From: S < s...m...@gmail.com>
Date: Sep 4, 2006 12:15 PM
Subject: First of a possible series of Papers on Internet NeXt: Unforeseen and unseen Ogre in today's Internet Architecture viewed from 500,000 feet above:
To: DWe < dj...@w3.org>, st...@w3.org, ti...@w3.org
Cc: S " s@in.name"
(This was in 2004, though well meant, for want of sufficient understanding, the ideas expressed were unbalanced)
Internet NeXt:
Paper One
Unforeseen and unseen Ogres in today's Internet Architecture viewed from 500,000 feet above:
This is a more presentable version of an email message that I sent to the Technical Architecture Group of the W3
consortium while my company is still not a member of W3C. This is the first of an emerging series of a non-technical
conceptual treatise on Internet NeXt, that would go on to point technical directions, so as to emerge as a blue print
for a far more advanced, but far less dangerous Internet.
http://lists.w3.org/Archives/Public/www-tag/2006Nov/0095.html
Tim Berners-Lee invented the world wide web and a world of brilliant scientists and professionals have caused and
continue to cause this amazing wonder called world wide web happen.
From 50, 000 feet above the complex architecture that has emerged in such a short time as 10 years amazes anyone.
This amazement is suspended with the purpose of telescoping on the unintended and uncontrollable critical flaws in
the foundation, structure, facade and interiors.
Sky way without air routes and ground control
From far higher above, from 500, 000 feet above, it looks like a million aeroplanes, all piloted by those who assert their
right to fly, no pilot's licence, no air traffic control, no air routes, aeroplanes not only made by Boeing, Airbus and
McDonnel Douglas, but made by anyone, even by garage mechanics, not under legislation to mark the planes with
an ID, no air speed limits, no ground clearance, no navigation laws, no ground crew, no X ray machines to enter or
leave the aircraft.... total and complete freedom to fly.
Or, is this New York city as an absolutely free port with no traffic lights?
Or it looks like New York city without an immigration authority, no FBI, no NYPD, citizens drive their unmarked cars
on the right, left, center, across, on pavements and lawns and sometimes inside the buildings, their own and every one's,
no traffic police, no traffic lights, no toll gates, no road blocks, no speed limits, no driving licence, no name plates, no
driver's age limits....Freedom to live in a house without a door number. Someone unknown pings ceaselessly on the
door, someone scans the windows and pipe lines for gaps and holes. Seconds later a heap of garbage gets pumped up
the water pipe, clogs not only the water pipe but floods the entire house, spills over onto the streets, and still continues
to flow across the city... Who is doing this? It looks like a school girl... no it is a boy.... No, no, it is a grown up adult....
Or is it a robot? He, She or It is here... Oh NO, gone, gone away without leaving a trace..
Privacy and Anonymity are not Synonymous
The West understands and values Freedom but not the concept of obligations as an essence of such freedom. ( There
is a Declaration of Human Rights, but is there a Declaration of Human Obligations to balance the rights? ) Privacy can
not exist in complete anonymity. There can be no freedom when essential controls are non-existent.
Rights can not exist without Obligations
Concerns for excessive freedom and privacy on the worldwide web caused the exact opposites to happen - a freeman
does not have to hide, but on the Internet most people hide. Amidst all the clamour for privacy anything that anyone
says on the Internet today is open for theft and abuse by anyone with advanced search skills or basic hacking skills.
So much for the results of the universal cries for freedom and privacy, flawed by the inherent narrow thinking that
stops short of the concept of obligations..
Life 30 years later is a millennium apart
Before the Internet, before Windows and Mac, people invited people to their homes; people trusted people. The bus
driver, door man, schoolmate, workplace colleague and neighbours recognized a person, knew his or her name and
he or she had no concerns about socializing. There was enough privacy when he or she chose to. But on the Internet
today everyone hides sometime, and some people hide all the time. It is not too abnormal to come across someone
who refuses to say if he is man or daemon. Often it is because the open Internet is becoming unworthy of openness.
Spam, Filters, More spam
Spam, Filters, more spam, Virus, antivirus and more virus, intrusions, firewalls and stealthier intrusions.... it is a never
ending battle on the Internet and the world is not winning on this battle within.
Worldwide web is not free as long as it is free, is not private as long as it permits total and complete anonymity (which
is sometimes desirable and sometimes necessary) and it is not productive enough unless there are some basic
safeguards.
Split Second Shut Down to Reboot
Newer standards and greater technical advances are emerging. But what needs to be done when new hardware and
software are installed on a PC? Reboot the machine otherwise the new hardware and software does not work or cause
more chaos.
Is there a way or rebooting the world wide web? (this is a notional expression, explained in the papers to follow)
Can we explore the possibility of an master re-design and concerted implementation of newer hardware, newer software,
newer protocols, a split second shut down, universal log off and an instant reboot?
There is a definite way, the world will like it, it can be smooth, can happen fast if not in a split second, it will make not
only the cyberspace less dangerous but also the physical space and the effort can find its own funds, its results can
be commercially prolific, if so desired for common good...That would be Internet NeXt.
The focus on this first paper has been largely on one of the fundamental aspects, namely authenticity. A lot more to
be written, (perhaps to be based on basic and advanced technical guidance from W3C, possible online and offline
interaction with W3C and later by interaction with experts from everywhere, on so many other aspects) before a
complete picture of a possible blueprint emerges.
(some of the) Conceptual Outlines to follow before a complete picture emerges
- Costume Party Gateway.
- URIs (Digital id) in two levels, visible and invisible
- Harmless Graphics
- A re look at the NeXt browser for NeXt
- Real Revenues from Virtual Space for the good of the people in general and for the Internet in particular.
Paper Two
Reconciling Society's Concern's for Privacy with the imperative of Authentication:
The Costume Party Model
This part of the paper deals with the issue of reconciling Privacy considerations with a need for authentication. To
propose a solution the Costume Party model is examined:
What happens in a costume party? People take part in costume parties to be there free and uninhibitted, unnoticed,
for whatever reason. Even in a perfectly anonymous costume party, shut out from law and order agencies, free of all
rules.... there are some UNDERLYING SAFEGUARDS AND RULES.
1. As the hostess of a costume party Jane from SmallTown is not in a position to match each of the costumed guest
with the real people she had INVITED, but she knows who she had invited. She knows that everyone present, beneath
their masks is legitimate. If there are 100 costumed guests, all 100 costumed guests were pre-approved by Jane at
some point of time in the past, she knew them all, so invited all those whom she knew or those whom she knew knew to the
costume party.
2. The real people changed into their costumes at the parlor at Jane's Doorway. The trusted parlor maid attended to
the guests, she knows that Cynthia went into the changing room and came out costumed as a White Rabbit. Likewise
she knows what costumes each of the guests took up. Parlor is isolated from Jane's house and the parlour maid is
not part of the costume party. Guests know that the Parlour maid wouldn't come to the party to interfere in their
anonymous adventures.
3. No guest present will know the real identifies of the other guests unless they mutually chose to disclose their
identities to each other. This is a rule that is always honored in all of Jane's costume parties.
4. If someone had spilt wine on the table by accident Jane barely noticed it. If someone deliberately broke a wine
bottle and splashed wine on the carpet Jane gently warned them in-costume. If any one of the costumed guest
behaved in a manner that was not even tolerated in a costume party, Jane sent that person out, in-costume. No
costumed guest is unmasked, almost never, ALMOST, unless it is noticed that one of the guests, say, the White
Rabbit was wearing a concealed weapon and that the person's movements were perceptibly malicious.... Then
Jane calls the parlor maid and finds out that the white rabbit is Cynthia.....Her Security staff makes some further
enquiries on Cynthia and discover a criminal background and suddenly Jane is alert and the White Rabbit aka Cynthia
is turned over to the police.
This RARE EXCEPTION of a call to the parlor maid is understood by all costumed guests who are otherwise secure
that Jane would never unmask a person unless the person becomes a dangereous threat or has committed a
dangerous act. All guests endorse this exception which is essential for their security.
Jane On the internet:
1. Gateway Master Authentication: A CENTRAL Internet Gateway master Authentication Server (IGMAS) where a person
authenticates with his real identiry on his very first entry into the Internet as a new Internet user. After registering with IGMAS
the new user takes his Authorization code and superficial and minimal personal particulars to the local ISP for a new internet
connection. The user gets an Internet Account and user name, which is all that is required for session authentication.
This gateway authentication by the ISP for every session is negotiated through IGMAS servers to permit / deny internet access
for the session. The only way to get on the internet is through this gateway. The internet infrastructure is so modified of all
side doors. If Jane from SmallTown connects to her local ISP, the ISP communicates the LIMITED INFORMATION Jane
has provided to the central Internet Gateway master Authentication Server (IGMAS) or its ultra secure authentication
mirrors. IGMAS stores in its info vault a MORE ELABORATE AUTHENTICATION RECORD of everyone who wants
to be on the Internet. IGMAS is perhaps owned by an internet governing authority, or owned and operated by the people
of the world represented by Internet Security Groups and Internet Privacy rights groups. IGMAS server stores such data
as Jane's age, sex, permanent physical address, nationality, employment data, biometrics, passport number, social
security number and all other particulars that may be necessary. The local ISP stores merely Jane's user name,
password and if implemented, biometrics.
( Jane signed up for the internet account with the ISP by first logging on to IGMAS with her IGMAS internet master
identity and on the IGMAS web interface Jane navigates to find the ISP named SmallT ISP, IGMAS gives Jane a
session through its web interface with the SmallT ISP and by this token the SmallT ISP knows that the person
attempting to sign up is a IGMAS authenticated person. SmallT ISP asks no further questions. Jane says she is Jane,
doesn't disclose age or sex or physical address, chooses a bandwidth plan, chooses a password and presents her
biometrics. This is how she signed up for the internet account. IGMAS in this earlier case acted like a one time
internet account sign up gateway )
2. IGMAS authenticates Jane without disclosing any further details about Jane to SmallT ISP and SmallT ISP connects
Jane to the Internet. Jane enters the internet gateway for her internet session. She goes into the chat room as Amidilla,
logs into her email account as Cityboy_123@anomail.com , logs into her employer's website LegitimateCorporation.com
as Jane.William, connects to an anonymous proxy server, masks her IP address and NIC address and browses
shopping sites or other sites that she chooses to. She interacts with groups with an altogether different id, says she is
from Midcity in South America and she maintains this identity with the groups. She does whatever she pleases.
Anomail required some quasi-authentication on the part of Jane before allowing her an email account, Jane authenticated
by identifying herself as the same person as the person with the email account Jane.William@LegitimateCorporation.com.
The chat room required very basic authentication, so Jane said she is Cityboy_123@anomail.com. Jane trusted the
chat room administrator not to reveal her cityboy email address and trusted anomail not to reveal her legitimate
corporation identity. The anonymous proxy server knows that Jane is Jane from SmallT ISP and beyond this it is
impossible for the proxy server or for the ISP to know the complete personal particulars of Jane.
3. SmallT ISP prompts to authenicate at intervals if Jane's session is too long or if timed out and mid session
authentication between SmallT ISP and IGMAS happens at the background and does not take the 10 seconds it took
at the beginning of the session.
Jane's multiple identies are legitimate, her concerns for privacy is legitimate, all the masks that she chose to wear are
agreeable. Jane might do a bit of mischief here and there and IGMAS would ignore such minor mischief if reported by
SmallT ISP or anomail. But if Jane becomes a serious threat to the internet infrastructure or to humanity in general,
Law and Order Agents with escalated responsibilites may approach IGMAS with an unmask request. The Authentication
server has a right to reject even those requests and when inclined to grant a request, requires a veto like internal
directive for release of authentication records. IGMAS server respects privacy rights and it would take an incident of
very dangerous implications for IGMAS to pull up her records by a process that would require simultaneous multiple
approvals within IGMAS.
Law and Order agencies, commercial establishments may be tempted to approach IGMAS with an unmask request on
minor crimes, but the IGMAS data storage and retrieval system is to be so designed to be almost permanently locked
up, unless in a specific incident of extraordinary significance and even those extraordinary circumstances would require
veto like procedures within IGMAS administration. IGMAS would in a sense work like a global proxy server or as a
gateway level compulsive router.
