TLS 1.3 — what is it, and who cares?

What is the news:  publication of the updated security standard for Internet transport layer security:  TLS 1.3

Why it matters:  TLS provides the basis for pretty much all Internet communication privacy and encryption.  The big deal with version 1.3 of TLS is that it has been stripped of features with previously-detected vulnerabilities, and extended its security and encryption.  TLS 1.3 should be more robust/even less vulnerable than TLS 1.2.

Who benefits:  TLS 1.3 only benefits people using applications and devices that implement it.  The good news is that, apparently, major browsers have already implemented and deployed it.  Additionally, the hope is that the lighter weight, more straightforward nature of TLS 1.3 (as compared to previous versions) will be attractive to other application and device developers that have been reluctant to implement TLS in the past.

More info:

Keeping the “Inter” in “Internetworking”

Last week, I had the opportunity to attend and speak at Interop ITX 2018, in Las Vegas.  It was my first Interop — and an interesting opportunity to see more of the enterprise networking side of things.  That’s a space that is growing, and increasing in complexity, even as cloud and software as a service are notionally taking on the heavy lifting of corporate IT.

The refrain that I overheard several times captured that attendees really enjoyed having a vendor-neutral conference to talk about a variety of practical topics.  Indeed, it felt a bit like a NOG with an enterprise focus.

Continue reading

When Permissionless Doesn’t Mean Permissive

“Permissionless innovation” is one of the invariant properties of the Internet — without it, we would not have the World Wide Web.   Sometimes, however, this basic concept is misunderstood, or the expression is used as an excuse for bad behaviour.

Consider the case of the Guardian’s article on the use of “smart” technology, such as wifi trackers that tail people through their phones’ MAC addresses, to monitor activities in Utrecht and Eindhoven:

“Companies are getting away with it in part because it involves new applications of data. In Silicon Valley, they call it “permissionless innovation”, they believe technological progress should not be stifled by public regulations.”

Continue reading

Something Wicked this Way Comes

“Cooperation”, “Consensus” and “Collaboration” are three C-words that get thrown around in the context of Internet (technology and policy) development.    Given that it is at the heart of the Internet Engineering Task Force’s organizing principles, I was a little surprised  to see consensus treated as a poor discussion framework in Peter J. Denning and Robert Dunham’s “The Innovator’s Way – Essential Practices for Successful Innovation”.

While I still don’t entirely buy the authors’ view of consensus as a force of creativity stifling, with a little more reflection, I could see their argument that consensus aims to narrow discussion to find an outcome.  In an engineering context of complex problems,  when the problem is well understood and an answer has to be selected, that’s a good thing.

However, for many of the challenges facing the Internet, there isn’t even necessarily agreement that there is a problem, let alone a rough notion of what to do about the challenge.    These are wicked problems, requiring more collaboration across diverse groups of people and interests.   The heartening thing  is that we’ve actually solved some of these wicked problems in the past — the existence and continued functioning of the Internet is testimony to that.

Continue reading

Collaborate or Fragment: Net Futures


At any given moment, the Internet as we know it is poised on the edge of extinction.

There are at least two ways to understand that sentence. One is pretty gloomy, suggesting a fragile Internet that must continually be rescued from doom. The other way to look at it is that the Internet is always in a state of evolution, and it’s our understanding of it that is challenged to keep up. I tend to prefer the latter perspective, and think it’s important to keep the Internet open for innovation.

At the same time, change can be scary — if it leads to an outcome that impacts us badly, from which we cannot recover, for example. That’s at least one reason why discussion of policy requirements and changing the Internet can be pretty tense.

If we want a dialog about the Internet that is as global as the network itself, we need to know how to talk about change:

  • what are the useful points of reference (hint: they aren’t particular technologies), and
  • how can we frame a successful dialog?

Continue reading

Mind your own fitness tracker

In some ways, it reads like a bad novel: “Every Step You Fake” (, a Canadian study of privacy and security in personal fitness devices. The report outlines two key areas in which these devices have significant security and privacy shortcomings — but just as you feel sympathy for the devices’ wearers, you learn they may be the “bad actor” in other cases. We can spot adversaries in every direction, but who’s the hero of this drama? And, frankly, does it need to be a drama?
The two shortcomings outlined in the report are that:

  • the devices’ radio-based transmissions can “leak” your presence and make you trackable (anonymously) through shopping malls that do that sort of thing; and
  • it’s possible to fake out some of the website collection servers so that you can “adjust” your results.

Well, wait. Why so much drama around a device you electively wear on your person? What are the actual problems that need solving here?

Continue reading

5-in-5-in-5: the future of the Internet

I had a fun time on  ISOC-DC’s #5in5in5 panel — talking about five things that will be different about the future of the Internet, in 2020.  There’s video of the panel available on ISOC-DC’s livestream TV site: .

My 5 points, delivered within 5 minutes, covered:

  1. The Internet continues to try to “get out of the box” — increasingly, we don’t see “the Internet” as separate from our tools or tasks.  They merge.  Sometimes  it’s seamless — you might carry out a text message conversation with someone from your phone, and then answering from your computer as you walk by, and picking it up again on your iPad.  Each device has all the context.  You’re not thinking about which network you’re using to send the messages.   The downside is  the loss of individual control over your Internet experience — having your car hacked over the net while you’re driving it is the downside of all that invisible interconnectedness.  Also, the Internet becomes opaque, another packaged commodity, and a lot less likely to be something we can all hook into, climb onto, and understand.
  2. Various forces — policy makers, big business, whatever — are trying to put the Internet into a box, or some structure.  For example, regulations requiring that the Internet not serve particular information beyond geographic boundaries is essentially implemented by aligning the actual Internet network with those geopolitical limits.  I have had a lot to say about the challenges with that approach, but suffice to say that the Internet was not built to pay attention to political lines, and imposing those structures reduces its resiliency and its efficiency and effectiveness.
  3. New approaches are needed!  If these approaches to regulation and restriction are not going to work (because they reduce the Internet to something unusable), then we need a different way to talk about the Internet, the services that run over the Internet, and how we articulate and enact policies that relate to them.  Don’t try to curtail web page access by making laws requiring ISPs to delete entries in DNS, figure out a better way to get international policy to common ground on what makes inappropriate use of the Internet.  (Make the action illegal, not the tool).
  4. And yet, everything old is new again.
    1. The Internet was developed as an inter-network — making a whole out of disparate parts collaborating.
    2. We could not have seen the kind of IPv6 deployment we have today if large, competitive web companies hadn’t stood up to do World IPv6 Day and World IPv6 Launch.
    3. The future is better if we can regain and foster more of that sense of cross-industry collaboration to find solutions that are best for the Internet as a whole.
  5. As I recall saying at an ISOC-DC “Future Internet” panel some years ago, if I could tell you what the Internet was going to be in 2020, it wouldn’t be the Internet, now would it?!  The beauty and power of the Internet is that it is a platform that supports creativity, communication and development for everyone, and we have no means to size the depth and breadth of that much creative energy.  So much of what we now consider “normal” in the Internet — say, FaceBook — was unthinkable until someone thought of it and built it.  If the Internet loses its ability to support that kind of novel development, then it’s not the Internet anymore, it’s just another network.

It was a fun panel — good discussion with the attendees, too.   From the comments that came up during the session, it’s clear that people have very real concerns about where we’re going with the Internet as a platform for “permissionless innovation”, while ensuring that we retain some level of privacy and management of our personal information.

As Mike Nelson said, moderating the session — there’s enough meat in each of the topics we brought up to fuel a semester long university course!

The Future of Internet Development

Today, I want to share with you something that I’ve been working on for the last several months — a concrete vision and proposal for supporting the Internet’s development.


For some, “Internet development” is about building out more networks in under-served parts of the world. For others, myself included, it has always included a component of evolving the technology itself, finding answers to age-old or just-discovered limitations and improving the state of the art of the functioning, deployed Internet.  In either case, development means getting beyond the status quo.  And, for the Internet, the status quo means stagnation, and stagnation means death.

Twenty-odd years ago, when I first got involved in Internet technology development, it was clear that the technology was evolving dynamically.  Engineers got together regularly to work out next steps large and small — incremental improvements were important, but people were not afraid to think of and tackle the larger questions of the Internet’s future.  And the engineers who got together were the ones that would go home to their respective companies and implement the agreed on changes within their products and networks.

Time passes, things change.  As an important underlay to the world’s day to day activities, a common perspective of the best “future Internet” is — hopefully as good as today’s, but maybe faster.   And, many of the engineers have gone on to better things, or management positions.  Companies are typically larger, shareholders a little more keen on stability, and engineers are less able to go home to their companies and just implement new things.

If we want something other than “current course and speed” for the Internet’s development, I believe we need to put some thoughtful, active effort into rebuilding that sense of collaborative empowerment for the exploration of solutions to old problems and development of new directions — but taking into account and working with the business drivers of today’s Internet.

Clearly, it can be done, at least for specific issue — I give you World IPv6 Launch.

Apart from that, what kinds of issues need tackling?  Well, near term issues include routing security as well as fostering measurements and analysis of the currently deployed network.  Longer term issues can include things like dealing with rights — in handling personal information (privacy) as well as created content.

I don’t think it requires magic.   It might involve more than one plan — since there never is a single right answer or one size that fits all for the Internet.  But, mostly, I think it involves careful fostering, technical leadership, and general facilitation of collaboration and cooperation on real live Internet-touching activities.

I’m not just waving my hands around and writing pretty words in a blog post.  Earlier this year, I invited a number of operators to come talk about an Unwedging Routing Security Activity, and in April, we had a meeting to discuss possibilities and particulars.  You can out more about the activity, including a report from the meeting here.

That was a proof point for the more general idea of this “coordination” function I described above — for now, let’s call it the Centre for the Creative Development of the Internet, and you can read more about that here: .

In brief, I believe it’s possible to put together concrete activities that will move the Internet forward, that can be sustained by support from individual companies that have an interest in finding a collaborative solution to a problem that faces them.  The URSA work is a first step and a proof point.

Now the hard part:  this is not a launch, because while  the idea is there, it’s not funded yet.  I am actively pursuing ways to get it kick started, with to be able to make longer term commitments to needed resources, and get the idea out of the lab and working with Internet actors.

If you have thoughts or suggestions, I’m happy to hear them — .   Even if it’s just a suggestion for a better name :^)  .

And, if we’re lucky, the future of Internet development will mirror some of its past, embracing new challenges with creative, collaborative solutions.

Never. Stop. Learning.

Last week I had the privilege of participating in the Norwich University College of Graduate and Continuing Studies 2015 Residency Conference.    NU runs several online graduate programs, which have the requirement of spending one week (at the end of the program) on campus in Northfield, VT.

As a member of the advisory board for the highly-rated Master of Science, Information Security and Assurance (MSISA) program, I find it interesting to meet the students and see the breadth of backgrounds, interests and future plans that they have.  Online university programs are real, concrete, and provide access to education that would otherwise be very difficult for working professionals to accommodate in their busy lives.

The Residency Conference is the icing on the cake as students have the opportunity to meet each other and some of the professors they’ve been working with throughout their program.

And, really, who could resist the opportunity to spend a week in Vermont?

Not I, clearly — this was my second opportunity to participate in the annual conference.  Last year, I gave an introduction to Internet governance, among other things.

This time, in addition to helping with facilitating case study discussion at the conference, I had the opportunity to participate by hooding in the Academic Recognition Ceremony for the MSISA and MPA programs — a fine opportunity to wear academic regalia!  The school’s photographer caught some pics, so there is evidence!

I’ve long been convinced of the importance of continued learning — always keep stretching, doing, learning.  Last week’s Residency Conference energy was a reminder that formal education, whether in person or online, can be an even more intense and rewarding experience than self-directed learning.

Making or Breaking the Internet: Policy choices


A visible product of my “self-funded sabbatical” is now published!

On the Nature of the Internet, by Leslie Daigle

My aim and hope is that it will provide some further insight into what not to do to the Internet intentionally or inadvertently,  so that collectively we can agree on the need to find better ways of dealing with the very real policy issues that need to have solutions.

The Internet has proven itself highly accommodating of change over the decades — today’s Internet looks nothing like the network of networks that existed 25 years ago, when commercial traffic was still prohibited from traversing it.  But, most of the changes that it has faced have come from technological or direct usage issues.  In today’s reality, many of the forces at play on the Internet are direct or indirect outcomes of (government and regulatory) policy choices.

If we want to continue to have a healthy and evolving Internet, we need to learn how to make policies that are consistent with, or at least not antithetical to, what makes the Internet work.

So, when I was asked last year to write a paper on the nature of the Internet for the Global Commission on Internet Governance, I turned first to the work we’d done at the Internet Society on the “Invariant Properties” that are true of the healthy Internet.   In the paper that I wrote for GCIG, now published as their 7th paper for this commission, I tackled the questions of policy choices that are driving us towards national networks and localized abuse of Internet infrastructure, through the lens of those 8 invariant properties of Internet health.

Here’s the executive summary:

This paper examines three aspects of the nature of the Internet: the Internet’s technology, general properties that make the Internet successful and current pressures for change. Current policy choices can, literally, make or break the Internet’s future. By understanding the Internet — primarily in terms of its key properties for success, which have been unchanged since its inception — policy makers will be empowered to make thoughtful choices in response to the pressures outlined here, as well as new matters arising.

Have a read of the paper, and let me know what you think — other examples of policy driving us in the wrong direction?  New approaches to policy-making that will help us solve problems and have a healthy Internet?  I’d love to hear your perspective, and — more importantly — see a broader discussion develop around different perspectives.