Cloudflare TV

If I Knew Then What I Know Now: Tales from the Early Internet

Originally aired on 

Best of: Internet Summit 2015

  • Paul Mockapetris, Inventor, DNS
  • David Conrad, CTO, ICANN
  • Moderator: Matthew Prince, Co-Founder & CEO, Cloudflare
Internet Summit

Transcript (Beta)

This is a test. This is a test. This is a test. This is a test. This is a test. This is a test.

This is a test. This is a test. This is a test. This is a test. This is a test.

This is a test. This is a test. This is a test. This is a test. This is a test.

This is a test.

This is a test. This is a test. This is a test. This is a test. This is a test.

This is a test. This is a test. This is a test. This is a test. Conrad, David is currently the CTO of ICANN, and once upon a time wrote a lot of the implementation of BIND, helped manage that.

Previously, he's been in many... Something positive here, please.

Something positive. Well, may I... Actually, I'll just get to my first question, which is, you guys wrote all this stuff.

Why is the Internet so broken?

Yeah, Paul, what were you thinking? Come on. Seriously. Well, I think, I mean, first of all, people are always talking to me about the huge security flaw in the original design of DNS, and I always tell them, there's no security there.

It's like the Wright brothers did not have a drink card in their first airplane.

We didn't need security. And if you take a look, there was a bunch of places in the packet format and in the specs where it said, fill this in, please.

And at the time, the security people say, well, we know more than you do, and we can't tell you everything.

We'll give you some advice, and help is on the way.

Sort of like they do today. I mean, that message has stayed constant. So I think of it more that we haven't had the right investment in rebuilding the infrastructure.

The original stuff was good for 10 years, and we've been using it for 30.

So, you know, okay. Yeah, and I'd say that the fact that we were actually able to get packets from one machine to another in the early days was actually pretty astonishing in and of itself.

You know, the idea that we'd actually want to do that securely.

What keeps you up at night still about Internet infrastructure or any of these things that we're not even thinking about yet?

You know, I'm kind of worried about the fact that a lot of the places like the IETF at all are very incremental in their thinking, and that people aren't, you know, willing to kind of take the next big jump.

So, you know, for example, the strategic study that you referred to, we said, I mean, I told people there's this thing that's distributed ledger technology, you know, some people call it blockchain.

Maybe we ought to think about, you know, adopting that.

And people said, no, no, nobody's ever going to care about that.

Like, it's all this stuff. So, you know, being able to, you know, experiment and try new stuff in many ICANN meetings, I was sort of a quasi-ICANN employee for years, a consultant.

They would go like, well, if you make change anything, it's going to affect the security and stability of the Internet, so you can't change anything.

And I'm going, well, but if we can't change anything, you know, it's going to decay.

So, you know, what we have to do is to take a more benefit and risk-adjusted thing in the administration and in places like the ITF, or else we're just going to eventually die of old age.

What are you worried about?

So the things that sort of keep me up at night, other than jet lag, are typically the security of the routing system, which, you know, routing by rumor works when you're a small closed group of geeks and network researchers, but as you scale into the rest of humanity, there's a number of folks out there who may not be as pleasant to deal with and may maybe steal prefixes and announce them and, you know, route stuff inappropriately and that sort of thing.

So that's one of the things I worry about.

And the solutions that have been proposed, I'm not very confident about.

The RPKI and BGPsec are interesting technologies, but they do impose a whole lot of complexity on the system, and I think, you know, the complexity of the system is things, are areas that are starting to bite us pretty hard.

The other area that I worry about actually more is just the ability of the bad guys these days to redirect, you know, photon cannons at pretty much any target and denial of service, any service just out of existence.

It's just way too easy these days to spin up a terabit botnet to overwhelm anything at any part of the infrastructure, including, you know, things like root servers.

That's an area that I'm particularly worried about right now.

And fortunately, you know, the root server operators are looking at that problem as well and trying to figure out other solutions.

But those are sort of the areas that I have some concerns about. Has the IETF and sort of the ruling organizations of the Internet, has it always been sort of slow and incremental or?

Well, I mean, they're an interesting place for vendors to meet and, you know, try and vote their direction.

But some of it is sort of just more basic technology.

You know, with regard to BGP, SBGP, et cetera, there's been several cuts at it.

And it always seems to me that, you know, they don't listen to the little Stevie Wonder.

You know, little Stevie Wonder is a great networking expert because he said, when you believe in things you don't understand, then you suffer.

And, you know, what we need to do is to kind of think about routing as a computational problem where we can have bilateral or multilateral, you know, agreements and where people can control their own destiny a little bit more rather than this shared guess.

And we have to also realize that it's a competitive marketplace.

So, you know, I think about things where we could think about using, say, DNS with DNSSEC to distribute some of this information securely.

Think about using blockchain kind of technology so that people can automate the updates and agreements that they have and have that kind of computational infrastructure in place is probably the way that marketplace wants to go.

But if you, but again, if the IETF is run by sort of rough consensus and running code and we're snapping our ways towards incrementalism, how do you move things forward?

Like if I were, if I wanted to replace, you know, DNS with a blockchain, like what is the path to actually doing that?

Because again, that doesn't seem like there's any event that IETF is just going to say, why would you do that?

Let's stick with what we know and hold those sorts of things back.

Do we need to move away from this sort of Internet governance from the bottom up, which is what it always has been?

Has it gotten too unwieldy to manage that way? I mean, it's the real world and so you have to kind of deal with it.

I was kind of hoping that the Cloudflare Research Foundation would fund me, but no, I don't know exactly how you do it.

It's certainly the case that there's a bunch of these organizations like Google, Cloudflare, et cetera, who got big enough so that they could afford to make their own custom made equipment.

And so you see the rise of white box and software defined networks.

It's always been a software defined network, people. It's always been.

It's just that it was proprietary Cisco software, right? The software has always defined the network.

And so the question is, how can you have the interfaces to allow collaboration between the different parties and with as much control and reliability as you would like?

I mean, the magic behind the original DNS was you could have your information, I could have mine.

We would post it and you could see mine and I could see yours and we didn't see any boundaries.

Yep. Right. I think that the next frontier in that kind of stuff is to think about ways to do distributed synchronization and kind of contracts like we have addresses and names and you have to coordinate them by hand or by your own tools.

Why isn't there some synchronization that you can put in place to do that and not just for that, just as a general mechanism?

So I don't know. I have some ideas and we'll see whether or not the funding agencies will like them.

But, you know, I just think that we need more investment in the capabilities of the infrastructure.

Sorry. Yeah. Yeah, I sort of see these things as cyclic, right? Right now, we have reached a stage of sort of semi-equilibrium with regards to the standards, and that's resulting in a certain level of ossification.

It becomes much harder to make changes into the underlying infrastructure.

But it does result in folks who are interested in being disruptive to begin to think outside of the box and try different solutions that tend to be proprietary.

After a while, people will get tired of the proprietary stuff and start doing yet another round of standardization on those proprietary solutions to come up with standardized solution that's open that other people can then implement.

And then you start the cycle all over again.

Right now, you know, we're already sort of seeing that in things like DNS over HTTP.

There are a lot of vendors, a lot of organizations out there who are implementing their own versions of DNS over HTTP because it is a way of, you know, blasting through firewalls and getting packets across because everybody wants HTTP traffic to flow.

But everyone's doing it slightly differently.

And there have been increasing calls for standardization organizations, whether it be the ITF or others, to actually come together and formulate a standard way of doing it so that people can interoperate.

You know, I think the other problem that we deal with is frequently you start getting vested interests who don't want progress.

They like the niche that they've developed for themselves and they'll start working to block movement.

You know, I was told long ago that the only reason you would go to an ITU meeting is if you wanted to stop things moving forward.

And as a result, not, you know, the ITU is very stable for 110 years or whatever they say.

And if you lease geosynchronous orbit space, it's a pretty good revenue stream.

Exactly. Exactly. And, you know, people like the revenue streams.

Right. So, you know, I think this cycle of disruption and equilibrium will continue.

You know, I think the ITF is struggling right now to figure out how it's going to remain relevant moving forward, how they reinvigorate the standardization processes in a way that allows for disruptive technologies to come in and sort of change the underlying game.

So so you brought up the ITU and we're talking about Internet governance and and ICANN has gone through an Internet governance debate recently.

And, you know, Ted Cruz can join us here on stage.

I'm looking forward to it. Yes. But, you know, what do you say to Ted Cruz when when he says, you know, the U.S.

gave up control of the Internet. How dare they do that?

Like that. Does he have a point? No. Surprisingly, fundamentally, the Internet has is not and has never been controllable.

Well, maybe back back in Paul's day, you know, much before mine, maybe it was controllable.

But, you know, fundamentally, the Internet is is a network of networks.

Each independent network is administered as the network operator sees fit.

You can get into questions, you know, at a certain point if a particular network or application reaches critical mass, then does it then become a a public service that has regulatory implications?

But by and large, the Internet has no mechanism of control. Well, you have 13 root servers.

We do, which are controlled by a somewhat random set of organizations.

And if any one of those organizations decided to do something odd, then the the under the the the people who actually matter here, the Internet service providers, would be able to change the Hintz file to remove or use a different root server if they so choose.

So so why did I mean, it seemed like the Internet was working OK before.

Why did the U.S. say we like we're going to strike the provision that says that we can go in and potentially veto what ICANN is doing?

What was the what was the rationale behind that?

Well, part of part of the the situation was a misunderstanding of what the U.S.

government role actually was. The they maintained a zero dollar contract for the operation of something called the IANA functions were basically administering a number of text files to document protocol parameters and allocations.

The primary role of the U.S. government was to make sure that ICANN didn't do something stupid.

And after 12 years of not actually having anything stupid happen, it was sort of realized that, you know, the the the extra step of going through the NTIA, U.S.

Department of Commerce, to approve changes to the root zone was actually doing nothing positive and causing a lot of political problems internationally.

So that's what led to the decision by the U .S.

government to just let the contract expire. It was an ongoing contract that kept getting renewed.

And eventually people said, you know, why are we even bothering with the silliness?

Let's just let reality intrude. The David has to be careful in this topic, but I think that one of the things that there was there was and probably continues to be real risk that the Internet gets governed by a much more political organization like the ITU, which is a division of the U.N.

And there are definitely countries that are that are pushing for that, that would that would transform the way the Internet is governed from sort of a bottoms up organization to a top down organization.

And I think that the that quite the opposite of what Senator Cruz says, the move by the last administration to say we're not going to be able to control the Internet anymore was a really pretty brilliant political and international move to make sure that no other country could say, well, if the U .S.

gets to control something, why doesn't why doesn't anyone else? So it's so I think that that's something that that navigating that was really tricky.

And and you have effectively bored the audience to death.

So we'll stop talking about it. The alternative of sort of along the lines of what sort of the implication of the approach that Ted Cruz is proposing, not directly, of course, is a fragmented Internet where you have a series of national Internet's that are connected at gateways at the edges.

And that has a lot of implications with regards to the ability for Internet organizations to reach markets that they would like to reach or allow for people within those markets to actually reach out.

So that's one of the reasons that, you know, do you think we can avoid that?

Do you think that we can have a non fragmented Internet?

I mean, four years ago, I would have said yes.

And I feel less sure that that's the case today. Paul, I you know, the Internet has cracks in it today.

OK, so the only real issue is how fragmented is it going to get?

You know, I'm interested to see whether or not my VPN still works in China, because I remember when I was visiting there once, it was like, oh, you know, at the local hotel, you had completely open Internet.

But that was only for Westerners that happened to be visiting.

And they presumably had, you know, copious logs of all the traffic and so forth.

You know, it is going to fragment.

Political people are going to press their their agenda. And, you know, it's a question about how bad it's going to get.

You know, this morning during the talk about cybersecurity in the U.S.

government, you know, I wish I could make a deal with the U.S.

government whereby I say, OK, you can have all my data. I consent to you having all the data about me that you already have, but you should be protecting me from other people and you're not.

So how about that's the deal? You'll you'll give me some protection in return for agreeing to share the data.

You know, it's it's it's not a nice thing.

It's not a nice world out there. There's commercial and sovereign interests that are contending and that warfare is going to continue.

I'm sorry that negotiations are going to continue in on the Internet. Is there is there is there something technically that you wish you had done in the design that would have better resisted that fragmenting?

You know, it again, when I was at ICANN, there was a lot of people there that were kind of internationalists and they said, well, the U.S.

should relinquish control because it's a good thing.

And, you know, the U.S. government should not be in control of all of this. And I say that's a very interesting attitude.

But, you know, if they come in the front door and tell you to do something, they can be very persuasive.


Yeah. And, you know, it's they probably won't and so forth, but in other places they will.

Yeah. And so you're going to have different shades of Internet and hopefully some of the, you know, basic facilities will remain in place.

But, you know, you can't expect people to think the Internet isn't part of the regular world.

It is.

And so a lot of the regular world rules are going to be applied to it. What's changed?

What's again, do you sense the same? Have you just thought that, yeah, it's it's going to do you feel less sort of idealistic and optimistic or have you always just been pessimistic?

And, you know, I get up in the morning and there's two kind of people.

Some people get up in the morning and everybody thinks happy and cheery.

Other people think, oh, my God, terrible. But they get up anyway. So I'm of the second variety.

And, you know, the message to me is I got to think about, well, should I look at Telegram?

Should I look at Signal? OK, because I know that there's probably more people in the U.S.

government. I can't do anything about the U.S.

government because they could show up at the door with a gun and stuff. But, you know, I want to try and protect my privacy from a bunch of the commercial.

And, you know, if I travel to certain places like I probably wouldn't want to leave my stuff in my room because, you know, blah, blah, blah.

And, you know, so to me, it's more that we've got to try and think about being more aggressive about protecting our privacy ourselves.

We've got to try and convince people to get the government to move to protect me and not, you know, the data warehouse in Utah that has all of my phone conversations.

You know, I mean, there is technology. We have to figure out how to make it easy to use because that's one of the big things.

If security is always hard to use and until we make it user friendly, it doesn't get used as much and it doesn't protect us as much.

David, what things to do? Do you sense a shift or?

Yeah, there definitely has been. You know, the technology for filtering, for blocking moves with other technologies and it's getting better over time.

I'm not known as being a particular optimistic person, but.

We could have called this the pessimist.

The gray haired pessimist. The gray haired pessimist, who is deeper. Everyone would tune in for that.

But, you know, I think on the positive side that ultimately, you know, the network derives value by the number of people who connect to the network.

Right. So once you start filtering out, once you start blocking significant portions of the Internet, then it begins to lose value.

And that in and of itself is an incentive to try to get around that blockage.

And while I don't necessarily believe that, you know, that Internet routes treat censorship as damage and routes around it, there is a effort in every technology to try to protect that, the data that's being transferred.

You know, there will be man in the middle type attacks.

There will be data taps that allow for what is the term warranted surveillance.

Whether or not the warrants actually apply to your country or not, that's a different question.

But ultimately, you know, the value that the Internet brings in terms of a platform on top of which you can innovate and on top of which you have permission to, you know, try new things, to try different ways of solving particular problems, I think ultimately will provide a way to ensure that that infrastructure continues to operate.

There will be islands. There will be, you know, gateways and firewalls you have to go through in one way or another.

But, you know, I think we've passed the point, you know, when countries' GDP starts depending on the amount of connectivity and you can watch the GDP tumble when they try to block the Internet for some reason, that sends a signal to the government that this may not, you don't want to kill the golden goose.

Yeah, although right now, you know, a lot of the world that had looked to the U.S.

for Internet leadership and a much more open model, as U.S.

leadership has stepped back from sort of advocating that, they look at where's growth coming from.

China seems like they're doing pretty well regulating the Internet.

Well, they have imposed a regime that controls information much more strongly than other places.

And some of the controls that they put in place does have a knock on effect.

But you also look at Europe and you look at India and places that have been moving towards a more open regime, although more focused on privacy, for example.

You know, I think it is unfortunate the U.S.

seems to be stepping back from the leading role that they had. And it is sort of confusing.

Don't mess with our Internet companies. We'll keep buying your cars.

Right. That sort of thing. David, I got to help you out here. As always, Paul.

This whole business about filtering being harmful is just so ARPANET.

It's not where we are today. There's nobody in the audience. I'm going to ask a question.

Is there anybody in the audience who feels that they don't want to use anti-spam measures to have their email filtered?

I haven't seen anybody yet. There's no brave souls.

OK. You know, being able to have reputation information and filter by, for example, domain name and by IP address is both my day job and the cheapest way to generate security that there is out there.

Because when you talk about the network effect, I'm sorry, there's no benefit to me being connected to a Bulgarian hacker.

Or an Iranian one. But that's a decision you make, not that the government does not place upon you.

That's where the issue lies. Sure, I should be able to control what filtering gets done.

But reputation filtering is my first line of defense.

So, you know, and so. And that's that's that's China's argument as well.

Yes. Yeah, I understand. But, you know, the fact that filtering is a good technology doesn't mean that it can't be used for bad or for good.

It's a good technology and it's a good tool.

And so we should be thinking about sharpening that up, I think, rather than saying, oh, my God, SOPA, PIPA, you know, Internet censorship.

You know, because in reality, you know, winter is coming, guys. The White Walkers.

Yeah, we've seen it in email. OK, we have all of these anti-spam tools.

I mean, one of the questions I always want to ask the the BGP got the secure BGP guys is, is email routing more secure than BGP?

I'm not sure. OK. You know, certainly it's withstood more attacks.

But, you know, we need to think about doing more of that reputation stuff.

The network effect. I'm sorry. It's a lie. It doesn't apply anymore.

First of all, if you connect me to a million more people, I don't have time to talk to all of them.

And secondly, a lot of them are leveling. But if there's one in there, you might not know ahead of time, even if you have the opportunity to talk to one that has some value in it.

I mean, we still have a fax machine.

I suppose you do, but I don't. But at any rate, you know, being selective in who you connect to, it's you know, you wouldn't probably go to a restaurant these days without looking online to see what the reviews are or see what the menu looks like and so forth.

Why would you talk to some unknown person or click on the attachment they just sent you?

Because they might be your customer. It might be. Yeah, we have we have a little bit of time for questions.

So let's go start back there.

Thank you. So you talked about the fragmentation of the Internet. What is your feeling on when the Great Wall of China will actually great firewall of China will actually have an adverse effect on Chinese economy and government?

And when will cracks really start to reappear in that?

So I actually just came back from a trip to Asia.

I was in Beijing for a few days. And depending on who you talk to, the Great Firewall of China is either the best thing that God has ever created or the Chinese people had created, or it is already impacting the ability of Chinese businesses to actually interact in a global market.

The my impression is the the latter folks are there is there appears to be a sort of an ongoing battle, and it goes from side to side, depending on on day of week and phase of moon.

But my impression is that right now, because there is so much potential for growth within China, even under some constraints about content and how information flows, that the the factors that are driving control are actually sort of winning the battle.

But as soon as that that greenfield begins to die out and the Chinese organizations that are making money hand over fist are looking for larger markets to get into, I think you'll start to see changes in the way the Great Firewall of China is actually operated.

And I'll say that in our working in China with organizations, when we travel over there and they're talking engineer to engineer, the lack of the ability to run a Google search and find code that you need, that really that is something that engineers on the ground in China do complain about today.

I think one of the things that that it would be critical is as Chinese companies stop thinking about their market just being inside China and start to think about their market being outside of China.

So take a company like, which is the next Snapchat, the fact that they started in China and now are selling to a global audience, I think is actually a really positive thing.

It will cause the country to look more outward, and that's probably good.

Yeah, my favorite example is I once ran into the guy that ran the Iran top level domain, and he said he was having lots of trouble getting companies to register in his domain because then they couldn't do business with the U.S.

or do as much business in the U.S.

So there are some specific things like the access to market and so forth where there's reasons to believe that that approach doesn't work.

But, you know, I think the jury's still out.

You know, it could well be, you know, Darwin isn't necessarily in favor of liberalism.

You know, it may be that I mean, I don't know.

You know, I'm just saying you shouldn't. I think you need to be comforted by specific examples like market access and so forth.

But, you know, there's still reason to be scared.

One last quick question. Both of your takes Bitcoin at forty five hundred dollars or an IPV six or IPV four address at twelve dollars, which is the better investment?

IPV four, I think Bitcoin.

There you go. Maybe you should have a bet for next time. Thank you so much.

Thank you. Thank you.