[Cerowrt-devel] Random thought - reactions?

[Cerowrt-devel] Random thought - reactions?

[dpreed]

[-- Attachment #1: Type: text/plain, Size: 4382 bytes --]


The disaster in the FCC's move to reverse the Open Internet Order will probably continue.
 
As some of you may know, but most probably don't, I have a somewhat nuanced view of the best way to preserve what is called network neutrality. That's because I have a precise definition of what the Internet architecture is based on. Essentially, access providers (or for that matter anyone who stands between one part of the Internet and another) should forward packets as specified in the IPv4 or IPv6 header, with best efforts. In particular, that means: meet the protocol specification of the IP layer, base routing, queueing, and discarding only on the information therein contained. "Best efforts" does not mean queueing or discarding packets selectively based on addresses or protocol. However, ToS can be used.
 
It turns out that the Open Internet Order pretty much matched that definition in effect.
 
But we are about to enter a new age, where arbitrary content inspection, selective queueing, and modification are allowed at the access provider switching fabric. Based on any information in the packet. Also, data collection and archiving of content information (e.g. wiretapping) is likely to be OK as well, as long as the data is "protected" and there is a contract with the customer that sort of discloses the potential of such collection.
 
Companies like Sandvine, Ellacoya, Phorm, NebuAd and more modern instantiations will be ramping up production of "Deep Packet Inspection" gear that can be customized and deployed by access providers. (10-15 years ago they ramped up to sell exactly this capability to access providers).
 
I have never viewed the FCC rulemaking approach as the right way for the Internet to deal with this attack by one piece of the transport network on the integrity of the Internet architecture as a whole. However, it was a very practical solution until now.
 
So I've been thinking hard about this for the last 15 years.
 
The best and most open Internet we had for end users was available when the Internet was "dialup". That includes modems, ISDN digital, and some DSL connectivity to non-telco POPs. There was competition that meant that screwing with traffic, if detected, could be dealt with by switching what were then called ISPs - owners of POPs. This died when Cable and Telco monopolies eliminated the POPs, and made it impossible to decide where to connect the "last mile" to the Internet.
 
So can we recreate "dialup"?  Well, I think we can. We have the technical ingredients. The key model here is IPv6 "tunnel brokers" (I don't mean the specific ones we have today, which are undercapitalized and not widely dispersed). Today's Home Routers (minus their embedded WiFi access points) could be the equivalent of ISDN modems.
 
What we need is to rethink the way we transport IP packets, so that they are not visible or corruptible by the access provider, just as they were not visible or corruptible by the phone company during the "dialup" era.
 
I don't think I am the first to think of this. But the CeroWRT folks are a great resource for one end of this, if there were companies willing to invest in creating the POPs. I know of some folks who might want to capitalize the latter, if there would be a return on investment.
 
Under the Open Internet Order, there was no meaningful potential of a return on investment. Now there is.
 
I think the missing piece is a "stealth" approach to carrying packets over the access provider's link that cannot be practically disrupted by DPI gear, even very high speed gear with good computing power in it. That involves encryption and sort-of-steganography. Tor can't solve the problem, and is not really needed, anyway.
 
Anyway, I have some protocol ideas for transporting arbitrary IPv6 and IPv4 packets to POPs, and some ideas for how to evolve POPs in this novel context.
 
I'm interested in thoughts by the CeroWRT developers. Not just technical thoughts, but practical ones. And especially "services" that such POP operators could offer that would allow them to charge a bit of cost/profit, on top of the basic access provider services that will be needed to reach them.
 
BTW, the same applies to cellular, where I think the problem of breaking the Internet architecture will be a lot worse. We need to make cellular Internet access more like "dialup".

[-- Attachment #2: Type: text/html, Size: 7663 bytes --]

Re: [Cerowrt-devel] Random thought - reactions?

[tapper]

Motherboard & VICE Are Building a Community Internet Network
https://motherboard.vice.com/en_us/article/j5djd7/motherboard-and-vice-are-building-a-community-internet-network-to-protect-net-neutrality
It seems that people are all thinking the same thing, but coming up with 
different things!

The internet will never die!
On 15/12/2017 17:18, dpreed@reed.com wrote:
> The disaster in the FCC's move to reverse the Open Internet Order will 
> probably continue.
> 
> As some of you may know, but most probably don't, I have a somewhat 
> nuanced view of the best way to preserve what is called network 
> neutrality. That's because I have a precise definition of what the 
> Internet architecture is based on. Essentially, access providers (or for 
> that matter anyone who stands between one part of the Internet and 
> another) should forward packets as specified in the IPv4 or IPv6 header, 
> with best efforts. In particular, that means: meet the protocol 
> specification of the IP layer, base routing, queueing, and discarding 
> only on the information therein contained. "Best efforts" does not mean 
> queueing or discarding packets selectively based on addresses or 
> protocol. However, ToS can be used.
> 
> It turns out that the Open Internet Order pretty much matched that 
> definition in effect.
> 
> But we are about to enter a new age, where arbitrary content inspection, 
> selective queueing, and modification are allowed at the access provider 
> switching fabric. Based on any information in the packet. Also, data 
> collection and archiving of content information (e.g. wiretapping) is 
> likely to be OK as well, as long as the data is "protected" and there is 
> a contract with the customer that sort of discloses the potential of 
> such collection.
> 
> Companies like Sandvine, Ellacoya, Phorm, NebuAd and more modern 
> instantiations will be ramping up production of "Deep Packet Inspection" 
> gear that can be customized and deployed by access providers. (10-15 
> years ago they ramped up to sell exactly this capability to access 
> providers).
> 
> I have never viewed the FCC rulemaking approach as the right way for the 
> Internet to deal with this attack by one piece of the transport network 
> on the integrity of the Internet architecture as a whole. However, it 
> was a very practical solution until now.
> 
> So I've been thinking hard about this for the last 15 years.
> 
> The best and most open Internet we had for end users was available when 
> the Internet was "dialup". That includes modems, ISDN digital, and some 
> DSL connectivity to non-telco POPs. There was competition that meant 
> that screwing with traffic, if detected, could be dealt with by 
> switching what were then called ISPs - owners of POPs. This died when 
> Cable and Telco monopolies eliminated the POPs, and made it impossible 
> to decide where to connect the "last mile" to the Internet.
> 
> So can we recreate "dialup"?  Well, I think we can. We have the 
> technical ingredients. The key model here is IPv6 "tunnel brokers" (I 
> don't mean the specific ones we have today, which are undercapitalized 
> and not widely dispersed). Today's Home Routers (minus their embedded 
> WiFi access points) could be the equivalent of ISDN modems.
> 
> What we need is to rethink the way we transport IP packets, so that they 
> are not visible or corruptible by the access provider, just as they were 
> not visible or corruptible by the phone company during the "dialup" era.
> 
> I don't think I am the first to think of this. But the CeroWRT folks are 
> a great resource for one end of this, if there were companies willing to 
> invest in creating the POPs. I know of some folks who might want to 
> capitalize the latter, if there would be a return on investment.
> 
> Under the Open Internet Order, there was no meaningful potential of a 
> return on investment. Now there is.
> 
> I think the missing piece is a "stealth" approach to carrying packets 
> over the access provider's link that cannot be practically disrupted by 
> DPI gear, even very high speed gear with good computing power in it. 
> That involves encryption and sort-of-steganography. Tor can't solve the 
> problem, and is not really needed, anyway.
> 
> Anyway, I have some protocol ideas for transporting arbitrary IPv6 and 
> IPv4 packets to POPs, and some ideas for how to evolve POPs in this 
> novel context.
> 
> I'm interested in thoughts by the CeroWRT developers. Not just technical 
> thoughts, but practical ones. And especially "services" that such POP 
> operators could offer that would allow them to charge a bit of 
> cost/profit, on top of the basic access provider services that will be 
> needed to reach them.
> 
> BTW, the same applies to cellular, where I think the problem of breaking 
> the Internet architecture will be a lot worse. We need to make cellular 
> Internet access more like "dialup".
> 
> 
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
> 

Re: [Cerowrt-devel] Random thought - reactions?

[dpreed]

[-- Attachment #1: Type: text/plain, Size: 1063 bytes --]


Thanks for this. I hadn't seen it yet.
 
On Friday, December 15, 2017 2:32pm, "tapper" <j.lancett@ntlworld.com> said:



> Motherboard & VICE Are Building a Community Internet Network
> https://motherboard.vice.com/en_us/article/j5djd7/motherboard-and-vice-are-building-a-community-internet-network-to-protect-net-neutrality
> It seems that people are all thinking the same thing, but coming up with
> different things!


I'm all for what Motherboard and VICE are contemplating. It's a great option, and may create an interesting opportunity for wireless mobile, too. But that's far more complex to fund and maintain than constructing an overlay over an already subscribable infrastructure. I wish them well, and I hope that the key idea of maximizing interoperability of all functions (including paying for upstream capacity) will be front and center in their minds. Balkanization of the subnets of the public Internet is a big worry - boundaries will destroy the Internet as effectively as content selectivity and content-based rate limiting will.

[-- Attachment #2: Type: text/html, Size: 1758 bytes --]

Re: [Cerowrt-devel] Random thought - reactions?

[Joel Wirāmu Pauling]

Here in New Zealand ; any provider operating a 'Network of National
Significance' must hand over any encryption keys on demand to what is
our local equivalent of the NSA. This makes a very high disincentive
for anyone to provide end to end encryption by design in their access
and transport networks. I would wager the US is likely to see a
similar provision to combat this sort of approach getting commercial
backing.

Whilst I completely agree this sort of this is needed, not being able
to create commercial services off it that are user-transparent is a
big barrier. Because for this approach to work you need as many people
to opt in as possible.

-Joel

On 16 December 2017 at 10:11,  <dpreed@reed.com> wrote:
> Thanks for this. I hadn't seen it yet.
>
>
>
> On Friday, December 15, 2017 2:32pm, "tapper" <j.lancett@ntlworld.com> said:
>
>> Motherboard & VICE Are Building a Community Internet Network
>>
>> https://motherboard.vice.com/en_us/article/j5djd7/motherboard-and-vice-are-building-a-community-internet-network-to-protect-net-neutrality
>> It seems that people are all thinking the same thing, but coming up with
>> different things!
>
> I'm all for what Motherboard and VICE are contemplating. It's a great
> option, and may create an interesting opportunity for wireless mobile, too.
> But that's far more complex to fund and maintain than constructing an
> overlay over an already subscribable infrastructure. I wish them well, and I
> hope that the key idea of maximizing interoperability of all functions
> (including paying for upstream capacity) will be front and center in their
> minds. Balkanization of the subnets of the public Internet is a big worry -
> boundaries will destroy the Internet as effectively as content selectivity
> and content-based rate limiting will.
>
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>

Re: [Cerowrt-devel] Random thought - reactions?

[David Lang]

There are two different issues here.

1. the last mile ISP plays games with the traffic for their own benefit (and 
thir competitors detriment)

2. the government wants to spy on everybody

It's possible for the VPN tunnel providers to solve problem #1 without solving 
problem #2

k

Re: [Cerowrt-devel] Random thought - reactions?

[dpreed]

[-- Attachment #1: Type: text/plain, Size: 831 bytes --]

Good point about separating concerns. I would suggest that home router to POP encryption would satisfy the first. End to end encryption can be done at the endpoints on, as it should be.

The home router to POP link need not be tappable for the NSA for it to spy. It is not end to end.

Sent from Nine
________________________________
From: David Lang <david@lang.hm>
Sent: Friday, December 15, 2017 6:14 PM
To: Joel Wirāmu Pauling
Cc: David Reed; cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] Random thought - reactions?

There are two different issues here. 

1. the last mile ISP plays games with the traffic for their own benefit (and 
thir competitors detriment) 

2. the government wants to spy on everybody 

It's possible for the VPN tunnel providers to solve problem #1 without solving 
problem #2 

k 

[-- Attachment #2: Type: text/html, Size: 1871 bytes --]