4.7.

A CLOUDY CRYSTAL BALL- VISIONS OF THE FUTURE 539

4.7 A Cloudy Crystal Ball- Visions of the Future

Presented by Dave Clark/MIT

Bio:David Clark is a Senior Research Scientist at the MIT Laboratory for Computer Sci-
ence. He has been involved in the Internet community since 1976, and was Chair of the IAB
from 1981 to 1989. He is involved in research on high-speed networks, support of real-time
services, and networking for the information age.
 VIEWS OF THE FUTURE VIEWS OF THE FUTURE

Guessing the future

A Cloudy Crystal Ball

Visions of the Future
David D. Clark
M.I.T. Laboratory for ComputerScience
Identify the major external forces.
Consider each separately: the future if each dominates.
Speculate on what happens when we mix the stories
together.

IETF, July 1992

Alternate title: ApocalypseNow

V~EWSOF THE FUTURE VIEWS OF THE FLmJRE

Forces that shape us Video and Real-Time

Newservices:
¯ Real time (video)
- Information access
Commercial network offerings:
- SMDS-> B-ISDN -> ubiquitous
¯ A new "kid" on the block?
Cyber-terrodsts:
¯ "Security" gateways(Mail relays._)
Us:
- Wehave met the enemyand he is _
Our best success was not computing, but hooking
people together.
Video and related services might be even more
powerful.
ATMaccess o Do not use the phone analogy to speculate.
Small technical problems:
¯ Figure out how to do iL (MIT research here)
¯ Changeall the routers.
- Chargefor service.
- Makeit affordable.
Work-stations are "almost there".

Computermediated video interaction, a.k.a, games.

VIEWS OF THE FUTURE VIEWSOFTHEFUTURE

The network as an Information Mesh Commercial network services

An old goal, not yet achieved. What are the issues?

Recently, someneat stuff. Policy:

¯ WAIS, W3, Archie, Gopher, Prospero, etc. ¯ How do we charge?
¯ IETF, IRTFactivities. ¯ Is there a role for monopoly?
¯ Business vs. ubiquitous access?
Does it require changesin the infrastructure?
- Scale, not speed,is the issue. Technical:
¯ Infrastructure must know about information ¯ Control of routing.
objects. (MIT research here) - Support for accounting.
- Names - Security.
- Types
Newservices: charging lot services, security (MIT
research)

=~L~L~:~.as
an information interface.

540
 VIEWS
OFTHEFUTURE VIEWS
OFTHEFU’I~URE
i i
ATM- A really big elephant The 9O’s ~he decade of the cyber-terrorist
Myths from New Jersey: What I hated about the Morris worm:
¯ "They" will supply the scalable address space. - I found out about it on the Todayshow.
¯ "i’hey" will solve the routing problem.
¯ ATMwill solve the problem of real-time and QOS. A workedexampleof a painless act of terrorism.
¯ "They- will be here real soon. ¯ The hacks of today are the commonplaceof
tomorrow. (True for goodstuff, why not bad stuff?)
What are the real issues here?
¯ The network designers with telephony background A digression: my Intemet security talk.
do not understand multi-application networks.
¯ The phone companies have no history or approach
to rapid deploymenL
o They do not know how to do QOSeither.
An example: why ATMLANs.
¯ My personal research: Everyone-> Sun-> standard.
¯ WHEN will the standard come?Mismatch possible.

VIEWS
OFTHEFUTURE views OFTHEFUTURE
SECURII"~ WHAI"~ THE PROBLEM~

Security is a CRITICALproblem. Large networks and poor security don’t mix.

Lack of security means the ENDOF UFE AS WEKNOW Userswill less and less tolerate the risk of being
attacked from anywherein the universe.

A time for ACTION!!! Look at the Internet worm.

¯ Checkout the level of publicity.
- Consider the potential for damage.
¯ Consider who else has noticed the above.
(Can I be moreexplicit?)
Will this be the decadeof the cyber-terrorist?

VIEWS
OFTHEFUTURE
views OFTHEFUTURE
WHAT WiLL HAPPEN? WHY ARE APPLICATION RELAYS SO BAD?

Without better levels of protection, people will not be Application level relays have two problems:
willing to attach to the Intemet
¯ The signal the end of flexible service introduction.
The "GREAT UNPLUGGING"?
- Too dramatic... - They don’t work very well (consider mail today).
The decadeof firewalls?
¯ Already happening. Theend of the openroad ....
Thefencing of the West....
MAIL RELAYS(Yuck!). TheItalian telephonesystem....

541
 VIEWS
OF: THEFUTURE VIEWS
OFTHEFUTURE

WHY DO APPLICATION LEVEL RELAYS HELP? WHAT CAN WE DO?

Option 1- Makesystem security better.

Whydo they help?
¯ Most security bugs are not in the specification, but
in an Implementation of the specification.
¯ To penetrate a system protected behind an
application level relay, it is necessaryto break two
implementations.
¯ Lowerlevel attacks (tunneling attacks) cannot get
past the relay.
- Insecure services can be blocked.
¯ Not "our" problem".
- Wemust band together and make demands.
o Fix insecure services.
Option 2: Accept the inevitable; makeit work.
Whydoesn’t it work well?
RELAYS ARE NOT CONSISTENTWITH THE BASIC
ASPECTS OF THE PROTOCOLARCHITECTURE!!

VIEWSOFTHEFUTURE VIEWS
OFTHEFUTURE

’THE ARCHITECTUREAND THE RE~’~ ’ wHAT ;’WE" SHOULDDO ’

ii iiiii

The protocol architecture assumesuniversal Lobbyfor better system security.

connectivity at the network layer.
Fix insecure services.
Relays break that assumption. Things stop working. - PASSWORDS!!!
Some examples: Push for "open domains".
- Names, addresses, routes. - Better security = larger domains.
¯ Fault isolation.
Develop a new protocol reference modelfor application
Recreation in adhoc manner of the whole network level relay networks. Makeit work. Accept it.
functionality at application level.
¯ Consider X.500 and X.400. Don’t just sit there and think it does not matter.
¯ Security is the problemwe love to ignore.

VIEWS
OFTHEFUTURE VIEWS
OFTHEFUTURE

Somelessons Walking amongthe wild elephants

Bad things do not happenall at once. Plan of today:
- AIDS, crime, routing collapse ¯ Fix addressing and routing.
o Leavesecurity at end point. Pray.
Things get worse slowly. People adjust. - See if new services stampout mail gateways.

The problemis assigning the correct degree of fear to Analternative plan (just for fun!!!)
distant elephants. ¯ Build application-independent boarder crossing
¯ Whenshould we (have) declared panic about: boxes.
- Addressing, security, ¯ Ignore the addressing problem.
- Build a new network based on application, not IP
Always ask: What will happenif i do nothing? connectivity. Routing and addressing at this level.
o Usethese rules.

No security -> mail gateways.

No addressing -> ?? MAIL GATEWAYS
and X.400.

542
 VIEWS OF THE FUTURE VIEWS
OFTHEFUTURE
The last force on us - us A look at us
The standards elephant of yesterday - OSi. What are we good at?
¯ Respondingto short term reality.
The standards elephant of today - its right here. ¯ Building stuff that works.
- Calling bad stuff bad.
As the Internet and its community grows, how do we
managethe process of change and growth?
¯ Openprocess - let all voices be heard. What are we bad at?
¯ Closed process - make progress. - Growing our processes to match our size.
¯ Quick process -- keep up with reality. ¯ Setting long-term direction.
o Slow process - leave time to think
- Market ddvenprocess -- the future is commercial.
¯ Scaling driven process - the future is the interneL
Wereject: kings, presidents and voting.
Webelieve in: rough consensus and running code.

VIEWS OF THE FUTURE VEWS OF THE FUTURE

An example - making standards. An example - long term planning

What is the correct model? Consider the addressing/routing situation.
o I amtrying to ask this in a constructive way, please.
Consider (just for fun) my security elephant.
Today: IESG proposes, with lAB advice and consenL
o Sort of like the Houseof Lords. Howcould we as a group decide what to do about
security?.
IESG alone is enough? - Can we converge on an assessmentof.the peril?
- I think some"checks and balances" are good. ¯ Canwe rank this with other perils?
¯ Can we direct the funds to do research?
Supreme court model? ¯ Can we hold a steady course in the storm?
¯ Life appointments!!! No...
o Arbitration? TANNSAAFL judging?
! offer these questions for your deliberation?
Whatis the community(meta-)process that will create - Think positive thoughts.
the acceptable process? ¯ Remember:if we have a problem it is due to too
much success.

543