Verizon Public Policy on Netflix

Mon Jul 21 16:15:39 UTC 2014

On Mon, Jul 21, 2014 at 5:31 AM, Michael Conlen <mike at conlen.org> wrote:

>
> On Jul 18, 2014, at 2:32 PM, Jay Ashworth <jra at baylink.com> wrote:
>
> > ----- Original Message -----
> >> From: "Owen DeLong" <owen at delong.com>
> >
> >> But the part that will really bend your mind is when you realize that
> >> there is no such thing as "THE Internet".
> >
> > "The Internet as "the largest equivalence class in the reflexive,
> transitive, symmetric closure of the relationship 'can be reached by an IP
> packet from'"
> > -- Seth Breidbart.
>
> I happen to like this idea but since we are getting picky and equivalence
> classes are a mathematical structure 'can be reached by an IP packet from’
> is not an equivalence relation. I will use ~ as the relation and say that x
> ~ y if x can be reached by an IP packet from y
>
> In particular symmetry does not hold. a ~ b implies that a can be reached
> by b but it does not hold that b ~ a; either because of NAT or firewall or
> an asymmetric routing fault. It’s also true that transitivity does not
> hold, a ~ b and b ~ c does not imply that a ~ c for similar reasons.
>

One might argue, however, that Seth's definition
would hold for the original, open, end-to-end
connectivity model of the internet; and that by
extension, what many people think of as being
on the internet, huddling behind their NATs and
their firewalls, is not really truly on the internet.

Yes, I realize that's a much narrower definition,
and most people would argue against it; but it
does rather elegantly frame "The Internet"
as the set of fully-connected, unshielded
IP connected hosts.

>
> Therefore, the hypothesis that ‘can be reached by an IP packet from’
> partitions the set of computers into equivalence classes fails.
>
>
Not quite; the closure *does* create an
equivalence class--it's just not the one
you were expecting it to be.  That is,
the fully-connected internet equivalence
class of Seth's definition is smaller than
what you'd like to consider "The Internet"
to be, but it is a valid equivalence class.

> Perhaps if A is the set of computers then “The Internet” is the largest
> subset of AxA, say B subset AxA, such for (a, b) in B the three relations
> hold and the relation partitions B into a single equivalence class.
>
> That really doesn’t have the same ring to it though does it.
>

And one might argue that it's a more liberal
interpretation of "The Internet" than what Seth
had intended.

As a though exercise...imagine a botnet
owner that used encrypted payloads in ICMP
packets for the command-and-control messages
for her botnet army; no 'ack' is required, the
messages simply need to make it from the
control node to the zombies.  She pops up
a control node using unallocated, unannounced
IP space; the host sends out control messages,
never expecting to get responses, as the IP
address it's using has no corresponding route
in the global routing table.  Is that control host
part of "The Internet?"

Seth's definition makes it clear that control
host, spewing out its encrypted ICMP control
messages in a one-way stream, is *not* part
of "The Internet."  Do we concur?  Or is there
some notion of that control host still being
somehow part of "The Internet" because it's
able to send evil nasty icky packets at the
rest of the better-behaved Internet, even if
we can't respond in any way?

I find myself leaning towards Seth's definition,
and supporting the idea that even though that
host is sending a stream of IP traffic at my
network, it's not part of "The Internet"--even
though that conflicts with what my security
team would probably say ("if it can attack me
with IP datagrams, it's part of the internet.").

It's actually a deceptively tough question
to wrestle with.

> —
> Mike
>
>
Thanks!

Matt