Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
The Internet

Vint Cerf Talks About Internet Changes 199

Some of your questions for Dr. Cerf (Vint to most people) were technical, and some were political. All discussions of Internet policy end up being a mix of the two, it seems, and Vint is heavily involved with both (although I'd have to say not only from his answers here but also from personal conversation he and I have had that his main interest is the technical side).

1) What do you think about Anonymnity?
by Planesdragon

Although there's a certain moral argument to an individual's right to privacy, there's also a statistical argument that people simply act irresponsibly when given anonymnity.

What's your take on anonymnity in the internet? Is a good thing? A bad thing? Just a thing not worth talking about?

Vint:

Anonymity is very much worth talking about. The right to privacy is sometimes manifested as a right to anonymity. Window shopping and cash transactions should not require one to reveal identity - and many people feel the same about surfing the net. In some cases, it might be argued that it is sufficient merely to protect 3rd party access to identity information but to require network users to reveal identity. In cases where whistle-blowing is at issue, or reporting of some kind of crime, anonymity may be important to protect. However, the same protection can also lead to potential abuse, as you suggest above. The ability to exploit anonymity, rather than to be legitimately protected by it, creates a genuine conundrum. So this is indeed worth talking about - I'd be interested in your further thoughts.

2) DRM?
by GreyWolf3000

What is your perspective on DRM? Specifically, do you think that the Fritz chip, Palladium, and lobbying of the MPAA/RIAA, will change the Internet fundamentally? Can the Internet be tamed at this point? If so, do you find this DRM and such to infringe upon fair use? Is there legitamacy to the common fear that in the future, computers themselves, in order to gain access to the Internet, will have so many restrictions that the Internet itself will begin to suffer from it?

Vint:

I am very concerned about legal policies that are either technically unenforceable or which would have the effect of crippling an entire genre of digital technology. Some of the DRM positions, such as those expressed in the Digital Millennium Copyright Act, that make it illegal to study and publish information about cryptographic methods that might be used to protect intellectual property, are unrealistic and fundamentally unsound. Your concerns strike me as well-founded. While I do believe that techniques for protecting intellectual property are desirable, I am troubled by arguments that essentially make it impossible to allow SOME information to be freely shared, if the parties producing it so desire. The Internet is a big tent and should be able to support many different models of operation ranging from highly protected information to completely open information.

3) Commercial Email's Early Days
by ekrout

As vice president of MCI Digital Information Services from 1982-1986, you led the engineering of MCI Mail, the first commercial email service to be connected to the Internet.

As most engineers know, we have to make some sacrifices with every project and get rid of certain features that we had hoped would be there but cannot due to monetary constraints, etc.

Could you explain some of the more difficult decisions you had to make as the head of this particular project? Moreover, was there ever a point in the project where no one thought the final product was viable?

Vint:

This project had its beginnings in late 1982. One of the most difficult decisions that Dave Crocker and I faced in the design of the underlying technology was the departure from linear addressing to allow for multiline "addresses" in MCI Mail. We had undertaken to allow people to send to email targets within the MCI Mail subscriber community, send to postal addresses, to non-MCI Mail destinations (e.g. CompuServe), to Telex destinations and (later) to FAX destinations. We departed from the classical linear addressing structure of Internet email and it took several months of debate before we concluded it was important to accommodate these multiline address structures.

We tried to get the contractors involved (HP, Digital Equipment Corporation, American Management Systems, etc) to use TCP/IP, but you can imagine that Internet and TCP/IP were completely unknown to these parties - as it had only been "rolled out" on a broad scale on the ARPANET on 1/1/1983! So we ended up having to use X.25 and a variety of proprietary protocols developed specifically for MCI Mail for lack of commercial support for TCP/IP.

Email was not well-known in the business sector when we were launching MCI Mail (Sept 27, 1983) and it was hard going to convince business people to use it. We linked MCI Mail to CompuServe as part of the roll-out of MCI Mail, seeking to make MCI Mail more useful by expanding its "connectivity". Generally, it would take from 1983 to 1992 before email became a widely appreciated service in the business world.

4) TCP/IP
by sdjunky

considering your work with TCP/IP protocols what would you change now that you can look back retrospectively to how it has been used/misused. What would you incorporate into designs now that weren't even thought of at the time that TCP/IP was created?

Vint:

I suppose I wish I had decided on a larger address space than 32 bits! (that decision was made in 1977 after a year of argument about it). Moreover, I now believe that it would have been wise for us to incorporate into the design principles the notion that every end unit ("thing with an IP address") has a way to "authenticate" itself to any other end unit. As it stands now, these end devices have to declare their own IP addresses and that leads to an architectural opportunity for deception and spoofing. In addition to that, I wish there had been some opportunity to develop end/end cryptographic methods such as IPSEC to increase the confidentiality of information passing through the net. Ironically, beginning in 1975 I began work on a secured version of Internet with the National Security Agency. Because the details of this design were classified, none of this design could be shared with the uncleared developers at universities and industry engaged in the unfolding design of the Internet.

5) Negatives of the 'Net
by Dirk Pitt

Of all the Internet has evolved to be, in what aspect of it are you the most disappointed?

Vint:

That's a difficult question. Spam, pornographic and hate web sites, the collision of domain names with trademarks, the desire of some authorities to engage in censorship are all examples of aspects of the Internet that I find disappointing. The countervailing examples of enormously valuable information sharing and applications on the Internet seem to me to more than make up for these shortcomings. Generally speaking, the more the Internet becomes infrastructure for all parts of our complex, global society, the more we are likely to see all aspects of that society reflected in the Internet - one has to be realistic about the diversity of the population of users of the net.

6) The most surprising thing?
by zero110

Of all of the surprising uses that people have invented for the Internet, which surprised you the most (good or bad)?

Vint:

I think what surprised me most was the avalanche of content that flowed into the Internet after the invention of the WWW by Tim Berners-Lee and the subsequent rapid deployment of Marc Andreessen's Mosaic implementation of the WWW followed by Netscape Navigator and Internet Explorer and many other web implementations and applications. Of course, the incredible range of content on the net was equally surprising (or disappointing - see above). Internet radio, video and instant messaging were not surprises because the concepts had been around since the late 1960s and early 1970s but when millions of people have access to these facilities and use them, the ensemble takes on characteristics that are hard to predict based on smaller scale deployments of these capabilities of the past.

7) Internet Governance
by cleetus

The internet, in order to work even at the most basic technical level, needs some standards; some governance. What do you think is the proper scope of that governace/standard setting, who are the constituents, and what are the proper mechanisms for governing?

How do they differ from what we have to day? On the whole, are you optimistic or pessimistic about all this?

Vint:

It is plain that we need standards to assist in making billions of interacting systems compatible - and the voluntary standards developed in the IETF and many others developed by various bodies seem to have been effective means by which this interoperability has been effected. I would distinguish technical standards from the far more general term "governance". That term covers a multitude of issues well beyond technical interoperability. Your question is phrased in a way that leads me to wonder whether you are mixing technical standards development and the legal framework in which the Internet functions. If you meant only to focus on the governance of the standards process, I would submit that the open procedures of the Internet Engineering Task Force have served the community of Internet users and providers well for many years.

I continue to be optimistic that we will sustain and evolve workable mechanisms both for standards development and for the general governance of the Internet, largely in the belief that the system is too valuable not to get the support it needs to satisfy both needs.

by Evro

Did you ever respond to this message from John Gilmore, which asks why you sided against Karl Auerbach, who (to the best of my knowledge) sought to gain access to ICANN's financial documents? From what I can tell, ICANN's only motivation is to make ICANN more influential (i.e. for its directors to line their own pockets). Given that ICANN is technically a nonprofit organization, this doesn't seem very ethical. Anyhow, the email text is below:

Date: Tue, 19 Mar 2002 14:26:26 -0800
From: John Gilmore
Subject: Re: ICANN: Auerbach's Allegations Off Target
To: vcerf@mci.net, gnu@new.toad.com



> "Karl paints this as a dispute between him and ICANN management, but
> nothing could be further from the truth," noted Board chairman Vint Cerf.
> "ICANN management is merely carrying out its obligation to follow the
> wishes of the Board as a whole rather than follow the dictates of any
> single Director."

Hi, Vint.

I haven't wanted to disrupt our friendship, so I've held off a long time in telling you what I think about how you are leading ICANN. That's why this message is a little longer than it needs to be; I'm saying things that I've been bottling up for a while.

I don't want to be considered a friend of what you now stand for.

You are on the wrong side of this issue, as you have been on the wrong side of many issues regarding ICANN. If ICANN has secrets about who it is doing backdoor favors with, those *should* be made public. And you, as Chairman, as the most prominent and trusted board member, and as the architect of the openness that should still be in the Internet, should have been way ahead of Karl Auerbach in making them public.

Even if those secrets are never made public, or even if there are no terrible secrets inside ICANN, the activities of ICANN MUST be available to every person on the Board of Directors. Without restriction, without delay, without subversion. By law, and for good reasons.

You have been a rubber stamp for many corrupt ideas out of Network Solutions, Verisign and ICANN ever since your election. When I complained to you in the past, such as when the NSI contract was amended to give them a perpetual monopoly, you said that there was nothing else that you could do. I disagreed with that sentiment then, and I disagree with it now. You could have left the contract the way it was, rather than amend it. You don't even have to make things better to keep my respect; you could keep things from getting worse. But you continue to choose to make things worse. Now you are defending ICANN's lack of openness even with its own elected directors!

ICANN was created to promise openness, transparency, accountability, and competition. It has provided none of those, and actively works every month to reduce what little it has provided. You have worked with it to eliminate, rather than create, those promises.

Opening whatever squirming can of worms that is calling the shots at ICANN is what is needed. I can see that ICANN management is terrified that directors from outside the old-boy network might actually find out the details of what ICANN does day by day. They have eliminated any future threat of that, by eliminating outside directors after this term. And they are delaying the current directors' access to information, in the hope that they can permanently avoid outside scrutiny.

I've been a director of several California corporations. I've read that part of the law myself. I've invoked it in a couple of occasions. I contributed significant funding for Karl's lawsuit. Karl is right and you and the ICANN staff are wrong. And now I find you lying about it in a press release. "ICANN management is merely carrying out its obligation to follow the wishes of the Board as a whole..." ICANN *management* instigated those policies, the board didn't. The board has never even considered them.

Virtually everyone at EFF has been looking for ways that we could help to open ICANN and get it to do what it was chartered to do. I've had to hold them back for years, telling them that participation was a waste of our scarce time -- and that no matter how much time they put in, ICANN would have to get really bad before it would ever get better. I put two years of my own life into the domain-name issues, with CORE. It became clear that the strings were being pulled behind the scenes, because the right answers were relatively obvious, yet the wrong answers got approved, providing billions of dollars of benefit to certain parties with heavy ties to the US military. Rather than ICANN making open decisions and using transparent processes, whoever pulls those strings is still controlling what happens. But under ICANN, the process is even murkier and further hidden from public scrutiny. And you're helping.

All the way back at the start of ICANN, EFF and I proposed amendments that would provide a "Bill of Rights" and a "Sunshine Act" and a "Freedom of Information Act" in ICANN's Bylaws. These were all summarily rejected. ICANN does not give a damn about the fundamental rights of citizens or Internet users. It does not want to operate in. the sunshine. And it does not want information about what it's doing to be made available even to its own directors, let alone to the public. Give me one good reason why such an organization should get even a millisecond more of your support -- or anyone's.

The law gives directors an "absolute right" because directors exist to be INDEPENDENT OF and SUPERIOR TO the management. Each and every director has a separate duty to the company; each one carries it out in their own. way. The Board cannot prevent any board member from merely inquiring into the state of the company. The Board cannot condition any board member's inquiry on agreement to a set of arbitrary terms. Nor can the management. This is not only a good idea -- it's the law.

ICANN is going down, one way or another. Either it will go down like East Germany, with a peaceful transition to governance responsive to the public will, or it will go down like Japan, with big bombs dropped on it. ICANN has lost all semblance of credibility and merely seeks to entrench its unaccountable power.

I have absolutely no idea what you are doing leading that megalomaniac, unaccountable, unresponsive, anti-expression, anti-public-interest organization. Did they take your kids hostage? Did you sell your soul for a mess of pottage? What hold do they have over you?

I used to think much better of you than this, Vint. You can see that even now I'm grasping at straws rather than believe that YOU are one of the megalomaniacs. But the evidence continues to pile up, and I'm afraid it's true. I don't want to be the friend of such a person. I'll see you from the other side of the courtroom. Bye.

John

Vint:

I did not respond to John's letter.

If you think that the directors of ICANN or its staff have any opportunity to "line their pockets" you need to look more carefully at the facts. None of the directors are compensated for their work by ICANN - except for reimbursement for travel expenses and many of the directors pay their own travel costs (or their companies do).

In accordance with the court order arising from Karl's lawsuit, ICANN has released to Karl all the information he has requested, as far as I am aware. The basic dispute was NOT that the information should not be released to Karl but rather whether Karl had absolute discretion to decide what information could be released on the public. ICANN deals with proprietary information supplied by various domain name service providers, for example, and the dispute, as I understood it, revolved around how confidential information would be protected, once released to any director.

I do not agree with John's characterization of ICANN. There is an enormous amount of information that ICANN puts on its web site about all of its activities. Compared to most non-profits, ICANN is far more transparent and provides a remarkable degree of opportunity for inputs from all quarters. Even reasonable people can disagree about such things and in this, John and I plainly see things differently.

9) IPv6?
by Ransak

We've heard the hype and the 'plans' to move to IPv6 for years now, but the USA seems fairly complacent at IPv4. Do you see IPv6 becoming a reality in the near future (2 to 3 years), and from a high perspective, what do you think (besides the obvious running out of addresses) could spur the movement? Or should we not move at all, and depend on network address translation more?

Vint:

Generally I think the pressure will build only when there are a large number of IPv6 enabled devices entering into Internet space (Internet-enabled cell phones, PDAs, set-top boxes, other consumer devices, etc). People often speculate about "killer applications" for IPv6 but I generally believe that the simple availability of large amounts of address space and ease of configuration (plug and play) will be considered sufficiently significant advantages. The mixed IPv4/IPv6 environment will not be an easy one to manage - and Network Address Translation devices that today are used to "stretch" the use of IPv4 space may prove necessary to act as a bridge from an all-IPv4 world to an all (or mostly) IPv6 world. I think it will be 2-3 years before IPv6 has significant penetration but by 2005 I expect to see that happen. There has been substantial progress in implementing IPv6 in Japan and a notable "push" for it in Europe. The slogan "6 by 6" has emerged as a kind of challenge to get to significant deployment of IPv6 by 2006. In a few years, we will know whether this is realistic or not.

10) An internet of the people, or for the people?...
by tekrat

Back when the internet (as we now it) was being developed, it was a government military project.

Vint:

well, it was funded by the US Defense Advanced Research Projects Agency but it was designed by graduate students at research Universities or research Institutions in the US, England, Norway, Germany and Italy.

However, after the internet revolution (of the early 90's) freed it from being Arpa-Net, we had a "golden age" where anyone could connect, and anyone with enough technical know-how could run a server and become a permanent part of the system.

well, actually, ARPANET was separated into ARPANET (bis) and MILNET around 1983 when Internet was first deployed. Commercial use came around 1989. ARPANET was retired in 1990 and NSFNET in 1995. It was open to virtually anyone with the advent of commercial access and service.

But now we see a day looming in the future where large media conglomerates control it all through draconian service agreements that dis-allow private individuals to run servers in their homes, as well as "linking lawsuits", and patents of obvious business methods, all resulting in an internet where the vast majority of the people can only passively view information rather than interactively take part in providing information.

There are a number of such issues associated with the commercial spread of the Internet - however I don't agree with your conclusion that the majority of people cannot contribute information. My impression is that many ISPs offer opportunities to put information on managed web sites. I think running servers at home is still largely not for the general public but that this will change as servers become more simple to operate and configure (plug and play). Moreover, Internet access providers will seek to offer symmetric, high capacity gigabit ethernet services because this is a most efficient way of servicing a wide range of customer needs.

Do you think it's a "good thing" for everyone to run servers (an internet of the people), or do you believe that it's better for the government and corporations to control the flow of information to citizens (an internet for the people).

I think we will see value in both - moreover, until there is ample, symmetric capacity, users will probably prefer that their server sites be operated by outsourcers and even when home servers seem natural, users may prefer to leave their operation to specialists.

While it seems an obvious choice, remember that the situation we have now, where the internet is the "wild west" and mailboxes are littered with spam, and internet rumours become accidental news stories, is a direct result of an internet "of the people".

So there are pros and cons either way. Basically the question boils down to "do you prefer the wild west" versus "do you prefer a controlled, moderated internet?"

I think if I had to choose, I would prefer the more open environment but I also appreciate the need for legal frameworks and shared practices that are predictable. No one really likes surprises from the Internet Service Providers, for example.

- Vint

This discussion has been archived. No new comments can be posted.

Vint Cerf Talks About Internet Changes

Comments Filter:
  • right on the nose. (Score:3, Interesting)

    by dildatron ( 611498 ) on Wednesday October 09, 2002 @11:20AM (#4417220)
    "Spam, pornographic and hate web sites, the collision of domain names with trademarks, the desire of some authorities to engage in censorship are all examples of aspects of the Internet that I find disappointing."

    It is too sad that this is what MOST of the internet is. There is a lot of good content, but there is 30 metric assloads of pr0n and spam. It is too bad we have to be weary about what we click on, especially at work.

    (on an unrelated side note: has anyone else noticed that Google has been pretty slow the last two days? Anyone know why?)
    • by gorilla ( 36491 ) on Wednesday October 09, 2002 @11:29AM (#4417284)
      The only reason that there is metric assloads of pr0n is because that's what a lot of people are interested in. So it's not really a comment on the Internet, it's a comment on human nature.
      • by dildatron ( 611498 ) on Wednesday October 09, 2002 @11:36AM (#4417319)
        So by your rationale (and I'm not saying you're incorrect), is there an assload of spam because that's what people are interested in? Or is it just because a few "bad apples" use it to sell stuff by blanketing huge populations with advertisements and reaping the profits from the very small percentage that buys the stuff?

        I am sure spam must be profitable, but I don't think the majority of the internet users are interested in it. Rather, I think it is so easy to do, that it only takes a small percentage of people to respond to make a profit. Just my thoughts.
        • by Jester99 ( 23135 ) on Wednesday October 09, 2002 @12:08PM (#4417532) Homepage
          Porn represents ~5% of the actual content (by bytes) of internet data. At least in the pre-Napster days (I don't know how that skews these stats), but porn (again, excluding mp3s) represents 95% of bandwidth transfer.

          Porn is one of the few web-content industries that has been profitable from the start. The other was eBay.
          • by op00to ( 219949 )
            Uhh, can we see some references for your figures? REAL academic references...
            • by Anonymous Coward
              I'm curious so I googled (sorry no academic indices handy) and found this newspaper story [usatoday.com]. It's outdated, but supports the less than 5% percentage contention.

              For more recent data you can consult this study [nap.edu] from the Computer Science and Telecommunications Board. It suggests that only 1.5% of web sites are devoted to the porn industry. This is a pain to browse, but informative. You'll find the details in chapter 3.
        • > So by your rationale (and I'm
          > not saying you're incorrect),
          > is there an assload of spam

          No, his comment was directed toward Porn, not spam. Despite the parent's lumping them together, he didn't.

          The difference is 'pull' vs. 'push'
          • Definatly. Spam is pushed, so a small number of people can (and do) account for a huge amount of spam. Websites are pulled, so a website can only exist if it covers it's bills. For a small website on say someone's cats [monkeespage.com], the bills are effectivly zero, but then so's the interest. For any pr0n site, the demand is so large that effectively every pr0n site is commerical.
            • by Dudio ( 529949 )
              I would characterize it like this: pr0n exists because of demand-side forces (i.e. people want it and are willing to pay for it). Spam exists because of supply-side forces (i.e. businesses want to send it and are willing to pay to do so). The fundamentals are very similar; it's just a matter of which side of the supply/demand curve pays for it.
        • So by your rationale (and I'm not saying you're incorrect), is there an assload of spam because that's what people are interested in?

          I don't think that's what he was saying. He was specifically talking about why there's so much porn. I could be wrong, but I don't think he meant his statement explain everything that's on the internet in abundance. I think he was just trying to explain the abundance of porn. Consumer demand, clearly would be insufficient explanation for the abundance of spam, as you point out.

      • Well, also a pr0n sites take up lots of space due to videos (way more than a corporate site), plus they tend to have lots of boxes up for redirection (if they redirect you enough before getting to the site, if you click 'back' you'll get taken back to a url that redirects), and other little silly games. Plus IP address games are important to make it hard to figure out where exactly you're connected to (frames being hosted on entirely different servers). I'd venture that this skews estimates of pr0n/war3z and their prevalence significantly on accounts of IP addresses and hard drive space.
      • by SquadBoy ( 167263 )
        You are dead on right thanks so much. The fact of the manner is the Internet is just another way of publishing information. A powerfull and cool way to publish but at the end of the day just another way to publish and anytime you let the great unwashed masses publish anything in any medium this is what you will get. has nothing to do with the Internet has more to do with the fact that people suck.
        • anytime you let the great unwashed masses publish anything in any medium this is what you will get. has nothing to do with the Internet has more to do with the fact that people suck.

          Well, yes, I guess if you want to get technical they suck quite a bit... I would hope they wash up before they do it though, I mean if they're going to be taking pictures.

          Seriously though, do you really think people photographing each other naked is "sucky" in any way other then as a bad pun?
    • It is too bad we have to be weary about what we click on, especially at work.

      My thoughts exactly. There's a good essay on the subject here. [hick.org]
    • It's called supply and demand. They want porn, someone will give them porn. They want lots of porn, someone will give them lots of porn.
    • by iSwitched ( 609716 ) on Wednesday October 09, 2002 @11:41AM (#4417342)
      I'm hoping that he is referring to illegal pornography as well as the questionable tactics of legal porn operations. However the existence of legal pornography on the Internet, as one poster already mentioned, is a reflection of demand by Internet users. It is not in and of itself, a disappointing use of the Internet.

      Any student studying modern business in school today should be *studying* the porn phenomenon on the Internet - it is one of the most perfect examples of capitalism, and the economic law of "supply and demand", that the Internet has to offer!

      Or, to put it in more familiar terms:

      1) Install Server
      2) Take photos of naked people
      3) Profit!
      • Absolutely. I've been using the Net since before the Web, even, and I've tried to make a go of several businesses online. The only one that took (and REALLY took) was porn. I'd love to make my living doing something else online, but there's not the same interest in most other subjects as there is in porn. So, while porn pays my bills, here's to hoping that I can eventually do something else online (and still pay for my servers and bandwidth).
      • or back to email... IMHO there's a PhD thesis waiting for someone to study email joke propagation on the Internet and find some sort of sociological relevance to it. After all, someone got a PhD out of the Six Degrees of Kevin Bacon, and they drew computer networking conclusions out of that one.

        Maybe the TLA (insert favorite one, here) could get involved. Sooner or later Al Qaeda is going to wise up to traffic analysis. Maybe the next way to try and hide communications would be coded and/or steganographic messages in jokes or spam.
      • It is not in and of itself, a disappointing use of the Internet.

        Not to you. To a person who considers porn immoral, and wants to see other people act morally, it is very disapointing. I don't know his stance on such things, but the question was what was disapointing to him. Your ability to effectively argue that he shouldn't be disapointed by it has nothing to do with wether he is or not.
    • by Zeinfeld ( 263942 ) on Wednesday October 09, 2002 @11:45AM (#4417364) Homepage
      "Spam, pornographic and hate web sites, the collision of domain names with trademarks, the desire of some authorities to engage in censorship are all examples of aspects of the Internet that I find disappointing."

      The pron is one of the reasons to be optimistic about the Internet.

      Vint is pretty conservative for an Internet revolutionary. He sees the Internet mainly in US-centric terms.

      Those of us who came from outside the US tend to have a rather more international perspective. The impact of the Web on the US was never going to be half as dramatic as its effect on third world dictatorships.

      There is nothing that can destroy the so-called morals of a country like Saudi Arabia or Taliban controlled Afghanistan faster than an unlimited supply of high quality porn. conservatives know that to control women they have to control sexuality.

      Whatever ill effects that Internet porn has had on the developed world, it is outweighed by breaking down censorship in the undeveloped world. Think of the Web as a global samizdatt movement that uses porn as the bait.

      The Internet has also had positive effects in the developed world. The prudish censorship laws imposed under the Tory governments have been largely overturned over the past few years.

      • "There is nothing that can destroy the so-called morals of a country like Saudi Arabia or Taliban controlled Afghanistan faster than an unlimited supply of high quality porn."
        You are incorrect. As the Taliban have learned, fucking with the USA* is a MUCH faster path to destruction than porn would have been.

        *This should say, "allowing people who want to fuck with the USA to keep headquarters in your country", but that is basically the same thing and it doesn't have as much of an impact.


      • When you control the mail, you control... information!!
    • "It is too sad that this is what MOST of the internet is. There is a lot of good content, but there is 30 metric assloads of pr0n and spam. It is too bad we have to be weary about what we click on, especially at work."

      If it wasn't for 30 metric assloads of pr0n, I don't think my dad would have been so eager to get my computer 'on-line'.
    • by PD ( 9577 ) <slashdotlinux@pdrap.org> on Wednesday October 09, 2002 @11:56AM (#4417436) Homepage Journal
      I see the explosion of porn on the Internet to be mostly a positive thing. Before the Internet, porn was under constant attack everywhere. A lot of busybodies interjected themselves into the bedrooms of others, telling adults what they can and cannot do between themselves in the privacy of their own homes. In Austin TX where I live, it's still illegal for someone to own more than 6 dildos. Why? Who's business is it to tell another what they can put in what hole?

      Porn on the Internet is the #1 example of technology allowing a minority of people to assert their rights as adult human beings to do what they want with their own bodies and their own homes. Porn on the Internet has improved our country and our government a great deal, because I measure how good a country is not by how well it protects the majority, but how well it protects the minority.

    • HEY! (Score:5, Insightful)

      by autopr0n ( 534291 ) on Wednesday October 09, 2002 @12:03PM (#4417491) Homepage Journal
      Whats wrong with porn?

      Yeah, I mean there is a lot of Spam, misogynic attitudes, and underhandedness associated with it, but really that's only a product of the fact that porn is supposedly an 'underground' activity in our ridiculously puritan society.

      I guess Mr. Cerf feels people shouldn't get off unless they have a significant other of the opposite gender readily available, and only then with the lights off in the missionary position. I mean, after all sex is A Bad Thing especially when there's a number of people that isn't both even and prime.

      I say if people want to get naked and take pictures more power too 'em. It would be nice if they could do it without degrading women, spamming, and flooding browsers with popups, of course. But pornography in and of itself isn't bad.

      I wonder if Mr. Cerf find European late night television a failure of the promise of TV (among many failings of that particular medium).

      Spammers, on the other hand, need to die.
      • by GuyMannDude ( 574364 ) on Wednesday October 09, 2002 @01:00PM (#4417919) Journal

        Whats wrong with porn?

        I have to agree that lumping porn in with spam (which no one likes) and hate sites is really uncalled for. If some college girl wants to put herself through school by selling access to naked pictures of herself and I want to engage in a little bit of sexual escapism by looking at those pictures, I don't see how society has been harmed in any way. I know that some people object to porn because it is dominated and controlled by some seedy men. But I would argue that the explosion of internet pornography has actually empowered women working in the adult industries to have more control over their careers. Certainly Danni Ashe has succeeded beyond her wildest dreams. The women can instantly become managers and distributors of their own content and do not have to 'pay' men (either with money or some other compensation) to break into or maintain a presence in the adult world. Several porn stars have curled up with a book and taught themselves to become their own webmasters so they don't have to rely on anyone else. I think this is a positive development.

        I wonder if Mr. Cerf has given any thought to the role of the internet is changing pornography or whether he just hates porn in any form.

        GMD

        • > I wonder if Mr. Cerf has given any thought to the role of the internet [had in] changing pornography or whether he just hates porn in any form

          Sorry but that isn't insightful in the least.

          Here is the question: Of all the Internet has evolved to be, in what aspect of it are you the most disappointed?

          His disappoinment in porn probably goes more like this..."

          Vint - "I have spent years and years of hard work to help build and propagate this amazing technology that can change the world! What do you think?"

          The World - "Dude way to bring us TONS OF BOOBIES! YEEHAW!!!"

          Who wouldn't be disappointed?
      • Re:HEY! (Score:3, Insightful)

        While I agree with this in general, I think it is important to look at this very closely. Most of the negative aspects are directly related to supression, but I also think it is important to draw the line, if only personally, about what is acceptable and unacceptable.

        Maybe the best way to put this is that I fully support it from the free speech angle while personally condemning a lot of what is done with this freedom.

        Also, in the current climate and state of privacy, I stay away from it completely (on the Internet). What I would like to see is the society as a whole to be a lot more open about sexuality to the point where it wouldn't really be a big deal. The current climate is that extreme violence is way more acceptable than even a little normal sexuality. Which do you want to expose your children to?

        I've been quite alarmed lately that a totally new type of SPAM has been landing in my mailbox. Not just SPAM to go to some URL to get whatever form of deviant sex they are pushing, but actual images in the email. This is just not defensable because nobody should be subjected to this without their permission. I know they have all sorts of schemes to avoid being caught, but it seems to me that this and SPAM in general is so blatant that it shouldn't be hard to do something about it. Somebody must be getting paid off.

        I definitely agree with the idea that open sexuality is a direct challenge to those who want to supress the rights of women, but I think degrading images of sex are more part of that mindset than any move toward openness. Those who perpitrate this view blame the woman for seducing them, and will even kill their own sister if she is raped. I wish they would quietly kill themselves instead of killing others in their hatred. The shame is all on them, whatever they may claim.

  • Ahem (Score:3, Insightful)

    by Anonymous Coward on Wednesday October 09, 2002 @11:21AM (#4417232)
    The ability to exploit anonymity, rather than to be legitimately protected by it, creates a genuine conundrum. So this is indeed worth talking about - I'd be interested in your further thoughts.

    I thought we were giving the interview here...

  • IPv6 (Score:5, Interesting)

    by espenss ( 409753 ) on Wednesday October 09, 2002 @11:22AM (#4417235) Homepage Journal
    UPv6 is a big challenge. But the fact is that the Massachusetts Institute of Technology (MIT) got more addresses than The Republic of China alltogether.

    We probably have to reorganize the whole thing either way, some day.
    • Well... (Score:3, Interesting)

      by GnomeKing ( 564248 )
      since the Republic of China is behind the great firewall of china, NAT would be very simple.

      does the "fact" mentioned relate to number of real IP addresses or number of IP addresses in use including NATted ones

      (the implied question here being does china use nat to ensure that everyone has to go through their firewall?)
      • Re:Well... (Score:5, Informative)

        by Zathrus ( 232140 ) on Wednesday October 09, 2002 @12:02PM (#4417482) Homepage
        MIT was allocated a class A address space (18.*.*.*) back when the net was young. They are the only educational institution to have been allocated a class A space. They also have two class B spaces (128.52.*.* and 129.55.*.*) and 10 class C addresses.

        That gives them a whopping 16,518,636 individual addresses -- assuming you reserve 0 and 255 of each quad for broadcast (which is probably incorrect - 128.52.255.5 and 128.52.0.5 should be separate, valid addresses, so that increases the total by another 100,000 or so).

        China appears to have a dozen class B addresses and numerous class C addresses. I'm probably googling for the wrong info which is why I can't nail down a number, but it's certainly less than 259 class B addresses (which is what you'd need to match MIT).

        The reason for this is not because China wants to firewall the country, but because MIT was one of the first institutions using Arpanet and was instrumental in the development of TCP/IP and the various networks that became the Internet. It's essentially an artifact of computer history. MIT shouldn't have to give up its class A address if it doesn't want to, but in retrospect it's really quite absurd to have allocated class A addresses as was done.
        • Re:Well... (Score:4, Informative)

          by Evro ( 18923 ) <(evandhoffman) (at) (gmail.com)> on Wednesday October 09, 2002 @12:24PM (#4417643) Homepage Journal
          Stanford also got a Class A, as did Apple Computer and IBM.

          http://www.ipindex.net/a/indexa.html [ipindex.net]
        • Re:Well... (Score:2, Informative)

          by Spamhead ( 462189 )

          These guys [stanford.edu]were given a class A space but were nice enough to give some back.

          Spread the word. MIT is full of greedy space-hoarding geeks!

          • Re:Well... (Score:2, Informative)

            by Anonymous Coward
            ffs. whois 96.0. there is no shortage of address space. look at the number of class As that iana is still sitting on.

            still, more is better.
        • Re:Well... (Score:4, Informative)

          by Cheeko ( 165493 ) on Wednesday October 09, 2002 @12:56PM (#4417895) Homepage Journal
          Another thing people may not have noticed, but along with MIT, there were 2 corporations that were granted Class A address spaces for their work on TCP/IP. Those companies being Hewlett Packard, and Digital Equipment Corp. If you throw in the Class B space from Compaq, the new HP accounts for a very very sizable chunk of the worlds address space.
          • Re:Well... (Score:4, Informative)

            by Don Negro ( 1069 ) on Wednesday October 09, 2002 @01:06PM (#4417977)
            Last time I checked, Apple had all of 17.*.*.* and IBM had 9.*.*.*

            The class A address space list makes for interesting reading.
          • The Postal Service also has a class A.
          • I remember working right out of high school for HP in Houston, Texas in 1984. I sat in on a satellite video conference where engineers were discussing going with ethernet or token-ring on the upcoming 9000 series hpux boxes. Of course, the consensus was that ethernet was the way to go. Sure, TCP/IP will run on token-ring or ethernet (arcnet for that matter), but ethernet does seem to be the natural for it. Perhaps having an entire class A had something to do with their decision? I was too wowed by the sat comm gear to pay much attention anyway.
        • Stanford got 36.0.0.0/8 in 1993, but returned it in 2000. Incidentially, this information is all available on the IANA web site here [iana.org].

          But maybe you don't consider Stanford [stanford.edu] an educational institution.

        • Re:Well... (Score:2, Informative)

          by Bug-Y2K ( 126658 )

          Nobody has a "Class A/B/C" address range anymore... They have a /8, /16, or a /24. (or any other of the available Classless "CIDR" slices.)

          The Net stopped using Classfull addressing almost 10 years ago. Get with the program folks!

        • Is there a definitive list of known class A/B addresses? It would be interesting to see who is hoarding numbers, and how long they've been held. Not that some people shouldn't have rights to those numbers.

          I always thought that IP addresses were organized by some sort of area-cluster format. I guess not, though. It's too bad, it would be cool if you could determine most clients' area by their IP address, although this would also likely end up with people being more easily block by IP mask.
    • ROC? (Score:2, Informative)

      by sulli ( 195030 )
      I think you mean the People's Republic of China, though your argument applies as well to the ROC, which is Taiwan.
    • Re:IPv6 (Score:2, Flamebait)

      by JoeBuck ( 7947 )

      You mean the People's Republic of China. The Republic of China refers to Taiwan.

    • But the fact is that the Massachusetts Institute of Technology (MIT) got more addresses than The Republic of China alltogether.

      Gee, maybe that's because MIT made more contributions to the original "Internet" than the Republic of China. Not that I'm saying ROC couldn't have, merely that they didn't. All the large institutions involved with ARPANET got class A subnets. Most of them sucumbed to peer pressure and gave them up. We didn't.

    • .... But the fact is that the Massachusetts Institute of Technology (MIT) got more addresses than The Republic of China alltogether.


      I've heard this remark made before and though at first sight it seems to say something, it actually doesn't mean anything. MIT has a full /8, unfortunately. The whole republic of China doesn't. So What! If you look at these [ripe.net]statistics of the joint RIR's than you will see that the whole world and their mother have more IP space than the Peoples Republic. :-) (ok, slightly exaggerated) But fact of the matter is that the Peoples republic shouldn't yet worry about not getting any IP-space.


      For the last 10 years we have had the Regional Internet Registries in place, which deal with the IP-adress allocation. They have done a great job at conserving IP-space. Since they started their work, only 15% of the IP-space has been allocated, contrary to the 43% in pre-RIR times. If they continue to do their great job in the same way, we will hit critically low numbers of availability by 2010-15 and run out by 2030.

      • > MIT has a full /8, unfortunately. The whole republic of China doesn't.

        Yeah, this sucks.

        Spam filtering would be so much simpler if all of .cn were in the same /8, the way it is with Latin America. (two /8s in Class B space.)

    • UPv6 is a big challenge. But the fact is that the Massachusetts Institute of Technology (MIT) got more addresses than The Republic of China alltogether.

      Technically you're probably still correct, but you probably meant the People's Republic of China. The Republic of China is a capitalistic democracy with about 20 million citizens. People usually call it "Taiwan" these days. It's called the Republic of China, because the government used to rule all of china, but after the communists took over they fled to Taiwan where they have sat for the past 50 years.
    • by hta ( 7593 )
      According to ftp://ftp.apnic.net/pub/apnic/stats/apnic/apnic-20 02-10-01, China has 25.425.152 addresses.
      This is more than MIT has.
  • Mushy answer (Score:4, Insightful)

    by sulli ( 195030 ) on Wednesday October 09, 2002 @11:36AM (#4417320) Journal
    The Internet is a big tent and should be able to support many different models of operation ranging from highly protected information to completely open information.

    Cerf's comments are pretty inscrutable, but I am inclined to think Cerf is on the wrong side of this issue, given that he is not standing up for users' ability to control their PCs.

    • They are niether inscruitable or wrong.

      His is a middle view point. He in no way advocates taking control of the PC away from the user. He is merely saying that there should be different levels of availability for information.

      I am pretty far out there on this point in that I believe we would be better served with no security or anonimity but rather a completely open society from top to bottom. It ain't going to happen in America but prehaps the next empire can start off with this in it's constitution.
  • by wytcld ( 179112 ) on Wednesday October 09, 2002 @11:41AM (#4417340) Homepage
    The basic dispute was NOT that the information should not be released to Karl but rather whether Karl had absolute discretion to decide what information could be released on the public.

    So Cerf didn't allow a director to have the information because he was afraid the director might disclose some of it to the public, despite the law (as the judge found) clearly giving any director the right to that information? The only legal and proper course would have been to release the information immediately to the director with - if considered necessary - a warning about which sections were claimed to be proprietary by one party or another. Then if the director released any of that "proprietary" info the party claiming it would have a right to file suit against the director.

    Cerf should be ashamed. ICANN should be shut down. His defense - that other not-for-profits are even shadier - should not be tolerated in the current business climate. It's like saying we should give a blank check to corruption at any company that's less corrupt than Enron!

    • that other not-for-profits are even shadier - should not be tolerated in the current business climate. It's like saying we should give a blank check to corruption at any company that's less corrupt than Enron!

      Well, given the fact that he works for WorldCom, a company that's made up about $10 billion (that we know about) compared to Enron's $300m or so, it's not to surprising.
    • If I understand correctly, the director can do anything with the information they want as long as ICANN is allowed to. The principle was that due to legal agreements with certain places, ICANN itself is not allowed to release the information to the public. The dispute was just to make sure Karl did not breach that other agreement.
  • Selective memory (Score:4, Insightful)

    by catfood ( 40112 ) on Wednesday October 09, 2002 @11:41AM (#4417341) Homepage
    The basic dispute was NOT that the information should not be released to Karl but rather whether Karl had absolute discretion to decide what information could be released on the public. ICANN deals with proprietary information supplied by various domain name service providers, for example, and the dispute, as I understood it, revolved around how confidential information would be protected, once released to any director.

    Not according to the filings [eff.org]. Auerbach's complaint was that ICANN staff put unreasonable conditions on his access. Auerbach repeatedly said he was more than happy to comply with any reasonable confidentiality requirements. But ICANN declined to provide financial records, and didn't bother to inform Auerbach directly; six months later, ICANN was still "formulating policy" on the matter.

    I don't think Auerbach ever got a copy of the employee handbook he requested.

    And he wasn't allowed to make copies of any documents without asking a committee for permission first. Even though California law clearly gives him the right to view and copy whatever the hell he pleases--"all books, documents, and records of any kind"--without restriction. ICANN's own bylaws grant similar rights to all directors.

    Unsurprisingly, the court ruled for Auerbach on all counts. The confidentiality issue was a red herring from the start. I wish Vint Cerf would answer the question again, this time without using confidentiality of ICANN's records as an excuse.

    I don't know Karl Auerbach. Everything I know about this case came from the publicly available documents.

  • by Speare ( 84249 ) on Wednesday October 09, 2002 @11:47AM (#4417378) Homepage Journal

    Many people seem to be of the opinion that the First Amendment (of the United States Constitution) grants people the right to anonymity. This is very much not the case. There are two separate concepts wrapped up in the term 'anonymity', and the courts have been able to keep these distinct: there is 'unsigned speech', and there is 'unaccountable speech'.

    The First Amendment does not say that one has a right to speak anonymously. In fact, a person is often put into a situation where their identity is compelled, especially if they are related to a case where a felony has been committed. One can publish without choosing to sign the publication, but if a publication can otherwise be lawfully tracked to its writer, then that evidence is quite admissible and it is no longer anonymous.

    The right to privacy is used somewhat interchangeably with anonymity, but that is not proven in the reading of our Constitution. The right to privacy comes from the Fourth amendment, which guarantees a security within their persons, houses, papers and effects.

    There is also the right to remain silent, written into the Fifth Amendment, which protects against a situation where someone is compelled to supply information about themselves or their conduct. Metaphorically, this can be read as an extension of the Fourth Amendment into someone's thoughts: "a brain cannot be seized and searched, one is secure within their own mind."

    Lastly, there is a right to face one's accuser; the Sixth Amendment speficially grants the accused all manners of due process. In such a situation, there is no right to anonymity: a witness must divulge their identity to make a credible accusation. The US has a program that tries to secure high-profile testimony without endangering the witness, by helping the witness "disappear" with a new identity, but only after that explicit testimony is rendered.

    A person is always to be held accountable for their own actions in a United States court of law; there is no right to being free from accountability.

    • I think the problem is that the government and various commercial entities keep changing/adding to the statutes in ways that make it easier to "lawfully" track down your identity. Even if it's "legal" to beat an ISP owner with a brick until he gives the IP logs for last Tuesday, it goes against the original intent. Obviously, that example is hyperbole, but very recently, the RIAA was trying to use the infamous DMCA to force Verizon to reveal their user logs [com.com].
      • >I think the problem is that the government and >various commercial entities keep changing/adding >to the statutes in ways that make it easier to "lawfully" track down your identity.
        >Even if it's "legal" to beat an ISP owner with a >brick until he gives the IP logs for last Tuesday, >it goes against the original intent.

        For better or worse in our system of laws, the "original intent" of a law is meaningless once it has been amended or superceded by later precendents or legislation. Our laws change with the times and personalities/goals of those in a position of power, regardless of what the originators intended.
        It is a beatuy of our legal system that we are able to thus change with the times. This does not always work out to everyone's favor of course (this case in point). If you disagree, that is why we have been given democratic process to help influence legislators who can change the changes to the changes of the orignal law.

        Just think, the original U.S. Constitution had provisions for slaves built in. That was changed with the times. If the document which defines our very government can change with public perception, then so can laws defending our "internet freedom".

    • by zenyu ( 248067 ) on Wednesday October 09, 2002 @12:23PM (#4417626)
      Ok, I don't know what Bill of Rights you are reading but the one I read has all kinds of things like a requirement for search warrants and most importantly the 9th and 10th amendments...

      Amendment IX

      The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

      Amendment X

      The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.


      What you have to realize is that privacy was such a basic right that they didn't even think it needed to be stated. Except where it wasn't preserved, like customs and when you are attempting to deny someone a portion of their freedom through the court system, or where it had been violated with search warrants issued without public scrutiny and consent from the governed. Jefferson would have viewed today's airport searches and ID checks as repugnant and proof that the bill of rights had failed to preserve the rights of man from the tiranny of a too powerful state.

      there is no right to being free from accountability.

      There is, if it's in word, or righteous deed! It's simply that we live in a state that tramples on that right so often that some of us don't even realize it exists.
      • He explicitly pointed out that the fourth amendment grants rights against search, and did so more informatively than you did!

        Your "I don't know what Bill of Rights" comment applies much more to you than to the original poster. Amendment IX and X state that the constitution doesn't deny people other rights, not that the constitution guarantees people every other right!

        I don't see any support for your comment that privacy was considered such a natural right that it didn't need to be enumerated. One could make such an argument for any right not guaranteed in the constitution and it would still be just as falsifiable or provable (i.e. not at all provable).

        The constitution clearly enumerates a number of rights. It is clear that we have other rights, as well. However, until those rights are added to the constitution, they're not constitutional rights.

        In fact, though, I suspect you, me and the parent poster all agree with regard to the unconstitutionality of the specific behaviors you're talking about. Certainly airport searches and ID checks violate the fourth amendment. But that doesn't mean you have a constitutional right to not have your handwriting analyzed on a criminal document, or to keep the police from looking through your windows if you leave them open.
  • by 3141 ( 468289 ) on Wednesday October 09, 2002 @11:47AM (#4417380) Homepage
    I think running servers at home is still largely not for the general public but that this will change as servers become more simple to operate and configure (plug and play).

    I think he misunderstood the issue, though who am I to talk. The problem that the questioner was alluding to is of the service agreements NOT ALLOWING people to run servers at home, as opposed to not being able to.
    • Or, he could have understood, and may be alluding to the fact that most users today don't understand the impact of running a server (on themselves, other users, etc.) like they can understand the impact of a client, as it's all readily visible.

      Either way, I grant Cerf's statement is a bit unclear.

  • by Speare ( 84249 ) on Wednesday October 09, 2002 @11:56AM (#4417433) Homepage Journal

    This is a great aphorism, which truly sums up a lot of thoughts on the good and bad.

    • "The more the Internet becomes infrastructure for all parts of our complex, global society, the more we are likely to see all aspects of that society reflected in the Internet." --Vint Cerf

    Thanks, Dr. Cerf.

  • IP6 ready (Score:5, Insightful)

    by TheSHAD0W ( 258774 ) on Wednesday October 09, 2002 @12:03PM (#4417487) Homepage
    Part of the reason IP6 is finding so much resistance is because very few people have any experience with it. How can you run a box with the IP6 protocol when nothing on your net will talk to it?

    Maybe it would be a good idea to start rolling out firmware versions that will allow people to run IP6 on their intranets. Get their Linksys Cable/DSL routers talking IP6 on the private side of the network. Obviously not everyone would want to do this, but for those who dared to convert it would provide essential experience in IP6 operation. It would also provide a future starting point for when ISPs offer IP6 access.
    • How can you run a box with the IP6 protocol when nothing on your net will talk to it?

      There is a common solution to this, called tunneling. Basicly, each IPV6 packet is encapsulated in an IPV4 packet and sent to a remote site where the IPV4 shell is dropped and the IPV6 packet is routed to its destination.

      There are public services that do this, most prominently, the 6Bone [6bone.net].
      • That's not quite what I meant...

        Right now, setting up a small in-home intranet running IP6 without a dedicated computer running network translation as the firewall. This is more than most people would want to handle. And setting up some of the advanced IP6 features would be non-trivial.

        On the other hand, if IP6 translation, "DHCP" and some of the more interesting features were provided for commonly available proxy hardware, like Linksys's Cable/DSL router (and the hardware could even run a mixed network, translating internal communications as well as gatewaying out), one could get IP6 up more easily, exercise their drivers, experiment, etc.
    • With IPv6, it will become impossible to remember the numbers. That will make life a little tougher for the home-lan enthusiast and small businesses. DNS will simply gain importance - also on the intranet.
      • beh .. what's the difference between recalling 10.0.0.1 and fec0::1 ?

        (fec0::/48 is the IPv6 "equivalent" for private network numbers, as these prefixes cannot cross a border router (they use a site-local scope id))

        And even my stupid DSL modem (yes, you read well: not router) is able to act as a DNS server .. it's not that hard to set up anymore ..
    • Even more to the point is that nowadays it is *trivial* to set up an IPv6 intranet as long as you have at least one publicly reachable IPv4 address - using 6to4. With 6to4 you can have 65536 networks with 2^64 hosts behind a single IPv4 address, and with RFC 3068 you can simply set your default router to 2002:c058:6301:: and reach non-6to4 addresses. There's no longer any need for any coordination or variable configuration. It just magically works.

      There's certainly no technical reason the likes of Linksys or Netgear cannot include basic 6to4 functionality in their products *right now*.

      NAT is an anathema to a truly connected Internet, where there is true peer to peer connectivity (this is not about peer to peer filesharing. There's far more you can do peer to peer than that). Because I have IPv6 connectivity at home and at work, I can ssh from one place to the other despite the fact that both places have IPv4 NATs that actually use the *same* IPv4 address space. It's magically delicious!
      • Or not... (Score:3, Insightful)

        by why-is-it ( 318134 )
        NAT is an anathema to a truly connected Internet, where there is true peer to peer connectivity (this is not about peer to peer filesharing. There's far more you can do peer to peer than that).

        Dude, there is no way I would ever allow any device on the Internet to initiate connections into my home network. I run a firewall for a reason, and IPV6 changes nothing in that regard. I don't think that having more addresses will reduce the number of attacks that bounce of my firewall on a daily basis.

        Security might even be more important when we move to IPV6 because there would be potentially more systems out there for the script kiddies to 0wn!
        • Re:Or not... (Score:3, Insightful)

          by nsayer ( 86181 )
          I run a firewall for a reason

          Do not confuse NAT with firewalls, grasshopper.

          Firewalls are good. I in no way suggested that people should not have a firewall. What I am saying is that NAT is a terrible thing because it makes peer to peer communication rediculously more cumbersome (or even impossible) even if I, as an administrator (whether you want to call them that or not, anyone who owns one of those little NAT routers is that router's administrator), want to allow some forms of it.

          • What I am saying is that NAT is a terrible thing because it makes peer to peer communication rediculously more cumbersome

            I think that is the whole point. I have a private network, and the last thing I want to do is make it easy for hosts on the outside to have unrestricted access to the devices on the inside.
            • the last thing I want to do is make it easy for hosts on the outside to have unrestricted access to the devices on the inside.

              You continue to be confused because you imply that a lack of NAT provides "unrestricted access" to the devices on the inside. I put it to you that a stateful firewall is equally as effective at securing a network without complicating desired peer-to-peer connectivity.

              And if you do not desire any peer-to-peer connectivity, then you don't really want the Internet, you want AOL.

              • I put it to you that a stateful firewall is equally as effective at securing a network without complicating desired peer-to-peer connectivity.

                We are each entitled to our own opinion. However, no matter what Checkpoint claims, I think it that it is generally considered to be true that a proxy firewall is a more secure means to protect a network. The major downside is that proxy firewalls add latency to the end-user experience. You don't have to take my word for it though. Check out what SANS and SecurityFocus have to say on that topic.

                At any rate, I would never use Internet-routable addresses on my Internal network. RFC 1918 addresses provide another layer of security, and they just aren't handing out class A addresses anymore. So even with my stateful inspection firewall, I am going to have to do address translation - and I still will not permit hosts outside of my network to initiate connections into my network.

                And if you do not desire any peer-to-peer connectivity, then you don't really want the Internet, you want AOL.

                Yah, whatever...
  • by Sloppy ( 14984 ) on Wednesday October 09, 2002 @12:13PM (#4417560) Homepage Journal
    ICANN deals with proprietary information supplied by various domain name service providers
    I've heard this before, but I don't think anyone has explained it. What types of "proprietary information" does ICANN deal with? Are we just talking about the whois database, dns root server passwords, and other trivia (which I really don't think is the kind of stuff that Auerbach was interetest in), or is it something else?

    The very idea that there are other types of secrets, is exactly what makes me suspect ICANN is up to something inappropriate. When I try to think of what is needed to coordinate names, numbers, and standard interfaces, I just don't see where any sort of "proprietary information" can fit in. What am I missing?

    • or is it something else?

      Kickbacks.

      Laugh all you want now, but I'll be the one laughing (along with John Gilmore) when the handcuffs are slapped on and Vint and his buddies are doing the perp walk for the cameras.

      End the artificial monopoly! Open up the root name servers! Viva la common bloody sense!!!

      (BTW -- I fully expect to get modded down for this, but my karma is pretty high anyway -- maybe high 40s if it were still numeric. At least it lets me blow off some steam at these crooks. :)

      • That's the cynical and expected answer. I wanna hear the "best case scenario" answer.
        • "Best case" is that people are being this secretive because dodgy but legal things are happening, I imagine. When it does come out (and these things usually do in time) it will reflect poorly on those involved, but it won't be actionable in a legal sense. Otherwise why the need for secrecy? It's not like they're planning my surprise birtday party or anything...

          Massive amounts of money, pretty high potential for conflict of interest... they're skating pretty close to the line, and I was glad to see that letter calling them on it. I think that ICANN's behaviour is scandalous.

  • Here's a theory (Score:2, Insightful)

    by kenp2002 ( 545495 )
    "Revelations 13:17 and that no one would be able to buy or to sell, unless he has that mark, the name of the beast or the number of his name. "

    An the beast shall be you national ID, in reality a series of bits but the beast shall also have a number associated with those bits. Much like an IP address.

    The steps are simple.

    1: Move to a cashless society
    2: Mandate that everyone have a unique ID
    3: Have the ability to track someone against their ID via a surgical implant or a real time proximity database.
    4: Put a simple high-intensity laser in orbit.
    5: Using GPS, lock onto a person
    6: Press a button (Preferabbly Red or Blue)
    7: Watch the dissident fry with laser accuracy from 5+ miles above.

    Resist any form of tracking. You life WILL depend on it. You don't have to be an evil supernatural boogieman to suffer the above fate. You just have to be someone who can get away with it. I'm not one for consipiracys but hell this is too dangerous to take a chance. What if some terrorist was able to hack into a massive database like that. Think identity theft is hard now? Boy wouldn't that national ID make it easy. Now with the internet lets track your every move. Why not, in the real world you would be arrested for things like stalking and harrasment but here in corporate cyberspace we not only can do this legally but we, the corporate marketing department have the right as a service provider to track your every move...

    P.S. Don't generalize, the whole corporation doesn't want to track you, it's usually just 2 departments with in, marketing and product development.

    I remember when the Internet was about freedom of information, now it's about marketing and videogames...
  • Hmmm... (Score:4, Interesting)

    by mjh ( 57755 ) <mark@NoSPAM.hornclan.com> on Wednesday October 09, 2002 @12:47PM (#4417790) Homepage Journal
    Vint says:
    I think we will see value in both - moreover, until there is ample, symmetric capacity, users will probably prefer that their server sites be operated by outsourcers and even when home servers seem natural, users may prefer to leave their operation to specialists.

    Hmmm... I don't think so. Users don't care about symmetric capacity. They care about costs. Symmetric capacity doesn't mean anything to them. The number of people that they're trying to supply data to is usually not that many. So having high upstream bandwidth just doesn't matter that much to them. What matters is cost. If going to a hosting company costs $10/month, in addition to their existing broadband access costs, then most people just are not going to do it.

    Maybe it's just me, but I think that most folks who want to run servers want to do it to give friends and family access to the photo album or to put up a web log or something else that isn't going to have a very large audience. Some want to share out their MP3 collection. But I don't think that's what most want to do. So for the vast majority, bandwidth isn't what matters.

  • by autopr0n ( 534291 ) on Wednesday October 09, 2002 @12:51PM (#4417822) Homepage Journal
    From a political whore like Cerf, I'm not surprised. He basically spouted off the same kind of political psudo drivel that infests our government. Read them again. He says almost nothing specific, just a bunch of vague platitudes that anyone from any side of the various arguments would agree with. He even outright lied about the ICANN case, as this comment [slashdot.org] illustrates.

    The internet is going to hell. 10 years from now it'll be the same boring wasteland as TV is now, filled with mindless crap and advertisements for other people on your homepage, emails, and instant messages. Oh wait. It's already like that!
  • by Hieronymus Howard ( 215725 ) on Wednesday October 09, 2002 @01:32PM (#4418225)
    Vint: I suppose I wish I had decided on a larger address space than 32 bits!

    I wonder if he ever said "4294967296 IP addresses should be enough for anybody"?

    HH
    --
    • I wonder if he ever said "4294967296 IP addresses should be enough for anybody"?

      It is enough for anybody*. It's just not enough for everybody :)

      * For some (most) values of anybody :)
  • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Wednesday October 09, 2002 @03:02PM (#4419058) Homepage Journal
    This is something that's been on my mind in a big way lately. I think that it would be nice if all TCP connections could be authenticated (via SSLizing or similar) and all you need really is some kind of guarantee that the person you're talking to today is the same person you talked to yesterday.

    Consider the issue of key exchange. You do not know that a key is valid until you have confirmed it by other means, regardless of who the key says it belongs to. This situation will not change any time soon. But what I envision is some sort of central repository for keys, run by some government or other. At least that way you know what the extent of corruption is likely to be.

    This central server will issue keys (for a small fee, ostensibly) and record any information you wish to associate with the key. You should be able to create arbitrary data types and fill them with arbitrary strings, up to perhaps a few kB, which is enough for authentication purposes. Or, you can leave them all blank.

    The issuing agency should then verify (or not verify) the verifiable pieces of information in your key, like address, phone number, et cetera, for an additional (but hopefully also small) fee. So perhaps it's only US$0.50 to get a key, but if you want to get your name, address, and phone number (for example) verified it might cost you five bucks.

    A validated key can be used to access services which need to know who you are. An unvalidated key can be used to access services which need to know that you are the same person who accessed it yesterday, or last week, or whatever.

    Keys should expire unless a small fee is paid yearly. Validation fees should be paid once, unless you change your address and need to validate the new one, in which case you'll have to pay for that validation again. One assumes that validating address and phone number will be cheap but validating actual identity won't be, because you will generally have to do that in person somewhere, by providing appropriate forms of identification. I envision the identity verification as similar to getting a passport, at least in the US. (I don't know how other countries handle that. Save your jokes about M$ passport, please.)

    As far as I can see, this is an ideal system. You may not want keys issued by a governmental agency but this is essentially what your social security number is anyway; a UID issued by the federal government. Unfortunately it cannot be used to sign anything and keep communications secure. Besides which, it's not supposed to be used for anything other than tax purposes, though schools and other institutions across the US use it for all manner of other purposes. Having some form of digital identification method which can also be used to ensure (Relatively) secure communications would be a big step in the right direction.

    • As far as I can see, this is an ideal system.

      Yeah, and if we lived in Roddenberry's universe instead of Hawkings' it would work great! Now take off your fucking Spock ears and pay attention. Unfortunately as things stand you are basically talking about paying ICANN (or a similar organization) as much as they think they can get away with so that you can do the same things you do today on the internet. No, what you're proposing is not secure enough for voting in elections. Yes, buying things on the internet will be made slightly faster (CONSUME!) but no, this system won't catch criminals, end world hunger or make your old vinyl cartop look like new.

      Instead it will be abused. ICANN or Network Solutions or whatever other assclowns are selected to hold the reins will be selling the data collected left and right. Oh sure, they'll have beautiful "privacy policies" and other worthless documents some of which may even expressly prohibit this. It will happen anyway. The value of such data is too immense for it not to.

      I can hear your nasal whining from here though "Bu-bu-but you can get an UNVALIDATED key and retain a similar level of privacy to what you have today!" Sure, and that unvalidated key will be useful for doing what exactly? Not for reading cnn.com, that's for goddamn sure. Even if Joe Bob's Super Deluxe Personal Web Page is run by a straight shooter who has neither interest in nor means to acquire your personal details from your key you can bet his advertisers are going to require that he ONLY accept authenticated connections. Again, look around you. How many web sites don't have banner ads running? What limbs and vital internal organs would the people running those banner ad companies give to be able to instantly match your IP to your name and address with a high degree of accuracy?

  • The slogan "6 by 6" has emerged as a kind of challenge to get to significant deployment of IPv6 by 2006. In a few years, we will know whether this is realistic or not.
    The requirement to buy IPv6 networking gear may well breath a little life in the technology sector. Anyone else's portfolio look kinda beat? Good thing it's got a few decades to recover for me...

"Look! There! Evil!.. pure and simple, total evil from the Eighth Dimension!" -- Buckaroo Banzai

Working...