AW: [governance] Monroe Doctrin for Cyberspace?

Karl Auerbach karl at cavebear.com
Mon Jul 20 22:49:11 EDT 2009 

On 07/20/2009 01:18 AM, "Kleinwächter, Wolfgang" wrote:

> In a meeting we had early June 2009 in Bejing, China Vice-Minister of
> ther Ministry for Industry and Information Technology (MIIT) declared
> very directly that the "securtiy and stability is priority Nunmber
> One for the exploding Chinese Internet Industry". China sees its own
> turf in Cyberspace to protect its country and interests.

I'm going to make a bit of a detour here.

My company (InterWorking Labs, www.iwl.com) does testing of internet 
protocol implementations for both conformance and robustness.  The 
latter part is the interesting part - a substantial portion of internet 
code, to put it extremely mildely, is junk.

A lot of internet code is very poorly written - it has been tested only 
under the most benign of conditions.  And it often crumbles when 
subjected to packets (or transport conditions) that are completely 
within the specification of the protocol but that are only newly 
encountered.

This relates to stability and security in a couple of ways.

First is simply that code tested under only benign conditions is like an 
aircraft tested only in good daytime weather; one should not be 
surprised by failures.

Second, and a more subtle point, is this: This bad code is a time bomb 
that can (and often does) goes off sometime in the future when new 
devices are introduced into the net that do things in perfectly 
legitimate ways.

A lot of people who have these old undertested devices tend to react and 
presume that their devices are under attack.

Third, when the net wobbles, as it often does, there are people and 
tools who have to go out there and perform diagnostic tests and initiate 
repairs.  These people need to bypass a lot of security (and often see a 
lot of private data) in order to do what they need to do.  But net 
architectures, security measures, and laws rarely make provision for 
this very necessary function.

		--karl--



____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

More information about the Governance mailing list