Most of Pouzin’s career has been devoted to the design and implementation of computer systems, most notably the CYCLADES computer network.
Interview with Louis Pouzin, a pioneer of the Internet and recipient of the Chevalier of Légion d’Honneur, the highest civilian decoration of the French government
Louis Pouzin is recognised for his contributions to the protocols that make up the fundamental architecture of the Internet. Most of his career has been devoted to the design and implementation of computer systems, most notably the CYCLADES computer network and its datagram-based packet-switching network, a model later adopted by the Internet as Transmission Control Protocol (TCP)/Internet Protocol (IP). Apart from the Chevalier of Légion d’Honneur, Mr. Pouzin, 83, was the lone Frenchman among American awardees of the Queen Elizabeth Prize for Engineering, given to the inventors of Internet technology in its inaugural year, 2013.
Ahead of the ninth annual meeting of the Internet Governance Forum (IGF) from September 2-5 in Istanbul, Mr. Pouzin shared his concerns regarding the monopoly enjoyed by the U.S. government and American corporations over the Internet and the need for democratising what is essentially a global commons. Excerpts from an interview, over Skype, with Vidya Venkat.
What are the key concerns you would be discussing at the IGF ?
As of today, the Internet is controlled predominantly by the U.S. Their technological and military concerns heavily influence Internet governance policy. Unfortunately, the Brazil Netmundial convened in April, 2014, with the Internet Corporation for Assigned Names and Numbers (ICANN), following objections raised by [Brazilian] President Dilma Rousseff to the National Security Agency (NSA) spying on her government, only handed us a non-binding agreement on surveillance and privacy-related concerns. So the demand for an Internet bill of rights is growing loud. This will have to lay out what Internet can and cannot do. Key government actors must sign the agreement making it binding on them. The main issue pertaining to technological dominance and thereby control of the network itself has to be challenged and a bill of rights must aim to address these concerns.
What is the way forward if the U.S. dominance has to be challenged?
Today, China and Russia are capable of challenging U.S. dominance. Despite being a strong commercial power, China has not deployed Internet technology across the world. The Chinese have good infrastructure but they use U.S. Domain Naming System, which is a basic component of the functioning of the Internet. One good thing is because they use the Chinese language for domain registration, it limits access to outsiders in some way.
India too is a big country. It helps that it is not an authoritarian country and has many languages. It should make the most of its regional languages, but with regard to technology itself, India has to tread more carefully in developing independent capabilities in this area.
As far as European countries are concerned, they are mostly allies of the U.S. and may not have a strong inclination to develop independent capabilities in this area. Africa again has potential; it can establish its own independent Internet network which will be patronised by its burgeoning middle classes.
So you are saying that countries should have their own independent Internet networks rather than be part of one mega global network ?
Developing independent networks will take time, but to address the issue of dominance in the immediate future we must first address the monopoly enjoyed by ICANN, which functions more or less as a proxy of the U.S. government. The ICANN Domain Naming System (DNS) is operated by VeriSign, a U.S. government contractor. Thus, traffic is monitored by the NSA, and the Federal Bureau of Investigation (FBI) can seize user sites or domains anywhere in the world if they are hosted by U.S. companies or subsidiaries.
ICANN needs to have an independent oversight body. The process for creating a new body could be primed by a coalition of states and other organisations placing one or several calls for proposals. Evaluation, shortlist, and hopefully selection, would follow. If a selection for the independent body could be worked out by September 2015, it would be well in time for the contract termination of the Internet Assigned Numbers Authority (IANA) with the U.S. government.
The most crucial question is should governments allow citizens to end up as guinea pigs for global internet corporations ?
Breaking that monopoly does not require any agreement with the U.S. government, because it is certainly contrary to the World Trade Organization’s principles. In other words, multiple roots [DNS Top Level Domains (TLD)] are not only technically feasible; they have been introduced in the Internet back in 1995, even before ICANN was created. This avenue is open to entrepreneurs and institutions for innovative services tailored to user needs, specially those users unable to afford the extravagant fees raked in by ICANN. The deployment of independent roots creates competition and contributes to reining in devious practices in the domain name market.
The U.S. government is adamant on controlling the ICANN DNS. Thus, copies (mirrors) should be made available in other countries out of reach from the FBI. A German organisation Open Root Server Network is, at present, operating such a service. To make use of it, users have to modify the DNS addresses in their Internet access device. That is all, usage is free.
But would this process not result in the fragmentation of the Internet ?
Fragmentation of the Internet is not such a bad thing as it is often made out to be. The bone of contention here is the DNS monopoly. On August 28, nearly 12 millions Internet users subscribing to Time Warner’s cable broadband lost connectivity due to a sudden outage in one day. In a world of fragmented Internet networks, such mass outages become potentially impossible. The need of the hour is to work out of the current trap to use a more interoperable system.
In this context, a usual scarecrow brandished by the U.S. government is fragmentation, or Balkanisation, of the Internet. All monopolies resort to similar arguments whenever their turf is threatened by a looming competition. Furthermore, the proprietary naming and unstable service definitions specific to the likes of Amazon, Apple, Facebook, Google, Twitter, and more, have already divided the Internet in as many closed and incompatible internets of captive users.
Recently, the Indian External Affairs Minister had objected to U.S. spying on the Bharatiya Janata Party. Can governments like India use a forum like IGF to raise concerns relating to surveillance ?
Even if governments do attend IGF, they do not come with a mandate. A major problem with the Internet governance space today is that they are under the dominance of corporate lobbies. So it is a bit hard to say what could be achieved by government participation in the IGF. This is a problem of the IGF : it has no budget or secretary general, it is designed to have no influence and to maintain the status quo. That is why you have a parallel Internet Ungovernance Forum which is not allying with the existing structure and putting forth all the issues they want to change. Indian citizens could participate in this forum to raise privacy and surveillance-related concerns.
Do you feel Internet governance is still a very alien subject for most governments and people to engage with ?
Unfortunately, the phrase “Internet governance” is too abstract for most people and governments to be interested in. The most crucial question is what kind of society do you want to live in? Should governments allow citizens to end up as guinea pigs for global Internet corporations? The revelations by NSA contractor Edward Snowden have proved beyond doubt that user data held by Internet companies today are subject to pervasive surveillance. Conducting these intrusive activities by controlling the core infrastructure of the Internet without obtaining the consent of citizen users is a big concern and should be debated in public. Therefore, debates about Internet governance are no longer alien; they involve all of us who are part of the network.❞
This week, the routing table of the Internet reached 512 000 routes... “It’s not just you. Many Internet providers have been having trouble as they run into long expected (but not adequately prepared for) routing table problems.”
Un témoignage en français d’un opérateur, avec les jolis messages d’erreur du Cisco : « FIB TCAM exception for IPv4
unicast. Packets through some routes will be dropped. » ▻http://email@example.com/msg29487.html
Et un autre très bon article technique, expliquant notamment pourquoi il ne s’est en fait pas passé grand’chose (les vieux routeurs sont sur le bord, pas au cœur) ▻http://www.renesys.com/2014/08/internet-512k-global-routes
Why #IPv6 #security is so hard - structural deficits...
Best IPv6 presentation I have read in quite a while - makes a powerful point about IPv6’s complexity.
OpenBTS.org is an open source software project dedicated to revolutionizing mobile networks by substituting legacy telco protocols and traditionally complex, proprietary hardware systems with Internet Protocol and a flexible software architecture. This architecture is open to innovation by anybody, allowing the development of new applications and services and dramatically simplifying the setting up and operation of a mobile network.
‘American victims of terror sponsored by Iran have moved to seize the internet licenses, contractual rights and domain names being provided by the United States to the extremist regime in Tehran.’
“The families, who hold unsatisfied American federal court judgments amounting to more than a billion dollars against the Iranian government seek to own all the ‘top-level domain’ (TLD) names provided by the US to Iran including the .ir TLD, the ایران TLD and all Internet Protocol (IP) addresses being utilized by the Iranian government and its agencies.”
‘The court papers have been served on the Internet Corporation for Assigned Names and Numbers (ICANN), an agency of the US Department of Commerce [sic] in Washington, DC, which administrator [sic again] the World Wide Web [more sic].’
Most people who relayed this story only mentioned the possible seizure of the ccTLD, .IR. But the press release also mentions IP addresses, which, for Iran, are distributed through the #RIPE-NCC
The RIPE-NCC was already threatened about its iranian members ▻http://www.ripe.net/internet-coordination/news/announcements/ripe-ncc-receives-communication-from-united-against-nuclear-iran-uani
Génial ! Une fois que l’Iran n’aura plus d’adresses IP , Deutsche Telekom, Orange ou un FAI des US pourra se faire du fric en leur louant des réseaux de catégorie C ....
As in post-Communist Europe, these first thoughts about freedom in cyberspace tied freedom to the disappearance of the state. As John Parry Barlow, former lyricist for the Grateful Dead and co-founder of the Electronic Frontier Foundation, declared in his “Declaration of Independence for Cyberspace” ,
Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.
C’est vrai, même les gouvernements ne résistent plus où les nouveaux propriétaires des réseaux forcent la porte. Barlow et Lessig avaient une idée assez différente de la liberté du net, même si le dernier critiquait la naiveté du premier.
Slow IPv6 adoption is a GOOD THING as IETF plans privacy boost
(Careful, there is a wrong reference to RFC 4860 in the Register article - where they probably mean 4862)
What’s more interesting though are the 50+ comments, of which a big chunk revolves around the NAT subject and IPv6 design (failures).
The irony is true however, that "one of the reasons it took such a long time to nail down IPv6 was the amount of effort that went in to the mobility problem - making sure your address (and the traffic routed to it) followed you round as you moved."
Self-Hosting, IPv6 and carrier-grade NAT
Since IPv4 addresses have become sparse internet access providers tend to keep users inside a carrier-grade NAT prison . Here are some informations on how to re-establish connections to your home-server.
How to use IPv6 on an Android phone anywhere
How to contact your home-server in spite of carrier-grade NAT (#auf_deutsch)
How to create a restricted SSH user for port forwarding?
Citrix-Blog about DS-Lite and other technologies
Today, I disabled IPv6 at home. Yes, it’s a shame.
But until Google changes its restrictive policies on IPv6 senders, I have no other choice.
Of course, some people pointed out to me that I might just change to another Internet access provider. But this is bullshit. I’ve got one of the geekiest ISP in Europe… the only thing they are not doing right in this, is not giving me the possibility to set a rDNS on my IPv6 (for now, this is still only possible for my IPv4 address; I understand that this is probably not high priority at the moment…)
What other choices do I have then?
I could try to find an even geekier ISP and switch to franciliens the Paris-area DIY-ISP. But even if they are geekier, they don’t enable IPv6 at the moment.
The other solution would be to get some special service (...)
“Each #RIPE_Atlas probe has at least one #DNS resolver, indicated by a DHCP reply on the local network of the probe. Irrespective of the IP address of the resolver, this server may have IPv4 and #IPv6 connectivity or only IPv4 connectivity. What is the percentage of IPv6-enabled resolvers among RIPE Atlas probes?”
Jacob Appelbaum: The American Wikileaks Hacker | Culture News | Rolling Stone
He beckons me over to one of his eight computers and presses several keys, activating Blockfinder. In less than 30 seconds, the program lists all of the Internet Protocol address allocations in the world — potentially giving him access to every computer connected to the Internet. Appelbaum decides to home in on Burma, a small country with one of the world’s most repressive regimes. He types in Burma’s two-letter country code: “mm,” for Myanmar. Blockfinder instantly starts to spit out every IP address in Burma.
Blockfinder informs Appelbaum that there are 12,284 IP addresses allocated to Burma, all of them distributed by government-run Internet-service providers. In Burma, as in many countries outside the United States, Internet access runs through the state. Appelbaum taps some keys and attempts to connect to every computer system in Burma. Only 118 of them respond. “That means almost every network in Burma is blocked from the outside world,” he says. “All but 118 of them.”
These 118 unfiltered computer systems could only belong to organizations and people to whom the government grants unfettered Internet access: trusted politicians, the upper echelons of state-run corporations, intelligence agencies.
“Now this,” Appelbaum says, “is the good part.”
He selects one of the 118 networks at random and tries to enter it. A window pops up asking for a password. Appelbaum throws back his head and screams with laughter — a gleeful, almost manic trill. The network runs on a router made by Cisco Systems and is riddled with vulnerabilities. Hacking into it will be trivial.
It’s impossible to know what’s on the other side of the password. The prime minister’s personal e-mail account? The network server of the secret police? The military junta’s central command? Whatever it is, it could soon be at Appelbaum’s fingertips.
So will he do it?
“I could,” Appelbaum says, with a smile. “But that would be illegal, wouldn’t it?”
#Google now seeing 2% #IPv6 traffic – the #Internet is changing !
Note the weekly cycle with week-end peaks: IPv6 adoption is led by home users... Enterprise environments are lagging as usual.
Bad idea: Gmail now discriminates against mail servers without an IPv6 reverse
This new gem is from the SMTP Gmail FAQ at ▻https://support.google.com/mail/answer/81126?hl=en
(Fun note: they call it the “Bulk Senders Guidelines”… hence apparently anyone running their own personal mail server falls in that category…)
“Additional guidelines for IPv6
The sending IP must have a PTR record (i.e., a reverse DNS of the sending IP) and it should match the IP obtained via the forward DNS resolution of the hostname specified in the PTR record. Otherwise, mail will be marked as spam or possibly rejected.
The sending domain should pass either SPF check or DKIM check. Otherwise, mail might be marked as spam.”
Why does #iperf's reported MTU differ from the correct one, reported by other tools using Path MTU Discovery ? “Mysterious Transfer Unit”...
Alternative to dumb port scanning, leveraging reverse DNS to discover a subnet’s IPv6 hosts. Supposes that reverse DNS is correctly configured… ▻http://www.reddit.com/r/netsec/comments/1bfu76/how_are_we_going_to_port_scan_for_open_hosts_on/c96p936
« From March to December 2012 we used [...] a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most common ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage. »
« All data gathered during our research is released into the public domain for further study. The full 9 TB dataset has been compressed to 565GB using ZPAQ and is available via BitTorrent. »
Do note that the machines which scanned were cracked machines and so the entire operation was probably illegal in most countries.