[ih] IETF relevance (was Memories of Flag Day?)
vinton cerf
vgcerf at gmail.com
Wed Sep 6 00:44:59 PDT 2023
DSA = digital services act
https://digital-strategy.ec.europa.eu/en/policies/digital-services-act-package
https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/digital-markets-act-ensuring-fair-and-open-digital-markets_en
DMA = Digital Markets Act
DSM = Digital Single Market
re; HIPAA, think Instant Messaging. Non-interoperable despite the existence
of Internet standards for same. Your analysis/complaint is spot on.
v
On Wed, Sep 6, 2023 at 12:37 AM Jack Haverty via Internet-history <
internet-history at elists.isoc.org> wrote:
> Hi Vint,
>
> Glad to see that the political world has joined the Internet team! It's
> good to see progress ... but I'm not sure it's in the traditional
> direction.
>
> I looked the summary at the GDPR info at gdpr.eu. They seem to be
> farther along than NIS2. I'm not sure what DMA or DSA are... Google
> suggests Democratic Socialists of America and Data Marketing
> Association. Sounds unlikely...
>
> What I see is a huge gap between the political and technical worlds of
> the Internet. The GDPR is responding to an important problem, and its
> solution is to legally mandate a host of "Data Protection Principles"
> and associated rules and laws. But there's no indication of what one
> must do to comply, such as a reference to any technology requirements
> (RFCs, Standards, whatever). How to comply is left up to the
> individual companies, governments, courts, lawyers, et al to figure out,
> and they may not be technically savvy.
>
> One concrete example....
>
> The GPRD site comments "GDPR compliance is easier with**encrypted
> email", but gives no indication of how to accomplish that.
>
> In the US, we've encountered a similar situation earlier, in the context
> of HIPAA (privacy constraints on medical information) as well as laws
> about financial information and services. There may be Internet
> technologies "on the shelf" that could be used to meet such
> requirements. Or if those technologies are insufficient, they could
> perhaps be modified to meet the needs. I don't believe HIPAA indicates
> how Internet Standards might be used to satisfy the legal requirements.
>
> Rather than researching through the "shelf" of Internet Standards, I
> suspect it was easier, for all the IT staffs associated with the medical
> and financial industries, to simply invent their own solutions, very
> simple, very understandable, and very easy to convince management (and
> the lawyers) that it satisfies the legal requirements.
>
> I just have my own data point, but I now have perhaps 10 to 20 separate
> and distinct "message" boxes, where I can get access to medical,
> financial, legal, governmental, and other such personal material via the
> Internet. Our classic Internet email system, i.e., SMTP et al, is used
> only to inform me that I have a message waiting inside their particular
> silo. I have to go there if I want to read it, reply, etc.
>
> So instead of one mailbox, I now have several dozen, all providing the
> same service as "Internet Email", but none interoperable with anything
> else.
>
> My email program claims to have the ability to handle encrypted email,
> cryptographically verified signatures, certificates, and such, and there
> are lots of RFCs/Standards describing mechanisms for secure email. I
> don't know why none of my legal, medical, or financial providers chose
> to use such "on the shelf" technologies. Perhaps they weren't aware of
> them, or don't see how to apply them, or have discovered they aren't
> sufficiently secure, or ??? Or perhaps it was just easier and less
> risky to create yet another email silo, relying only on HTTPS or a VPN
> to provide the required security to get to the silo. Or just require
> use of their own "app" on your smart device which can use whatever
> privacy or security mechanisms it chooses.
>
> A similar progression has occurred in video conferencing. Back in the
> dark ages of the Internet there was a lot of work on conferencing, with
> mechanisms such as the mBone functioning even with the limited network
> capacity we had in the 80s. Today there is quite powerful
> videoconferencing available, but as far as I can tell, each system is
> its own silo, not able to interact with any other. I don't know if any
> of those silos use or are based on any current or past Internet
> Standards or if each uses proprietary designs.
>
> So, although there is some movement to add regulations and some
> semblance of "control" on the Internet, I'm not confident it will result
> in the kind of interoperability that we strove for in the early days.
>
> I'll be pleased to be proven wrong!
>
> Jack Haverty
>
> **
>
>
> On 9/4/23 10:32, Vint Cerf wrote:
> > many regulations are in place or in development - the Internet has not
> > escaped. There is a major cybercrime treaty in negotiation for
> > example. The UN Global Digital Compact is in development. The
> > Europeans are imposing major rules that will like escape Europe and be
> > adopted or emulated elsewhere. Think of the GDPR, NIS 2, DMA, DSA, .....
> >
> >
> > v
> >
> > On Mon, Sep 4, 2023 at 1:23 PM Jack Haverty via Internet-history
> > <internet-history at elists.isoc.org> wrote:
> >
> > Two excellent observations about the early days! 1) Someone was in
> > charge and in control. 2) The goal was to make the system work
> > and be
> > actually used.
> >
> > Back in late 1981, you (Vint) asked me to take on the Gateway
> > Project at
> > BBN, explicitly to make the Internet operate as a 24x7 reliable
> > service,
> > following the lead that the Arpanet had developed over more than a
> > decade of operation as an infrastructure. More about that here
> > for the
> > curious:
> >
> https://elists.isoc.org/pipermail/internet-history/2019-November/005595.html
> >
> > That task could have been a research effort, producing protocols,
> > algorithms, and mechanisms documented in RFCs for anyone to use. But
> > there wasn't time to wait, so instead we just copied the
> > mechanisms of
> > the Arpanet, translating them into the world of TCP/IP. Much of the
> > Arpanet "management" technology wasn't well known or documented,
> > but by
> > locating the "Gateway Group" physically near the Arpanet control
> > center
> > (NOC), and recruiting some people from that world, it was possible
> > to do
> > "technology transfer" (a buzzword at the time). The Internet
> > acquired
> > "operations" tools by plagiarizing what had been working for years in
> > the Arpanet. That was the fastest way to "make it work".
> >
> > Separately, there were efforts, initiated by someone, to
> > orchestrate the
> > "Flag Day" on the Arpanet, to declare TCP/IP a DoD Standard, to
> > define
> > and implement a formal certification program for new TCP
> > implementations, and probably other efforts I never knew about.
> >
> > Someone was in charge, and someone was doing lots of things to
> > "make it
> > work".
> >
> > It wasn't perfect. Actually it was a bit chaotic IIRC.
> >
> > For example... Jon Postel took on the task of documenting TCP/IPV4
> > so it
> > could be referenced as a Standard. RFCs were released. DoD
> > declared
> > them mandatory for all military systems that involved communicating
> > computers.
> >
> > A bit later, at BBN we were assisting various pieces of the
> > government
> > in getting their computer systems up and running with their vendor's
> > brand-new, certified, standard TCPIPV4s. It was a big surprise to
> > discover that, although TCP/IP was there, none of the other
> > "tools" we
> > had been using for years had been implemented on those machines.
> >
> > Much of that missing functionality was called "ICMP", well
> > documented in
> > RFC 792. But only TCP/IP had been declared a DoD Standard.
> > Government
> > contractors, who had not been involved in the research community,
> > had to
> > implement the Standard. But the Standard didn't include ICMP.
> > So they
> > didn't implement it.
> >
> > That made it much more difficult to "make it work". For example,
> > without ICMP as the Internet's Swiss Army Knife, you couldn't even
> > "ping" a DoD Standard computer. I remember we raised quite a fuss
> > about that, and implementations started to appear. I'm not sure
> > if the
> > Standard was ever modified to require ICMP.
> >
> > Other things, like SNMP, were useful but also missing. Many people
> > apparently didn't consider ICMP and its cohorts to be part of TCP/IP.
> > We considered such technology essential to be able to "make it work".
> >
> > -----
> >
> > Looking back from 2023...
> >
> > IMHO, one of the inflection points occurred when the culture shifted
> > from "make it work" to "make money from the Internet".
> > Interoperability
> > (everyone can interact with everyone else) is part of "make it work",
> > and conformance to Metcalfe's Law (google it...). Silos
> > (everyone can
> > interact, as long as you stay in *our* silo) are (thought to be)
> > preferable for "make money".
> >
> > I wasn't very involved in the Internet growth as NSF joined and
> > later as
> > the first ISPs spun off to become commercial services. Perhaps
> > someone
> > remembers if they had any kind of "standards" or "certification"
> > involved as the culture shifted. E.g., was there a "FRICC
> > Standard" for
> > computers joining their 'nets? I recall there were AUPs
> > (Acceptable Use
> > Policies), at least at first. Did these "fade away" and turn
> > into "pay
> > us to get on the Internet and you can do whatever you want"?
> >
> > It's still puzzling (to me) that the Internet has become a global
> > infrastructure, and hasn't been surrounded by the web of regulations,
> > laws, codes, agencies, treaties, and such non-technical mechanisms
> > that
> > have developed around other infrastructures. Roads and vehicles,
> > electric power, marine activities, air transport, railroads, finance,
> > water, and even the air we breathe all have such mechanisms.
> >
> > Is the Internet different? Or just still too young to have accreted
> > such "management" mechanisms?
> >
> > Jack Haverty
> >
> > On 9/2/23 02:19, vinton cerf via Internet-history wrote:
> > > I have only a brief moment to respond. The Arpanet, PRNET,
> > SATNET, Internet
> > > sequence gets its primary stability from the sole source funding
> > of ARPA,
> > > initially, and the pooling of resources from other DoD
> > components using
> > > Arpanet. Arpanet was managed by BBN initially (later under
> > contract to DCA
> > > vs ARPA). It really helped that the Internet development funding
> > came from
> > > a single source. Decision making was largely in the hands of the
> > ARPA
> > > program managers, well-informed by the people doing the work. In
> the
> > > mid-1980s, ARPA, NSF, DOE and NASA collaborated through the Federal
> > > Research Internet Coordinating Committee (FRICC) made up of program
> > > managers from each agency. ESNET, NSINET and NSFNET joined
> > Arpanet as
> > > backbones of the Internet. Again, common purpose welded the
> > effort into a
> > > coherent whole. MERIT played a major role in the NSFNET
> > development which
> > > really elaborated on the multi-network aspect of Internet. MERIT
> > had to
> > > deal with scaling of the Internet to a dozen or more
> > intermediate level
> > > networks linked together through the NSFNET backbone. BGP came
> > out of that
> > > work and has scaled well - now needing more security from
> > abuse/mistakes.
> > >
> > > I think there was a common thread in all of this work: people
> > who were
> > > working on different aspects of the Internet and its constituent
> > networks
> > > really wanted this system to work. The goal was interoperability
> > linking so
> > > many different packet switched networks together. Even the Xerox
> > PARC team,
> > > whose work on PUP and later XNS was proprietary, did their best
> > to give
> > > hints to the Stanford development team (mostly me and my
> > graduate students
> > > during the 1974 campaign to specify TCP).
> > >
> > > It also helped that commonality and interoperability were key
> > desirable
> > > properties of the Internet system. These were the metrics by
> > which success
> > > was measured.
> > >
> > > That's all I have time for now - not sure this addresses your
> > questions
> > > squarely.
> > >
> > > v
> > >
> > >
> > > On Fri, Sep 1, 2023 at 2:14 PM Miles Fidelman
> > <mfidelman at meetinghouse.net>
> > > wrote:
> > >
> > >> Thanks Vint!
> > >>
> > >> To follow up, if I might - since you were there from the
> > beginning (I
> > >> landed at MIT in 1971, just before Ray's first email, and saw
> > how MIT
> > >> adopted ARPANET technology, then got to BBN in 1985, just in
> > time to help
> > >> split off the DDN - the period leading up to the Flag Day is
> mostly
> > >> anecdotal history for me)...
> > >>
> > >> I've long used the Internet as a model for how communities can
> > approach
> > >> infrastructure master planning - serving as the basis for our
> > work at the
> > >> Center for Civic Networking, running a growth planning exercise
> for
> > >> Cambridge, and later, in our work with communities around
> municipal
> > >> broadband.
> > >>
> > >> Now, I'm gearing up a new effort, focused on community-level
> > crowdsourcing
> > >> for major infrastructure overhaul (as is started to be mandated by
> > >> electrification ordinances). The simple notion being that of
> > forming local
> > >> working groups, to run grand-challenge like exercises, design
> > charettes,
> > >> crowd funding for projects like a complete infrastructure
> > rebuild for a
> > >> condo complex (like the one I'm living in, and serving on the
> > board of).
> > >> How to pull such groups together remains a black art - and
> > insights from
> > >> the original model are always helpful.
> > >>
> > >> In that context, might you share some pithy observations of
> > significant
> > >> events in the early life of the ARPANET & Internet - how
> > various working
> > >> groups came together in the days following Lick's initial
> > posting to
> > >> ARPA/IPTO. Who did what, to whom, leading to a bunch of folks
> > coming
> > >> together into ad hoc & ongoing working groups of various
> > sorts? And, in
> > >> particular, what conditions/events provided impetus, urgency,
> > and built
> > >> momentum?
> > >>
> > >> Thanks Very Much,
> > >>
> > >> Miles
> > >>
> > >>
> > >>
> > >> vinton cerf wrote:
> > >>
> > >> TCP/IP came out of work that Bob Kahn and I did along with my
> > graduate
> > >> students at Stanford. But the INWG (slightly more formal
> > extension of NWG
> > >> when it became IFIP WG 6.1) contributed in a highly
> > collaborative fashion.
> > >> So did UCL and BBN in early implementation phases of TCP and
> > TCP/IP.
> > >>
> > >> I tend to associate NWG with Arpanet Host-Host Protocols (and
> > application
> > >> protocols)
> > >> and IAB (later IETF) with TCP/IP and associated applications
> > >>
> > >> v
> > >>
> > >>
> > >> On Wed, Aug 30, 2023 at 10:29 AM Miles Fidelman <
> > >> mfidelman at meetinghouse.net> wrote:
> > >>
> > >>> Well Vint might have a definitive voice on this.
> > >>>
> > >>> So... Vint,
> > >>>
> > >>> Would you consider TCP/IP to have been initiated by the NWG?
> > >>>
> > >>> What about SMTP - which originated as a late-night hack (that
> > eventually
> > >>> became SMTP)? As I recall, that was initially announced via a
> > postal mail
> > >>> packet.
> > >>>
> > >>> Cheers,
> > >>>
> > >>> Miles
> > >>>
> > >>> vinton cerf wrote:
> > >>>
> > >>> +1
> > >>> v
> > >>>
> > >>>
> > >>> On Wed, Aug 30, 2023 at 9:57 AM Steve Crocker via
> > Internet-history <
> > >>> internet-history at elists.isoc.org> wrote:
> > >>>
> > >>>> Well...
> > >>>>
> > >>>> The original suite of protocols for the Arpanet -- NCP,
> > Telnet, FTP, et
> > >>>> al
> > >>>> -- were developed by the Network Working Group (NWG). The
> > NWG evolved
> > >>>> over
> > >>>> the years into the IETF. The formal creation of the IETF was
> > roughly
> > >>>> mid-1980s. The process of formally declaring a protocol a
> > >>>> proposed/draft/(full) standard evolved over the years.
> > Depending on how
> > >>>> precise you want to be about the existence of the IETF and the
> > >>>> formalization of protocols, I think you can make the case
> > either way.
> > >>>> From
> > >>>> my perspective, I would say the original suite of protocols
> > did indeed
> > >>>> originate in the (predecessor of) the IETF.
> > >>>>
> > >>>> Steve
> > >>>>
> > >>>> On Wed, Aug 30, 2023 at 12:48 PM Miles Fidelman via
> > Internet-history <
> > >>>> internet-history at elists.isoc.org> wrote:
> > >>>>
> > >>>>> Traditionally, protocols have never "originated" with the
> > IETF - they
> > >>>>> become standardized, and maybe standards through the RFC
> > process, under
> > >>>>> the IETF aegis. Right back to the original DoD Protocol
> > Suite (did the
> > >>>>> IETF even exist when the DDN Protocol Handbook was first
> > printed?).
> > >>>>>
> > >>>>> Miles
> > >>>>>
> > >>>>> Brian E Carpenter via Internet-history wrote:
> > >>>>>> On 29-Aug-23 05:52, Miles Fidelman via Internet-history wrote:
> > >>>>>>> Dave Crocker via Internet-history wrote:
> > >>>>>>>> On 8/24/2023 4:07 PM, John Klensin via Internet-history
> > wrote:
> > >>>>>>>>> Probably a larger fraction of applications work has come
> > to the
> > >>>>>>>>> IETF already half-developed and in search of refinement and
> > >>>>>>>>> validation by
> > >>>>>>>>> the community
> > >>>>>>>> I'm sure there are examples, but I can't think of an
> > application
> > >>>>>>>> protocol that was originated in the IETF over, say, the
> > last 25
> > >>>> years,
> > >>>>>>>> that has seen widespread success.
> > >>>>>>>>
> > >>>>>>>> d/
> > >>>>>>>>
> > >>>>>>> Seems to me that HTTP remains under the IETF umbrella.
> > >>>>>> But it did *not* originate in the IETF. It actually
> > originated about
> > >>>>>> 20 metres horizontally and 3 metres vertically from my
> > office at
> > >>>> CERN,
> > >>>>>> more than a year before TimBL presented it at IETF 23 (I
> > was wrong a
> > >>>> few
> > >>>>>> days ago to assert that IETF 26 was Tim's first
> > attendance). The WWW
> > >>>> BOF
> > >>>>>> at IETF 26 was more than 2 years after HTTP was first
> > deployed, to my
> > >>>>>> personal knowledge.
> > >>>>>>
> > >>>>>>> Is it not the
> > >>>>>>> RFC process, and IANA, that actually matter, in the scheme of
> > >>>> things?
> > >>>>>> In the case of HTTP, it was running code that long preceded
> > both
> > >>>> rough
> > >>>>>> consensus and an RFC. I think this is completely normal and
> > still the
> > >>>>>> best method. Second best is code developed in parallel with
> > the spec.
> > >>>>>> Third best is OSI.
> > >>>>>>
> > >>>>>> Brian
> > >>>>>>
> > >>>>>
> > >>>>> --
> > >>>>> In theory, there is no difference between theory and practice.
> > >>>>> In practice, there is. .... Yogi Berra
> > >>>>>
> > >>>>> Theory is when you know everything but nothing works.
> > >>>>> Practice is when everything works but no one knows why.
> > >>>>> In our lab, theory and practice are combined:
> > >>>>> nothing works and no one knows why. ... unknown
> > >>>>>
> > >>>>> --
> > >>>>> Internet-history mailing list
> > >>>>> Internet-history at elists.isoc.org
> > >>>>> https://elists.isoc.org/mailman/listinfo/internet-history
> > >>>>>
> > >>>> --
> > >>>> Internet-history mailing list
> > >>>> Internet-history at elists.isoc.org
> > >>>> https://elists.isoc.org/mailman/listinfo/internet-history
> > >>>>
> > >>>
> > >>> --
> > >>> In theory, there is no difference between theory and practice.
> > >>> In practice, there is. .... Yogi Berra
> > >>>
> > >>> Theory is when you know everything but nothing works.
> > >>> Practice is when everything works but no one knows why.
> > >>> In our lab, theory and practice are combined:
> > >>> nothing works and no one knows why. ... unknown
> > >>>
> > >>>
> > >> --
> > >> In theory, there is no difference between theory and practice.
> > >> In practice, there is. .... Yogi Berra
> > >>
> > >> Theory is when you know everything but nothing works.
> > >> Practice is when everything works but no one knows why.
> > >> In our lab, theory and practice are combined:
> > >> nothing works and no one knows why. ... unknown
> > >>
> > >>
> >
> > --
> > Internet-history mailing list
> > Internet-history at elists.isoc.org
> > https://elists.isoc.org/mailman/listinfo/internet-history
> >
> >
> >
> > --
> > Please send any postal/overnight deliveries to:
> > Vint Cerf
> > Google, LLC
> > 1900 Reston Metro Plaza, 16th Floor
> > Reston, VA 20190
> > +1 (571) 213 1346
> >
> >
> > until further notice
> >
> >
> >
> --
> Internet-history mailing list
> Internet-history at elists.isoc.org
> https://elists.isoc.org/mailman/listinfo/internet-history
>
More information about the Internet-history
mailing list