Operator survey: Incrementally deployable secure Internet routing

scott surfer at mauigateway.com
Tue Jan 25 00:59:25 UTC 2022


Hello,

"are described in further detail in the survey"

Doing the survey gives legitimacy to something I feel is not correct

-------

"We understand the privacy concern. As for SBAS, the backbone is 
operated in a federated manner among PoP operators."

I asked about the ISDs and put a FAQ you have as an example.  I didn't 
ask about the SBAS.  It seems to me that the ingress/egress of an ISD is 
the place a government surveillance network would reside.  All country 
internet communications go through a chokepoint to get on the SBAS, so 
it's easier to surveil the population.  Especially if you envision the 
ISD to have its own DNS.

scott





On 1/22/2022 5:22 PM, Yixin Sun wrote:
> Hi Scott,
>
> Thank you for your comment! We understand the privacy concern. As for 
> SBAS, the backbone is operated in a federated manner among PoP 
> operators. In our current deployment, the PoP operators are located 
> across three continents. On the other hand, due to the federated 
> structure of the SBAS PoP operators, a governance structure is needed 
> to coordinate global operation. We have outlined four potential 
> governance models, i.e., ICANN and Regional Internet Registries, a 
> multi-stakeholder organization, a federation of network providers, or 
> a decentralized governance model. The four models are described in 
> further detail in the survey, and we would love to hear your opinions 
> about them.
>
> Best,
> Yixin
>
> On Fri, Jan 21, 2022 at 8:24 PM scott <surfer at mauigateway.com> wrote:
>
>
>
>
>     On 1/21/2022 12:07 PM, Yixin Sun wrote:
>>
>>     We appreciate that your time is very precious, but we wanted to
>>     ask you for your help in answering a brief survey about a new
>>     secure routing system we have developed in a research
>>     collaboration between ETH, Princeton University, and University
>>     of Virginia. We'd like to thank those of you who have already
>>     helped us fill out the survey and provided insightful feedback.
>>     Your input is critical for helping inform our further work on
>>     this project.
>>
>>     Here is the link to our survey, which takes about 10 minutes to
>>     complete, including watching a brief 3-minute introductory video:
>>     https://docs.google.com/forms/d/e/1FAIpQLSc4VCkqd7i88y0CbJ31B7tVXyxBlhEy_zsYZByx6tsKAE7ROg/viewform?usp=pp_url&entry.549791324=NANOG+mailing+list
>>     <https://docs.google.com/forms/d/e/1FAIpQLSc4VCkqd7i88y0CbJ31B7tVXyxBlhEy_zsYZByx6tsKAE7ROg/viewform?usp=pp_url&entry.549791324=NANOG+mailing+list>
>>
>>     Our architecture, called Secure Backbone AS (SBAS), allows
>>     clients to benefit from emerging secure routing deployments like
>>     SCION by tunneling into a secure infrastructure. SBAS provides
>>     substantial routing security improvements when retrofitted to the
>>     current Internet. It also provides benefits even to
>>     non-participating networks and endpoints when communicating with
>>     an SBAS-protected entity.
>>
>>     We currently have a functional prototype of this network using
>>     SCIONLab (for the secure backbone) and the PEERING testbed (to
>>     make outbound BGP announcements). Our ultimate aim is to develop
>>     and deploy SBAS beyond an experimental scope, and the input of
>>     network operators that would actually have to run these PoPs
>>     would greatly benefit this project and help make secure routing a
>>     reality.
>
>
>
>
>     This all looks like a network made for surveilling the planet's
>     citizens more easily.  Even in the FAQs!
>
>
>     ----------------------------------------------------------------
>
>
>     "Do you use countries as ISDs? Doesn't that create opportunities
>     for government intervention and censorship?
>
>     We're currently looking into the best way to partition the
>     Internet into ISDs, so using countries as ISDs is only one
>     possible option. Countries have the advantage of providing a
>     uniform legal environment, allowing misbehavior in an ISD to be
>     handled according to the legal framework of that ISD."
>
>     ----------------------------------------------------------------
>
>
>
>
>     I guess each country's government will define 'misbehavior' and
>     will have a more easy way to find the misbehaving entity?  Will
>     each ISD (ISD = Isolation Domain) have it's own DNS?  What will
>     you do about space?  The moon?  (That one's coming sooner that
>     folks might expect:
>     https://www.nokia.com/networks/insights/network-on-the-moon) Just
>     say no to internet partitioning.
>
>
>     scott
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220124/18fda97c/attachment.html>


More information about the NANOG mailing list