DARPA wants military to replace TCP/IP with new "Military Network Protocol"

[Dave Farber <dave () farber net>]

Begin forwarded message:

> From: Scott Alexander <salex () dsalex org>
> Date: October 17, 2009 18:37:50 EDT
> To: dave () farber net
> Subject: Re: [IP] DARPA wants military to replace TCP/IP with new  
> "Military Network Protocol"

> Wow.  The Register article is pretty sensational, but gives a  
> different impression than what I have.  See https://www.fbo.gov/index?s=opportunity&mode=form&id=01886bf13926063b1cc0e996b223440f&tab=core&_cview=1 
>  for a synopsis as produced by DARPA.  Note in particular: "The de- 
> anonymized MNP traffic will be compatible with and transit existing  
> Internet infrastructure carrying legacy Internet traffic. MNP- 
> enabled networks may allow or deny entry or transit by  
> unauthenticated data flows, and will transmit data as fast as (or  
> faster than) existing legacy network protocols."
>
> Having heard a brief before the BAA came out  and having been to  
> Proposers Day for MNP, I'd say the goals are:
> - provide end-to-end authentication so that QoS can be provided  
> based on user authority rather than a guess as to who is behind a  
> dynamic IP address
> - additionally use that authentication for traceback in the case of  
> attacks coming from within the MNP portion of the network
> - increase the level of automation of configuration of the network.
>
> I think the comment on generals may be somewhat accurate.  My  
> understanding is that the name was chosen rather deliberately  
> without any misconception that general Internet users would want to  
> give up the level of information required.  (As I understood the  
> system, in the military context, you'd have users use their CAC card  
> to prove their identity to the end system as a start of the end-to- 
> end authentication.)
>
> Personally, I believe the goals are reasonable ones in a military  
> context.  I was initially surprised to see the third goal in with  
> the first two.  I think there may be a few reasons why it's there.   
> The one that makes sense to me is that MNP seems like it needs a  
> fair amount of policy.  One may be able to design a policy system  
> that can also handle configuration and that limits the amount of  
> manual setup required.  This would be a boon in some military  
> contexts.  I'm not sure that I would try meet the goals of MNP in  
> the same way that the BAA does, but the posts below seem to go more  
> toward the goals of the program.
>
> I also wouldn't call this a secure network.  It's an authenticated  
> network, which would allow one to build some additional security and  
> which makes traceback easier.  But one could still launch viruses,  
> send /listen to unencrypted traffic, and send traffic without  
> authority and meet the requirements of the BAA as I understand them.
>
> Finally, I would note that I think that David Reed's  
> characterization of "these guys", by which I think he means DARPA,  
> seems overbroad.  Having worked with only a few DARPA PMs, I've seen  
> a range in how willing they are to seek and accept advice.  Often  
> that varies within a single PM depending on how certain they are of  
> their own vision for a particular project.
>
> Disclaimers: I have not seen anything about Lockheed's approach to  
> MNP.  I currently do work for DARPA and have worked for the MNP PM  
> in the past.  I work for a company that bid on MNP, although I was  
> not involved in our bid.
>
> Best,
> Scott Alexander
>
> On Oct 17, 2009, at 4:16 PM, David Farber wrote:
>
> > Begin forwarded message:
> >
> > From: "David P. Reed" <dpreed () reed com>
> > Date: October 16, 2009 6:45:13 PM EDT
> > To: Bob Frankston <Bob19-0501 () bobf frankston com>
> > Cc: "'Lauren Weinstein'" <lauren () vortex com>, nnsquad () nnsquad org
> > Subject: [ NNSquad ] Re: DARPA wants military to replace TCP/IP  
> > with new	"Military Network Protocol"
> >
> > This is complex.  I know a little bit about MNP.  I think it is  
> > highly confused in its goals.  However, there is no way to advise  
> > these guys - they just are spending money and seeking bids, without  
> > getting graybeard advice from anybody who is not invested in  
> > getting lots of do-re-mi in future contracts.
> >
> > The core idea seems to be that if you are incompatible with the  
> > Internet, you can be "secure".  It reminds me of when countries  
> > justified having different railroad gauges to prevent invasion.
> >
> > On 10/16/2009 03:02 PM, Bob Frankston wrote:
> > > This more David’s area but it sure sounds like some group is nos 
> > > talgic for the good old days when networks were networks and use 
> > > rs weren’t so uppity in attempting to do things that the gods, o 
> > > r generals, didn’t intend them to do.
> > >
> > > -----Original Message-----
> > > From: nnsquad-bounces+nnsquad=bobf.frankston.com () nnsquad org  
> > > [mailto:nnsquad-bounces+nnsquad=bobf.frankston.com () nnsquad org] On  
> > > Behalf Of Lauren Weinstein
> > > Sent: Friday, October 16, 2009 14:21
> > > To: nnsquad () nnsquad org
> > > Subject: [ NNSquad ] DARPA wants military to replace TCP/IP with  
> > > new "Military Network Protocol"
> > >
> > >
> > > DARPA wants military to replace TCP/IP with new "Military Network  
> > > Protocol"
> > >
> > > http://bit.ly/2VrhnY  (The Register)
> > >
> > > --Lauren--
> > > NNSquad Moderator
> >
> >
> >
> > -------------------------------------------
> > Archives: https://www.listbox.com/member/archive/247/=now
> > RSS Feed: https://www.listbox.com/member/archive/rss/247/
> > Powered by Listbox: http://www.listbox.com



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com