Posts Tagged ‘critical Internet resources’
IGF-USA 2012: Critical Internet Resources (CIRs) – Evolution of the Internet’s Technical Foundations
Brief session description:
Thursday, July 26, 2012 – Since the initiation of the Internet Governance Forum (IGF), Critical Internet Resources (CIR) and the evolution of the Internet’s technical foundations have been a central focus of ongoing Internet governance debates. Varied views can engender misunderstandings that influence the opinions of global stakeholders, and different views exist about how to advance CIRs. International governmental approaches are proposed by some, while others strongly support the present bottom-up, consensus-driven models. Three foundational technological changes – IPv6, secure Domain Name System (DNSsec) and secure routing – framed the discussion in this workshop. Deployment of these new technical and organizational approaches raises significant challenges to stakeholders, operations and governance arrangements.
Details of the session:
The moderator for the session was Walda Roseman, chief operating officer of the Internet Society. Panelists included:
- Steve Crocker, chair of the board of the Internet Corporation for Assigned Names and Numbers
- John Curran, president and CEO of the American Registry of Internet Numbers
- Richard Jimmerson, director for deployment and operationalization, Internet Society
- Vernita Harris, deputy associate administrator in the Office of International Affairs of NTIA, US Department of Commerce
Thursday’s IGF-USA conference at Georgetown Law Center featured an assembled panel of government and corporate experts who addressed the controversial issues concerning the control of critical Internet resources.
Walda Roseman, chief operating officer of the Internet Society (ISOC), chaired the discussion on the implementation and security of CIRs.
CIRs include IP addresses, domain names, routing tables and telecommunications, or what Steve Crocker, CEO and co-founder of Shinkuro Inc., Internet Hall of Fame member and chair of the board of ICANN, called the base of Internet architecture upon which everything else is built.
Moving from Internet Protocol Version 4 to IPv6
One of the most pressing concerns regarding CIRs is the revision of Internet Protocol (commonly referred to as IP) from version 4 to version 6, now the most dominant protocol for Internet traffic.
IPv4 used 32-bit addresses, allowing for approximately 4.2 billion unique IP addresses, but the growth of the Internet has exceeded those limits. IPv6 uses 128-bit addresses, allowing for about 3.4×1038 unique addresses. This number is equal to approximately 4.8×1028 addresses for each of the seven billion people alive in 2012.
Because headers on IPv4 packets and IPv6 packets are quite different, the two protocols are not interoperable and thus they are both being run in what is called a “double stack.”
However, IPv6 is, in general, seen to be a conservative extension of IPv4. Most transport and application-layer protocols need little or no change to operate over IPv6. The exceptions to this are the application protocols that embed internet-layer addresses, such as FTP and NTPv3. In these, the new address format may cause conflicts with existing protocol syntax.
Internet service providers, the Internet Society and many large Internet-based enterprises worked to support a World IPv6 Launch on June 6 this year to help accelerate the adoption of IPv6.
John Curran, president and CEO of the American Registry for Internet Numbers, said upgrading to IPv6 is a necessary step for “any enterprise that wants to still be in business in five years,” because it enables them to continue to reach new customers and grow.
When asked about the costs or burdens of upgrading to IPv6 for small businesses, Curran explained that in most cases the burden would fall on the hosting company through which they run their website.
Chris Griffiths, director of high-speed Internet and new business engineering for Comcast, confirmed this, stating his company would have to upgrade to continue to attract new clients.
Security issues always loom large in Internet evolution
The development of the Internet has led to a need for Domain Name System Security, or DNSSEC. Curran explained that DNSSEC maintains the integrity of the Internet by ensuring the information users obtain is from the source they believe they are corresponding with, essentially preventing redirection to fraudulent websites.
Redirection could come from hackers, hijackers and phishers, but also the US government, should initiatives such as SOPA or PIPA pass.
“My primary interest is keeping the open Internet alive,” said Richard Jimmerson, director of deployment and operationalization for ISOC. “Somebody in this room will want to invent the next Facebook or Yahoo! Today, that is possible, but if we do not pay attention to certain things, that may not be possible anymore.”
Griffiths said Comcast and other Internet technology companies work together through governance processes now in place to address, for example, the types of security vulnerabilities that can drive action to work to avoid future risk, and in making adjustments in infrastructure and dealing with other emerging challenges.
Conflicts arise over the management of CIRs
The US government currently maintains the most control globally over CIRs. This is not well received by some critics around the world, as they fear that the United States may abuse its power. Some have also proposed that they would like to see a roadmap of the Internet for the next 20 years.
Curran addressed these concerns by stating that the US government has a positive track record regarding the respectful and neutral administration of its responsibility for CIRs, mostly leaving all of the operational details to multistakeholder global governance bodies such as the Internet Engineering Task Force and ICANN, and added that roadmap would not likely be effective as there are too many unknowns moving forward.
Vernita Harris, deputy associate administrator of the National Telecommunications and Information Administration, explained that the newest Internet Assigned Numbers Authority (IANA) contract indicates it expects that ICANN and aspects of control over the Internet architecture “will be multi-stakeholder driven, addressing the concerns of all users both domestic and international.”
— Brennan McGovern
This panel, moderated by Robert Guerra of Freedom House, focused on critical Internet resources and how to ensure that the underlying principles that have led to the Internet’s success persist in the face of security challenges. These principles include openness (open standards, open technologies), accessibility transparency, bottom-up decision-making, cooperation and multi-stakeholder engagement. Key to implementing these principles is also a broadened understanding of the role of the infrastructure providers, such as global and national Internet services/connectivity providers who build and operate the backbones and edge networks. The panel was also expected to address some of the implications for the implementation of DNSSEC and IPv6 on a national basis that contribute to the security and resiliency of CIR on a global basis.
Details of the session:
The Internet’s success well into the future may be largely dependent on how it responds and reacts to increasing security challenges, according to panelists in a critical Internet resources workshop at the IGF-USA conference July 21 in Washington, D.C.
The Internet continues to evolve. It is also growing, as it becomes accessible to billions more people. The major challenge of our generation is to make the Internet more secure while continuing to promote openness, accessibility, transparency, bottom-up decision-making, cooperation and multistakeholder engagement. It is important that organizations continue to retain these values as much as possible as they react to cybersecurity and cybertrust issues.
Panelists at this workshop included:
- Moderator Robert Guerra, Freedom House
- Trent Adams, outreach specialist for the Internet Society
- Matt Larson, vice president of DNS research for VeriSign
- Steve Ryan, counsel to the American Registry for Internet Numbers
- Patrick Jones, senior manager of continuity and risk management for ICANN
- Jeff Brueggeman, vice president for public policy for AT&T
Panelists all expressed a desire to continue to engage in multifaceted talks because a single governmental entity is not the solution; it takes many people working together. As Brueggeman put it, there’s no “silver bullet” for the issue of Internet security.
“What we do on a day-to-day basis is ensure that those conversations take place,” Adams said. “The (critical Internet) resource is not a thing you can touch. You have this mesh of interconnected components that is the critical resource. You can’t pull one of those components out. Everyone must be around that table.”
So what’s the solution? The answer to that question is still a little unclear because Internet service providers and other organizations are often reactive to issues. Brueggeman said it’s time to embrace a forward-thinking approach.
“Things can get complicated when you’re reacting to an attack,” he said. “The best way to deal with these things is to try to think about them up front. How do we detect and prevent rather than react after the fact? How can we have more cooperative information sharing before attacks to try to prevent them and have the best information we can?”
Ryan stressed, though, that not all government is bad. He said citizens and organizations need to think “carefully about what the role of the government is.” But still, there should be a symbiotic relationship.
“There’s become a sense in government policy circles, including in the most sophisticated, that somehow (the Internet) runs on its own and you can’t break it,” he said. “I have news for you: You can break it. We look at government as something that has an increasingly important role because the Internet has an increasingly important role in economies.”
Ryan continued by saying non-governmental organizations have a responsibility to work with governments and to educate the people who work in them. He and the other panelists agreed that an international governmental organization wouldn’t work, though, unless core Internet values are embraced and upheld. They said a set-up that would allow countries around the world to vote on how the Internet is governed would not be a favorable solution.
“Until we get it right,” Ryan said, “I think we’re muddling along rather well.”
DNS issues and DNSSEC
Larson spoke specifically about the security of the Domain Name System because he views the DNS as an absolutely critical Internet resource. “If you don’t have the DNS, you don’t have the Internet,” he noted. He said users can’t truly trust the DNS, though, which is a bit disconcerting because of its necessity.
He supports DNSSEC—Domain Name System Security Extensions—which give users digital signatures (origin authentication) and data integrity. “Once you have that, you can validate data and have a higher level of confidence that the data you’re getting back is valid,” Larson said.
(You can read more about DNSSEC here: http://en.wikipedia.org/wiki/Dnssec.)
He also said that DNSSEC makes DNS more trustworthy and critical to users as more applications—not just host names—depend on it. “We’re going to look back and realize it enabled a whole new class of applications to put information in the DNS,” Larson said. “Now you can trust the information coming out of the DNS.”
Going from IPv4 to a combination with IPv6
Ryan emphasized the importance of Internet Protocol version 6, IPv6, a new Internet layer protocol for packet switching that will allow a “gazillion numbers” vastly expanding the address space online. There is a rapidly decreasing pool of numbers left under IPv4. Ryan said the increased flexibility of IPv6 will allow for the continued growth of the Internet, but it won’t be a free-for-all.
“The numbers we have issued are not property,” he said. “We have a legal theory that’s embodied in every contract we’ve issued. They belong to community. If you’re not using them, you have to give them back. They are in essence an intangible, non-property interest, so over the next couple of years there will be some very interesting legal issues.”
ICANN in action
Jones said ICANN, which recently passed its 10-year milestone, has continued to work collaboratively with the community to take on major initiatives, such as the introduction of internationalized domain names in the root.
“We have taken requests from countries for internationalized country codes and approved 15,” Jones said.
“There’s a huge development in those regions of the world where you can now have domain names and an Internet that reflects their own languages and scripts. That will have an impact as discussion around critical Internet resources continues, especially in the IGF space.”
Physical critical resources
Brueggeman said AT&T has a broader perspective of critical Internet resources because the company is responsible for carrying Web traffic and for the underlying infrastructure, not just involved in issues tied to the DNS. He said the transition to IPv6 is daunting because it’s not backward-compatible. His main challenge has been in outreach efforts to customers.
“We have to deal with a lot of traffic that’s generated as we’re making changes to DNSSEC and IPv6,” he said. “In some cases, you might create some new security concerns, but overall both are important essential transitions.”
Brueggeman emphasized that multistakeholder discussions will be important in the coming years.
“We really need all of the parties who have the direct stake at the table to be part of the solution,” he said. “We need to have the resources handled in a way that promotes openness and promotes interoperability. There’s a huge policy risk of not managing these resources in a multistakeholder way.”
-by Colin Donohue, http://imaginingtheinternet.org
The 2009 IGF-USA session description of this panel is: “Critical Internet Resources (CIR) and the evolution of the Internet’s technical foundations are a central theme of Internet governance debates. Three foundational technological changes – IPv6 (the ‘new’ version of the protocol for the Internet); secure DNS (domain name system security) and secure routing – will underpin the dialogue between key experts from the Internet community, business and government. The successful implementation of these technologies can expand and improve the security of the Internet’s core infrastructures, but deployment raises significant challenges for Internet infrastructure providers and policy makers, and has implications for governance arrangements.”
Brenden Kuerbis, operations director for the Internet Governance Project, based at Syracuse University, served as moderator for a panel that included Alain Durand, director and IPv6 architect, office of the CTO of Comcast; David Conrad, VP for research and IANA Strategy for the Internet Corporation for Assigned Names and Numbers (ICANN); Fiona Alexander, associate administrator, National Telecommunications and Information Administration, U.S. Department of Commerce; and Stephen Ryan, general counsel for the American Registry for Internet Numbers (ARIN).
Kuerbis noted that documents drawn up during the World Summits on the Information Society suggest that critical Internet resources should be managed through global agreements.
“In the third year of IGF, control of CIR was raised forcefully by a member of the Chinese delegation,” Kuerbis said.
Going forward, the management of critical Internet resources is likely to become more contentious. – Brenden Kuerbis
He noted the implementation of IPv6 and attempts to introduce more security will complicate the management of CIR.
David Conrad said there are critical Internet resources at all layers of the Internet infrastructure. Not all are being discussed at IGF. “You need electricity, you need IP addresses, routing infrastructure, ports,” he said. “In my experience in the IGF context the focus has only been on a select set of resources – those that are involved in what ICANN does. Electricity is more important than whether or not you can get a domain name. There is a focus on the developed world.”
He added that DNS security and routing are important topics that once again tend to have the policy dialogue centered around ICANN. “It is a place where most of the decisions are made around critical Internet resources – it is a community, just like the RIRs are communities that develop policies in a community-driven, bottom-up process. I encourage you to participate in these meetings.”
Stephen Ryan of ARIN discussed the Regional Internet Registries and their role in CIR. There are five recognized registries located in regions around the world. They were established in the 1990s. He said each “develops policies in its own regions regarding Internet numbering and associated issues.” The leaders of the five registries also meet to set common global policies. The boards are voluntary, and anyone is invited to participate in the process of governing the RIRs. These organizations provide Whois service and assign and give out numbers – IP addresses.
There was some discussion of the fact that IPv4 addresses are being depleted. This was anticipated years ago, and IPv6 is being adopted. “What’s our biggest challenge in regard to critical Internet resources?” he asked. “The numbers resources and the switch to IPv6. The fixed number of IPv4 numbers the free pool of remaining IPv4 resources is small.
Clearly we’re going to have to run IPv4 and IPv6 systems in tandem and that’s going to cause problems. Not many people in America understand IP numbers and that their modems won’t work. – Stephen Ryan
He closed by smiling and saying, “Buy Cisco stock, that’s a tip.”
Alain Durand of Comcast spoke as a panel member who could speak to the CIR concerns of large technology companies.
We are trying to actively participate. The bottom-up policy process has been successful. It has been flexible enough to meet all of our demands and we would like it to go on. – Alain Durand
The depletion of IPv4 addresses is of concern, he said. “If you are a large service provider with many customers and you are growing you are going to be impacted more than individual users,” he said. “We have been concerned about imbalances between the RIRs in the world and that is why we have been participating in RIPE discussions, LACNIC discussions and participated in this process as a member of the community.”
Fiona Alexander of NTIA agreed that too much of the discussion of the World Summit on the Information Society text is absorbed by “people’s preoccupation with the domain name system.”
“The network is so decentralized,” she said in reference to the global Internet and the people engaged in working toward its evolution, “but the one organizing group everyone recognizes tends to be ICANN. When you read the WSIS text it explicitly says there are things beyond domain names. We should look at other things as a national priority and as we go into the global discussion of critical Internet resources.”
She said people in government are recognizing they need to understand the layers of architecture to understand its evolution and address needs.
“As the discussion is progressing in our own government about issues related to Internet or telecommunications you really have to understand the network architecture to make smart policy.
You have to more and more understand the different layers of this network. Governments are listening they are interested in these issues. – Fiona Alexander
She added that governments know the uptake of IPv6 is important. “This is on the agenda of governments,” she said. “Our own government is struggling with this. We are working closely with NIST as we look at these issues – it helps that we are both in the Department of Commerce. It’s one of the things we are looking at as we assess the transitions that are fundamental to the network.”
-Janna Anderson, http://www.imaginingtheinternet.org