[sdnog] Effects of encryption techniques on data-network management

Sami Salih sami.salih at outlook.com
Tue Oct 29 17:35:21 SAST 2019 

Salam,
I would like to add the attached document to this thread just to use it as a reference for our future discussion.

Local and Internet Policy Implications of Encrypted DNS

Get Outlook for Android<https://aka.ms/ghei36>
________________________________
From: Nishal Goburdhan <nishal at controlfreak.co.za>
Sent: Thursday, October 24, 2019 5:20:45 PM
To: Sami Salih <sami.salih at outlook.com>
Cc: sdnog at sdnog.sd <sdnog at sdnog.sd>
Subject: Re: [sdnog] Effects of encryption techniques on data-network management

On 21 Oct 2019, at 19:47, Sami Salih wrote:

> Thx Nishal et all for the fruitful replies,
> again this is NOT in Sudan now, the reason that I bring this issue
> here is because gov and regulators always share their experience and
> I'm sure if something related to national security is shared from this
> country my country Sudan and some other will think to adopt the same.

understood.  and i think that you’re doing the smart thing by trying
to create a discussion around a future potential risk, and, hopefully,
argue away the illegitimate arguments that might arise.


> Now, coming to your justification, any logic favoring business and
> development will be simply ignored, in our region Security is
> revealing anything :-/

of course i am no expert on your country, but i think that economic
opportunity is not something that will be overlooked.  or, at least,
it’s not something that you can afford to overlook anymore.  the rate
of the SDG::international currencies makes this evident to me, as an
amateur economist :-) and perhaps, having a more formalised approach of
explaining this to The Powers That Be, is useful.  consider that *most
of the world* has the same security issues, but don’t behave in this
way.

a simple example - a quick and easy part of a prospective future for
sudan  (ie. an easy way to get foreign currency into sudan) where you
have a high rate of well educated individuals (viz. uni graduates), and
still high unemployment, is to be able to embrace “outsourcing”;
opportunities through the likes of fiverr.com  (or, create your own).
this “readiness to do business” climate, simply can’t be sustained
in a techno-stunted society.
i believe there are some discussions around this, planned at next
week’s sdnog meeting, so i’ll pause here, for now.


> Then they believe -and I think it's not totally wrong - all government
> have ways to decrypt any new encryption tech before allow it's to be
> used, but we less advanced.

i have no proof that TLS 1.3 has been cracked by any government.  :-)


> at the end I'm working on a paper to address this issue considering
> all aspects including local culture, I may share it will you here or
> at least part of it, but please keep sharing your thoughts.

sovereign nations will argue that it’s their  right to intercept
traffic.  if this is done legally, then sure.  go ahead.  intercept.
but the right to intercept as a government, shouldn’t be borne by the
ISPs, at some artificial value.  whether those costs are in the form of
network design, or, infrastructure, or technology based decisions.  the
problem, i believe, is that those costs (or perhaps the true nature of
these costs) are not well understood by policy makers.

here’s a technology cost that is outside the realm of encryption, but
easy to understand.  and it exists again, because of poorly understood
regulation.
https://bgp.he.net/AS24757#_graph4 shows us that AS24757 is downstream
of AS33788.  so, in theory, communications between AS24757 and, pretty
much all of sudan, could be domestic - ie. at your IXP.  which helps to
solve a larger problem, of getting better cross-border connectivity in
africa, whilst making communications between these countries faster, and
saving you money.  but, there’s no cross-border traffic exchange
between these networks visible at your IX (pch.net/lg tells me what
routes are at your IX) and that costs *you* as a country (not AS24757);
in both performance, and real external bandwidth costs.

ie.  it is foreign exchange that is leaving your economy!
at a time when you can’t afford this.  and again - it’s because of
misunderstanding of internet economics, and poorly expressed regulation.
  i’m willing to bet that the cost of a “closed” IX has not been
calculated  (ps.  it’s a ten-minute exercise!)

here’s a final, real example;  this time not sudan, but attached to
the same ill-willingness to adopt new technology.
a large country, with millions of online users, a really smart
population, and, a thriving local internet community, aren’t allowed
to use IPv6 because the interception tools in use by their government
don’t support v6.  pause, for a minute to appreciate the idiocy, risk,
and costs involved here.  i happened to be visiting, and spoke to some
operators whom had (literally the day i was there) purchased some IPv4
address space to the tune of a few million dollars.  all because they
were technologically stunted.  sudan can’t afford that!

—n.

ps.  i’ve spoken (mostly) about the economic bits, because, i like to
talk about those, and i think they’re grossly misunderstood and
misrepresented in our region.  other smarter people than me can give you
sound(er) thoughts on the technology bits.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20191029/f5098493/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: octo-003-en.pdf
Type: application/pdf
Size: 159841 bytes
Desc: octo-003-en.pdf
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20191029/f5098493/attachment.pdf>

More information about the sdnog mailing list