IP: Re: Richard Forno on ICANN and Net-stability against terrorists

[David Farber <dave () farber net>]

> Date: Sat, 29 Sep 2001 11:37:53 -0700 (PDT)
> From: Karl Auerbach <karl () cavebear com>
> Reply-To: Karl Auerbach <karl () cavebear com>
> To: David Farber <dave () farber net>
>
> On Sat, 29 Sep 2001, IP sent:
>
> >
> > >[ICANN representatives are welcome to reply, of course. --DBM]
> >
> > And to me also djf
>
> Here's what I sent to Declan yesterday...
>
> (By-the-way, one of the people who worked with me very closely on this
> stuff was Frank Heinrich.)

Frank was one of my early Grad students djf

>                 --karl--
>
>
> >From karl () CaveBear com Sat Sep 29 11:36:12 2001
> Date: Fri, 28 Sep 2001 12:23:53 -0700 (PDT)
> From: Karl Auerbach <karl () CaveBear com>
> To: Declan McCullagh <declan () well com>
> Cc: rforno () infowarrior org
> Subject: Re: FC: Richard Forno on ICANN and Net-stability against terrorists
>
> On Fri, 28 Sep 2001, Declan McCullagh wrote:
>
> > [ICANN representatives are welcome to reply, of course. --DBM]
> >
> > Date: Fri, 28 Sep 2001 13:46:18 -0400
> > Subject: Re: FC: ICANN tries to preserve Net-stability against terrorist
> >       attacks/RFF Reply
> > From: Richard Forno <rforno () infowarrior org>
> > To: <declan () well com>, <politech () politechbot com>
> > Organization: WWW.INFOWARRIOR.ORG
> >
> > I was NSI's Chief Security Officer 1998-2001, and had a ringside seat 
> to the
> > evolution from the InterNIC to the Shared Registry System and the rise of
> > ICANN. I can safely say that the only security most of ICANN's Board is
> > interested (or qualified) to address is job security.
>
> I don't agree.
>
> As for myself:
>
> I spent about 8 years doing research, design, and implementation of secure
> operating systems and networks back in the 1970's for the US Dept of
> Defense, for the RSRE in the UK, and elsewhere.  Because some of this work
> was classified I'm not free to discuss all of it.  However, I can say that
> I've spent a lot of time dealing with capability based operating systems
> (a technology that I believe deserves to be revived), mathematical
> expressions of security policy, formal proof of correctness of operating
> systems, real-live inplementations of secure operating systems and
> networks, cryptographic engines, key management systems, etc.
>
> Most of the document are buried deep in paper archives at the old National
> Bureau of Standards.  As for the software and networks: Who know where
> they might be these many years later.  Perhaps the most easily accessed
> bit of material is a somewhat involved letter published in the Technical
> Correspondence section of Communications of the ACM in the January 1980
> issue.  (I doubt that it's online anywhere.)
>
> It was during this work that I met Vint Cerf.  He and I spent many a long
> day dealing with the issues of integrating security and encryption into
> datagram and connection oriented protocols.
>
> And we must not forget that Lyman Chapin is coming onto the ICANN Board.
> Lyman's Internet technical credentials are impressive.
>
> And there are others on the ICANN board who have strong technical
> backgrounds, although not necessarily on Internet technologies.
>
> And let's put things in perspective.  What we're going to be doing is
> looking at many non-technical protections, like making sure that there are
> sufficient backups and procedures so that DNS infrastructure can be
> repaired.  This involves some rather low-tech things, like good off-site
> backups/escrows.  It also involves things that ICANN is merely in a truly
> coordinating role - like trying to work with those those involved in the
> routing decisions of the Internet (the ISP community) in hopes that they
> will be willing and able to shift packet routing should it be necessary to
> reestablish root DNS servers at new physical locations.
>
> To my way of thinking, this kind of technical review of DNS and pragmatic
> managment of the technologies that have been given us by the IETF and
> others is exactly the kind of thing that ICANN ought to have been doing
> all along.
>
>                         --karl--



For archives see: http://www.interesting-people.org/