the
>     >>>>>> best method. Second best is code developed in parallel with
>     the spec.
>     >>>>>> Third best is OSI.
>     >>>>>>
>     >>>>>>      Brian
>     >>>>>>
>     >>>>>
>     >>>>> --
>     >>>>> In theory, there is no difference between theory and practice.
>     >>>>> In practice, there is.  .... Yogi Berra
>     >>>>>
>     >>>>> Theory is when you know everything but nothing works.
>     >>>>> Practice is when everything works but no one knows why.
>     >>>>> In our lab, theory and practice are combined:
>     >>>>> nothing works and no one knows why.  ... unknown
>     >>>>>
>     >>>>> --
>     >>>>> Internet-history mailing list
>     >>>>> Internet-history at elists.isoc.org
>     >>>>> https://elists.isoc.org/mailman/listinfo/internet-history
>     >>>>>
>     >>>> --
>     >>>> Internet-history mailing list
>     >>>> Internet-history at elists.isoc.org
>     >>>> https://elists.isoc.org/mailman/listinfo/internet-history
>     >>>>
>     >>>
>     >>> --
>     >>> In theory, there is no difference between theory and practice.
>     >>> In practice, there is.  .... Yogi Berra
>     >>>
>     >>> Theory is when you know everything but nothing works.
>     >>> Practice is when everything works but no one knows why.
>     >>> In our lab, theory and practice are combined:
>     >>> nothing works and no one knows why.  ... unknown
>     >>>
>     >>>
>     >> --
>     >> In theory, there is no difference between theory and practice.
>     >> In practice, there is.  .... Yogi Berra
>     >>
>     >> Theory is when you know everything but nothing works.
>     >> Practice is when everything works but no one knows why.
>     >> In our lab, theory and practice are combined:
>     >> nothing works and no one knows why.  ... unknown
>     >>
>     >>
>
>     -- 
>     Internet-history mailing list
>     Internet-history at elists.isoc.org
>     https://elists.isoc.org/mailman/listinfo/internet-history
>
>
>
> -- 
> Please send any postal/overnight deliveries to:
> Vint Cerf
> Google, LLC
> 1900 Reston Metro Plaza, 16th Floor
> Reston, VA 20190
> +1 (571) 213 1346
>
>
> until further notice
>
>
>



More information about the Internet-history mailing list