[sdnog] Effects of encryption techniques on data-network management

Thu Oct 24 16:20:45 SAST 2019

On 21 Oct 2019, at 19:47, Sami Salih wrote:

> Thx Nishal et all for the fruitful replies,
> again this is NOT in Sudan now, the reason that I bring this issue 
> here is because gov and regulators always share their experience and 
> I'm sure if something related to national security is shared from this 
> country my country Sudan and some other will think to adopt the same.

understood.  and i think that you’re doing the smart thing by trying 
to create a discussion around a future potential risk, and, hopefully, 
argue away the illegitimate arguments that might arise.

> Now, coming to your justification, any logic favoring business and 
> development will be simply ignored, in our region Security is 
> revealing anything :-/

of course i am no expert on your country, but i think that economic 
opportunity is not something that will be overlooked.  or, at least, 
it’s not something that you can afford to overlook anymore.  the rate 
of the SDG::international currencies makes this evident to me, as an 
amateur economist :-) and perhaps, having a more formalised approach of 
explaining this to The Powers That Be, is useful.  consider that *most 
of the world* has the same security issues, but don’t behave in this 
way.

a simple example - a quick and easy part of a prospective future for 
sudan  (ie. an easy way to get foreign currency into sudan) where you 
have a high rate of well educated individuals (viz. uni graduates), and 
still high unemployment, is to be able to embrace “outsourcing”;  
opportunities through the likes of fiverr.com  (or, create your own).  
this “readiness to do business” climate, simply can’t be sustained 
in a techno-stunted society.
i believe there are some discussions around this, planned at next 
week’s sdnog meeting, so i’ll pause here, for now.

> Then they believe -and I think it's not totally wrong - all government 
> have ways to decrypt any new encryption tech before allow it's to be 
> used, but we less advanced.

i have no proof that TLS 1.3 has been cracked by any government.  :-)

> at the end I'm working on a paper to address this issue considering 
> all aspects including local culture, I may share it will you here or 
> at least part of it, but please keep sharing your thoughts.

sovereign nations will argue that it’s their  right to intercept 
traffic.  if this is done legally, then sure.  go ahead.  intercept.  
but the right to intercept as a government, shouldn’t be borne by the 
ISPs, at some artificial value.  whether those costs are in the form of 
network design, or, infrastructure, or technology based decisions.  the 
problem, i believe, is that those costs (or perhaps the true nature of 
these costs) are not well understood by policy makers.

here’s a technology cost that is outside the realm of encryption, but 
easy to understand.  and it exists again, because of poorly understood 
regulation.
https://bgp.he.net/AS24757#_graph4 shows us that AS24757 is downstream 
of AS33788.  so, in theory, communications between AS24757 and, pretty 
much all of sudan, could be domestic - ie. at your IXP.  which helps to 
solve a larger problem, of getting better cross-border connectivity in 
africa, whilst making communications between these countries faster, and 
saving you money.  but, there’s no cross-border traffic exchange 
between these networks visible at your IX (pch.net/lg tells me what 
routes are at your IX) and that costs *you* as a country (not AS24757);  
in both performance, and real external bandwidth costs.

ie.  it is foreign exchange that is leaving your economy!
at a time when you can’t afford this.  and again - it’s because of 
misunderstanding of internet economics, and poorly expressed regulation. 
  i’m willing to bet that the cost of a “closed” IX has not been 
calculated  (ps.  it’s a ten-minute exercise!)

here’s a final, real example;  this time not sudan, but attached to 
the same ill-willingness to adopt new technology.
a large country, with millions of online users, a really smart 
population, and, a thriving local internet community, aren’t allowed 
to use IPv6 because the interception tools in use by their government 
don’t support v6.  pause, for a minute to appreciate the idiocy, risk, 
and costs involved here.  i happened to be visiting, and spoke to some 
operators whom had (literally the day i was there) purchased some IPv4 
address space to the tune of a few million dollars.  all because they 
were technologically stunted.  sudan can’t afford that!

—n.

ps.  i’ve spoken (mostly) about the economic bits, because, i like to 
talk about those, and i think they’re grossly misunderstood and 
misrepresented in our region.  other smarter people than me can give you 
sound(er) thoughts on the technology bits.