From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from atl4mhob02.registeredsite.com (atl4mhob02.registeredsite.com [209.17.115.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 7BC353B29D for ; Fri, 13 Oct 2023 14:47:44 -0400 (EDT) Received: from mymail.myregisteredsite.com (jax4wmnode3b.mymail.myregisteredsite.com [209.237.134.215]) by atl4mhob02.registeredsite.com (8.14.4/8.14.4) with SMTP id 39DIlfv2028242 for ; Fri, 13 Oct 2023 14:47:42 -0400 Received: (qmail 12870 invoked by uid 80); 13 Oct 2023 18:47:41 -0000 Received: from unknown (HELO ?192.168.1.100?) (jack@3kitty.org@76.137.180.175) by 209.237.134.154 with ESMTPA; 13 Oct 2023 18:47:41 -0000 Content-Type: multipart/alternative; boundary="------------Ry6wi0Fgv434ZtMt0llMHkk8" Message-ID: <28b55c94-ea6b-4926-ad53-bd4c0ecb1a6b@3kitty.org> Date: Fri, 13 Oct 2023 11:47:36 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: nnagain@lists.bufferbloat.net References: <20231012195244.33D5228C241@107-137-68-211.lightspeed.sntcca.sbcglobal.net> Content-Language: en-US From: Jack Haverty Autocrypt: addr=jack@3kitty.org; keydata= xsDNBGCm2psBDADGOWO8n9wfkDW9ZUEo8o+SZ5MU9us2il+fS4EFM/RaZFIbQ+P72bExzSd3 WnJdPfqO1O7Q+dRnvVO9+G2/9oT/uRZVaE05+SothzKZBv32HcZoUkdNZOTqSkdo3EwNPjid LLxX+dMBxMpR3pBdvGN8Z7lnZe6fV4QO2xtd58y3B33AVZJp+RuNwucby9dY2meyy2BJVKrx mKhYXAucVyg0ALVIchHt9UknVW4aLvQF+oMfzXVvCWeguW+DvbyazVceWGO7FSgUJ8ED3Ii7 xAR5zZJ1LASoMhG1ixg07P9Uy4ohV6c+c0yV9SY4yqhZ3+zN2cm9h/aXpwjSuiVVAJbK7zzb FjI+h89dbnaVQrLx6GikV0OVYqC6TCeMfCFZQAJLs1icxQi3BLL7O1fbTGatEfTgLa5nqfKq K/D/HlOCUeFxqZI8hXvT5dG4e1m3ilpF2/ytcWKSVg3d699UFntPv3sEbAQwwfXsnuD4Hem6 0Ao0/z41n8x1aeZE80FdkpEAEQEAAc0eSmFjayBIYXZlcnR5IDxqYWNrQDNraXR0eS5vcmc+ wsEJBBMBCAAzFiEEZLvMn5vmvTAlFEILdGzDIkA7jlAFAmCm2pwCGwMFCwkIBwIGFQgJCgsC BRYCAwEAAAoJEHRswyJAO45QuX0L/jOluv8fr/BmuEEQsWWGW6oARIbjDQrI93kXIJXuPnfp tGjkx/f1TMIzI2B9s/tejiYE7IZOhWbX1YvKF0UbkSJi50UyV9XtYRnLdD5TcksKB4luDF8S R+nj5WBm17Bp8qwriCMgA1jGL2wQ7J1KUw4Q/gsMcjhn/39PevswkriU2qqVplfCs9yTTMU5 SvtE2U9F3Y1ZINHn3kUysvxhRFd+Oh3PocWHmVE+hkII+qsra6z4eztDgoB+vqxmOJEdtvex GhT8OKu74DacguZVfu/AV+cwpX701sdjJrMyKjcv8uhFLM/E5gf6kSUAFxBVwe6pNDmAgmbS c0fAFrZjgXxNxxndpu/8OAUDVzKg+l5WJ0nWss9Q14BwA+FcoclO3lwzFu7jOiLvkm7jQkFB o+p8Owe4iAED1KK/aocIa/RiD4sZ3KXUJ92kkemZ1Qe2XpFVdzxaQDG0huNkc5Mie9rdt62O Ae+5cYdPeWmBVn+pFNs5H09kQQbVR5pUxe2Aps7AzQRgptqcAQwAzzougHNMFr/O/L8HnNJW 1YyOuX0PEVNUXQPwkxKuD8bAXsPr4Hv1a+840ByesiJSadhQgVSMruRqoQC5tTkbEWkqlfDW waNAdqCJOXl2T6gtK7RpcHNx7+/du/gCAhHOXqH1Qfs0Zi3YEbR/kQFRP3wD4GiCvHSny8zJ X9plIHqQGoE5DePNAtE2KimbFMsjguqJgq5x0tMf3qEaMNd0IGTStGpcC49iss71slotH091 Y1Yo9CpzL6rj8IP0BfssEujAvf3Gbf1oi92JRE3s2humFDfPvSlHmRIfWPQ4qFOw1zmlzsV1 eg83gErKbjaDdkbwQA85RTmMVKNVvonM80WB6jAg8tlJ5VlYlpbzASpJRNj+FL1LLBQxCbPU eFwrzqYgNvtdKR7j5nTgdndCxq+2aws/aAjdL10S8yeH7ZOpNPzjDJfMSt/L1O25zPUhXdQC 9AZNYsfyV7rf+POEgVpIEth1fT9WbmS0rZxRd/+y628n31GicbA+teN890vdABEBAAHCwPYE GAEIACAWIQRku8yfm+a9MCUUQgt0bMMiQDuOUAUCYKbanQIbDAAKCRB0bMMiQDuOUF1LC/4q 4pLtmDt6TIET2H7zGj5ie3ng7kC7YqtFPYwgLQzs9WeqQ/5WowEmHOPonBcqhGbtDj22GebQ 7w0RoUHb+aXsbC85I/C+nWgT1ZcfMBTHGlBcIQvOCNG18g87Ha9jgD0HnW4bRUkZmGMpP0Yd TLM+PBNu41AK6z82VPQrfTuPKqwAAS2FK/RpF2xB7rjpETzIPl9Dj9EAkRbviURIg0BQkmej l02FLzGmlTfBIDHBdEgzvD71Z5H9BP8DAbxBzonSTzx/KZyv7njSUzdVLW+5O/WzPgb4Qt4I jQd66LS9HWS1G7AcLjiSQAIf8v7JkX3NwtN+NGX5cmt2p0e9FOOKWXVgCIgPN3/712EEGAgq UUxuPEBD5DrRCgjZL40eHxQza2BAhoVoWopUCGZdCCZJP3iF7818wIph0U393DELG9NAGLJa qkoA8KBimXp9Rd2QvpA864JRy/REoEOEF9lm3clriLyEqaL/VMIQRhl/VSkUuez4Wr68eHus TFdwePg= In-Reply-To: <20231012195244.33D5228C241@107-137-68-211.lightspeed.sntcca.sbcglobal.net> Subject: Re: [NNagain] Internet Education for Non-technorati? X-BeenThere: nnagain@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: =?utf-8?q?Network_Neutrality_is_back!_Let=C2=B4s_make_the_technical_aspects_heard_this_time!?= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Oct 2023 18:47:44 -0000 This is a multi-part message in MIME format. --------------Ry6wi0Fgv434ZtMt0llMHkk8 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Good point -- "How would I know if an installation was meeting the specs?" It *has* been done before.  From a historical perspective... When TCPV4 was being defined and documented in RFCs (e.g., RFC 793), circa 1981, other activities were happening in the administrative bureaucracy of the US government, outside the realm of the "research community". The US Department of Defense, which purchases huge quantities of electronic equipment, declared TCP to be a "DoD Standard" in the early 1980s.  Further, they changed their purchasing rules so that all equipment purchased, which might need to communicate to other equipment, had to implement TCP.  If you wanted to sell your networked products to the government, they had to implement TCP. This caused industry to suddenly pay attention to what us crazy researchers had done in creating this TCP thing. A separate piece of government, the US National Bureau of Standards (now called NIST), defined a testing procedure for verifying that a particular TCP implementation actually conformed to the documented DoD Standard.   Further, they also created a program which would certify third-party labs as qualified to perform those tests and issue conformance certificates.   Such conformance proof could be submitted by companies as part of their sales process to supply equipment for DoD contracts. I remember this pretty well, since I set up one such TCP Conformance Lab, got it certified, and we performed a lot of testing and consulting to help traditional government contractors figure out what TCP was all about and get their products certified for DoD procurement.  I've never learned who was orchestrating those bureaucratic initiatives, but it seemed like a good idea. There may have been other similar efforts in other countries over the decades since 1981 that I don't know anything about. In the last 40+ years, AFAIK little else has happened for testing, certification, or regulation of Internet technology.   Hundreds, perhaps thousands, of "standards" have been created by IETF and others, defining new protocols, algorithms, and mechanisms for use in the Internet.  I'm not aware of any testing or certification for any Internet technology today, or any way to tell is f any product or service I might buy actually has implemented, correctly, any particular "Internet Standard". Governments can create such mechanisms around important infrastructures, and have done so for transportation and many others.  IMHO they could do the same for Internet, and seem to be trying to do so. But to be effective the administrators, politicians, and regulators need to know more about how the Internet works.   They could create "Conformance Labs".   They could involve organizations such as the Underwriters Lab in the US, CSA in Canada, CE (European Conformity) et al. If they knew they could and decided they should .... Education... Jack Haverty On 10/12/23 12:52, Hal Murray via Nnagain wrote: > Jack Haverty said: >> A few days ago I made some comments about the idea of "educating" the >> lawyers, politicians, and other smart, but not necessarily technically >> adept, decision makers. > That process might work. > > Stanford has run programs on cyber security for congressional staffers. > > From 2015: > Congressional Staffers Headed to Stanford for Cybersecurity Training > https://cisac.fsi.stanford.edu/news/congressional-staffers-headed-stanford-cybe > rsecurity-training > > > >> Today I saw a news story about a recent FCC action, to mandate "nutrition >> labels" on Internet services offered by ISPs: > Is there a chicken-egg problem in this area? > > Suppose I had a nutrition-label sort of spec for a retail ISP offering. How > would I know if an installation was meeting the specs? That seems to need a > way to collect data -- either stand alone programs or patches to existing > programs like web browsers. > > Would it make sense to work on those programs now? How much could we learn if > volunteers ran those programs and contributed data to a public data base? How > many volunteers would we need to get off the ground? > > > Could servers collect useful data? Consider Zoom, YouTube, gmail, downloads > for software updates... > > > --------------Ry6wi0Fgv434ZtMt0llMHkk8 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit Good point -- "How would I know if an installation was meeting the specs?"

It *has* been done before.  From a historical perspective...

When TCPV4 was being defined and documented in RFCs (e.g., RFC 793), circa 1981, other activities were happening in the administrative bureaucracy of the US government, outside the realm of the "research community".

The US Department of Defense, which purchases huge quantities of electronic equipment, declared TCP to be a "DoD Standard" in the early 1980s.  Further, they changed their purchasing rules so that all equipment purchased, which might need to communicate to other equipment, had to implement TCP.  If you wanted to sell your networked products to the government, they had to implement TCP.   This caused industry to suddenly pay attention to what us crazy researchers had done in creating this TCP thing.

A separate piece of government, the US National Bureau of Standards (now called NIST), defined a testing procedure for verifying that a particular TCP implementation actually conformed to the documented DoD Standard.   Further, they also created a program which would certify third-party labs as qualified to perform those tests and issue conformance certificates.   Such conformance proof could be submitted by companies as part of their sales process to supply equipment for DoD contracts.

I remember this pretty well, since I set up one such TCP Conformance Lab, got it certified, and we performed a lot of testing and consulting to help traditional government contractors figure out what TCP was all about and get their products certified for DoD procurement.  I've never learned who was orchestrating those bureaucratic initiatives, but it seemed like a good idea.  There may have been other similar efforts in other countries over the decades since 1981 that I don't know anything about.
 
In the last 40+ years, AFAIK little else has happened for testing, certification, or regulation of Internet technology.   Hundreds, perhaps thousands, of "standards" have been created by IETF and others, defining new protocols, algorithms, and mechanisms for use in the Internet.  I'm not aware of any testing or certification for any Internet technology today, or any way to tell is f any product or service I might buy actually has implemented, correctly, any particular "Internet Standard".

Governments can create such mechanisms around important infrastructures, and have done so for transportation and many others.  IMHO they could do the same for Internet, and seem to be trying to do so. 

But to be effective the administrators, politicians, and regulators need to know more about how the Internet works.   They could create "Conformance Labs".   They could involve organizations such as the Underwriters Lab in the US, CSA in Canada, CE (European Conformity) et al.

If they knew they could and decided they should .... Education...

Jack Haverty

On 10/12/23 12:52, Hal Murray via Nnagain wrote:
Jack Haverty said:

A few days ago I made some comments about the idea of "educating" the
lawyers, politicians, and other smart, but not necessarily technically
adept, decision makers.

That process might work.

Stanford has run programs on cyber security for congressional staffers.

>From 2015:
Congressional Staffers Headed to Stanford for Cybersecurity Training
https://cisac.fsi.stanford.edu/news/congressional-staffers-headed-stanford-cybe
rsecurity-training




Today I saw a news story about a recent FCC action, to mandate "nutrition
labels" on Internet services offered by ISPs:

Is there a chicken-egg problem in this area?

Suppose I had a nutrition-label sort of spec for a retail ISP offering.  How 
would I know if an installation was meeting the specs?  That seems to need a 
way to collect data -- either stand alone programs or patches to existing 
programs like web browsers.

Would it make sense to work on those programs now?  How much could we learn if 
volunteers ran those programs and contributed data to a public data base?  How 
many volunteers would we need to get off the ground?


Could servers collect useful data?  Consider Zoom, YouTube, gmail, downloads 
for software updates...

--------------Ry6wi0Fgv434ZtMt0llMHkk8--