[NNagain] Internet Education for Non-technorati?

Jack Haverty jack at 3kitty.org
Fri Oct 13 14:47:36 EDT 2023 

Good point -- "How would I know if an installation was meeting the specs?"

It *has* been done before.  From a historical perspective...

When TCPV4 was being defined and documented in RFCs (e.g., RFC 793), 
circa 1981, other activities were happening in the administrative 
bureaucracy of the US government, outside the realm of the "research 
community".

The US Department of Defense, which purchases huge quantities of 
electronic equipment, declared TCP to be a "DoD Standard" in the early 
1980s.  Further, they changed their purchasing rules so that all 
equipment purchased, which might need to communicate to other equipment, 
had to implement TCP.  If you wanted to sell your networked products to 
the government, they had to implement TCP. This caused industry to 
suddenly pay attention to what us crazy researchers had done in creating 
this TCP thing.

A separate piece of government, the US National Bureau of Standards (now 
called NIST), defined a testing procedure for verifying that a 
particular TCP implementation actually conformed to the documented DoD 
Standard.   Further, they also created a program which would certify 
third-party labs as qualified to perform those tests and issue 
conformance certificates.   Such conformance proof could be submitted by 
companies as part of their sales process to supply equipment for DoD 
contracts.

I remember this pretty well, since I set up one such TCP Conformance 
Lab, got it certified, and we performed a lot of testing and consulting 
to help traditional government contractors figure out what TCP was all 
about and get their products certified for DoD procurement.  I've never 
learned who was orchestrating those bureaucratic initiatives, but it 
seemed like a good idea. There may have been other similar efforts in 
other countries over the decades since 1981 that I don't know anything 
about.

In the last 40+ years, AFAIK little else has happened for testing, 
certification, or regulation of Internet technology.   Hundreds, perhaps 
thousands, of "standards" have been created by IETF and others, defining 
new protocols, algorithms, and mechanisms for use in the Internet.  I'm 
not aware of any testing or certification for any Internet technology 
today, or any way to tell is f any product or service I might buy 
actually has implemented, correctly, any particular "Internet Standard".

Governments can create such mechanisms around important infrastructures, 
and have done so for transportation and many others.  IMHO they could do 
the same for Internet, and seem to be trying to do so.

But to be effective the administrators, politicians, and regulators need 
to know more about how the Internet works.   They could create 
"Conformance Labs".   They could involve organizations such as the 
Underwriters Lab in the US, CSA in Canada, CE (European Conformity) et al.

If they knew they could and decided they should .... Education...

Jack Haverty

On 10/12/23 12:52, Hal Murray via Nnagain wrote:
> Jack Haverty said:
>> A few days ago I made some comments about the idea of "educating" the
>> lawyers, politicians, and other smart, but not necessarily technically
>> adept, decision makers.
> That process might work.
>
> Stanford has run programs on cyber security for congressional staffers.
>
>  From 2015:
> Congressional Staffers Headed to Stanford for Cybersecurity Training
> https://cisac.fsi.stanford.edu/news/congressional-staffers-headed-stanford-cybe
> rsecurity-training
>
>
>
>> Today I saw a news story about a recent FCC action, to mandate "nutrition
>> labels" on Internet services offered by ISPs:
> Is there a chicken-egg problem in this area?
>
> Suppose I had a nutrition-label sort of spec for a retail ISP offering.  How
> would I know if an installation was meeting the specs?  That seems to need a
> way to collect data -- either stand alone programs or patches to existing
> programs like web browsers.
>
> Would it make sense to work on those programs now?  How much could we learn if
> volunteers ran those programs and contributed data to a public data base?  How
> many volunteers would we need to get off the ground?
>
>
> Could servers collect useful data?  Consider Zoom, YouTube, gmail, downloads
> for software updates...
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/nnagain/attachments/20231013/00ad2ec8/attachment.html>

More information about the Nnagain mailing list