Thoughts on IT

Is consent: NO/Objection a single point configuration since it doesn't need agreement? Basically my "key"

Easy way to trust because it recognizes from self and not-self?

Security is what gives us identity

You can sign the money, cannot tell who used it: hard guarentee of privacy - can not reverse operations and trace it back

What's in a Name (Van Jacobson) "Binding is immutable - data associated with the name can not change. This changes the coherence problem to a communication problem: A remote change makes your knowledge incomplete but cannot make it wrong. Coherence problem of containers: when you replicate container somewhere, you have to make your replicas consistent with the master copy

60:47 if I change the 60:48 calendar entry I've changed this name 60:49 because if nothing else I've changed the 60:51 bits on the end and they may remember to 60:53 change the version number I may not but 60:55 I've made a new item if I change any 60:57 part of this alright so because of that 61:01 I don't have the coherency problem that 61:07 I do if I'm talking about containers 61:10 whenever you try to replicate content 61:14 when you have a container model of the 61:16 world you have to make your replicas as 61:18 consistent with the master copy that 61:21 lives in a container somewhere it lives 61:23 on some machine that defines the content 61:26 we don't have locations for content the 61:30 content itself authenticates itself and 61:33 identifies itself no matter where it is 61:35 and you don't have to be consistent with 61:38 any other copy you have to be able to 61:39 validate this copy this is a legitimate 61:42 copy of version 3 you can check the 61:44 signature and make sure that's true what 61:47 that means is when you're doing 61:48 coherence protocols 61:50 there's nothing that can happen that can 61:53 make what you know wrong right nobody 61:56 can change this version underneath me 61:59 they can create a new one so they can 62:02 make my knowledge incomplete but they 62:05 can't make what I know wrong and that 62:07 completely changes the operation of the 62:10 replication the consistency and the 62:12 coherence protocols

You need a name.

I use my key to sign the calendar - I give it a delegated key to use my calendar (realm of a key - meaning in a limited domain)

I can have different reasons to trust a key than how other people establish trust: you can choose how to trust. Depends on the context. Right now we have a one size level for all: we check Verisign if it's true.

Identity creates = shared

78:26 you can build up reputation systems and gossip systems 78:27 that let you distribute the work of 78:28 verification in the presence of 78:30 replication so that you get valid 78:33 replicas everywhere doing the work at 78:36 the edge so you get scalability as the 78:38 edge grows you get more places to do the 78:40 checking and you don't tend to 78:42 concentrate the work in the center okay 78:45 trust model so you have to do security 78:48 validation in some sort of trust model 78:52 and as I say the one that we've got now 78:55 the gods anointed by the route 78:58 authorities they determine all trust

there's a fundamental 83:22 change that happens at the network 83:25 management and the network configuration 83:26 level when you put in security at the 83:29 bottom and now these are my words not 83:32 Diana 83:36 john maynard smith the evolutionary 83:38 biologist who gave us evolutionary game 83:41 theory and a lot of mathematical insight 83:44 on how ecosystems and organisms create 83:48 themselves how they self organize and 83:51 structure in one of his books he said 83:54 that identity creates organism that the 83:56 thing is fundamental to making or an 83:59 organic unit a cooperative unit is a 84:01 shared notion of identity and you get it 84:03 in things like bodies because our end 84:05 identity comes from our DNA but we get 84:08 it in other things like communities and 84:09 families because of shared context and 84:11 shared experience you can't make 84:16 networks today that behave organically 84:20 that have levels of cooperation in the 84:24 network because there's no notion of 84:26 identity that you could use to bootstrap 84:30 that organism that cooperation if you 84:36 move to a Content view several things 84:39 get easier one is your configuration is 84:43 dead simple the only thing that you ever 84:45 need to configure is the signing key it 84:48 includes the identity and it's a 84:50 structured key so it includes your 84:52 identity at many levels right your 84:54 individual identity but your role you 84:57 know I do calendars your organization I 85:00 do calendars or vanian Park 85:03 there's many pieces of information that 85:06 are embedded in that identity that you 85:09 can use to say who you should trust and 85:12 at what level but another interesting 85:16 thing is in host a house communication 85:20 point-to-point communication there's 85:23 always two ends and so you have to 85:26 configure the two ends to agree you have 85:29 to configure the same information in two 85:32 points if you have to configure the same 85:35 thing two places for stuff to work 85:37 there's a much better even than even 85:40 chance that it's not going to work right 85:41 because 85:43 there's lots of ways to misconfigure if 85:47 you don't have point-to-point 85:49 communication if you're talking about 85:51 stuff not to stuff all configuration is 85:55 single point you never have to get 85:58 agreement you're saying what you want 86:00 you know what you want 86:01 nobody has to agree on that for you to 86:04 say they have to have it in order to 86:07 respond but they don't have to agree so 86:11 you get this really robust configuration 86:14 single point configuration that you 86:16 can't miss configure because it doesn't 86:17 have any agreement involved in it and 86:21 the configuration includes some notion 86:24 of community and identity and you can 86:27 use that as a sense of self so as you're 86:30 learning about the world you're learning 86:32 about the things around you and what you 86:34 should do in that world when the outside 86:36 world tells you things gives you 86:38 information tells you about its context 86:40 you know what you can believe what you 86:41 can't believe you know what's relevant 86:43 to you because you can filter through 86:45 your identity and they have to put their 86:47 identity and everything that they're 86:49 telling you so you can you say I'm a 86:50 writer and you're giving me adjacencies 86:54 and we're the same organization we're 86:57 the same network I guess I'll believe 86:58 your adjacencies if you're not the same 87:01 organization you're not the same network 87:02 you've got a different signing key well 87:04 I'm glad to know about your adjacencies 87:06 but they have nothing to do with me so 87:09 you get an easy way of getting trust 87:12 without additional configuration and the 87:16 example that I gave about defending the 87:17 namespace all of the infrastructure can 87:20 recognize not self in addition to 87:23 recognize himself right that the two 87:25 concepts are complementary so you know 87:27 what's not you you know what you should 87:29 defend against and you you can muster 87:32 all of the infrastructure to protect 87:35 things that need protecting rather than 87:37 having to localize those and we can't do 87:40 that with current networks we can't do 87:42 it because our Security's an 87:44 afterthought and this is a deep 87:46 annoyance of mine that we've always made 87:51 security an afterthought but as not is 87:54 fundamental and it 87:56 fundamental to organisms right security 87:58 is what gives us identity we tend to 88:00 think of security in terms of privacy in 88:03 terms of encryption but if you look at 88:07 Rivas webpage a lot of their work has 88:10 been on signing has been on a identity 88:13 because identity is a much more 88:15 fundamental operation and a much more 88:17 important operation it's really a Swiss 88:18 Army knife of security and the privacy I 88:22 mean that's interesting being able to 88:24 encrypt stuff and keep her private 88:26 that's good but it's not nearly as 88:29 fundamental even if it's really 88:31 fundamental whose identity and identity 88:34 doesn't have to disturb privacy in fact 88:36 it's the other way around what most of 88:39 Ron's recent research has been on micro 88:41 payment systems and small transaction 88:44 systems where the users want anonymity 88:48 and you use signing to create the 88:51 anonymity what you do is you sign the 88:54 money so that you don't have to identify 88:56 the principles and you can sign the 88:59 money in a way that it's not traceable 89:00 it's identified as money it can only be 89:02 used once but you can't tell who used it 89:06 you can't tell what it was used for and 89:09 you can and that's again it's a first 89:11 principle as a servant it's a very hard 89:14 guarantee of privacy as a mathematical 89:16 guarantee but nobody no matter what 89:19 information they have available to them 89:21 doesn't matter if you're Dick Cheney you 89:23 can't tell who use this money to buy 89:26 what there is no information that would 89:29l et you reverse the spending operations 89:31 and track it back and that's a promise I 89:33 mean operation I really is a Swiss Army 89:35 knife and there's something that we 89:39 should be integrating into our thoughts 89:41 very early and we don't they at least 89:44 the tendency in the u.s. is I don't do 89:47 security 89:47 I don't know security all that security 89:49 stuff is magic right that's a poor point 89:52 of view that really impoverishes our 89:54 world

IP lookups work the fact that 98:06 the structures implicit not explicit so 98:09 that we wanted to fix that for CCN CCN 98:12 structure is explicit which means that 98:15 you can use hashing and all this 98:17 wonderful work over the last decade for 98:19 the lookups and so even though the names 98:21 are longer you can look them up as fast 98:23 as you can look up IP names because the 98:27 explicit structure enables a lot of 98:28 recent research

Context-sensitive "immutable" name - which makes sense "This room's projector", This meeting etc. Set up the routing table so the 100:00 semantics of addresses come from policy 100:04 considerations in how you set up fits 100:06 how you can give the forwarding it's the 100:08 same for CCN there's the node machinery 100:12 doesn't give any meaning to addresses in 100:14 particular addresses can have local 100:17 meaning which gets reused and the one 100:20 that I would really like to see in place 100:22 so that we didn't did that to this cable 100:24 dance that we had to do this morning was 100:26 I have this presentation which has a 100:29 globally routable name you could pick it 100:31 up from anywhere in the world in this 100:34 room there's a projector and I can talk 100:36 to that projector on a local vein that's 100:40 the same in every room if a room has a 100:41 projector I can say this room slash 100:43 projector and I'm talking to the 100:45 projector alright so I could wire that 100:47 into a piece of software that I never 100:48 change and when I want to do a 100:50 presentation I go to the projector and 100:53 say projector here's a presentation 100:55 for me please right um no wires to hook 100:58 up it's a name that rehook sit self up 101:02 it's a contextual name and I can do lots 101:05 of variations on that theme it can be 101:07 this room could be this meeting it could 101:09 be my family 101:10 names that have useful local meaning the 101:15 changes based on the context and you 101:18 want to make the name static and take 101:20 advantage of the fact that it's being 101:21 rebound and particularly when you're 101:24 doing more coupled worlds you're doing 101:27 energy management so I would like to 101:28 talk to this room's thermostat or this 101:30 room's lights if I want to do that with 101:33 IP what's the IP address of the light 101:36 switch right who knows how could I find 101:39 out there's just no way to express that 101:44 but in a Content model it's easy to give 101:47 it a name and if there's a communication 101:50 infrastructure it's easy to talk to that 101:52 name

They're working in a pairing and a flow 107:50 balance if you've got this pairing if 107:56 you've got this balance then there's a 108:01 beautiful piece of work by Frank Kelly 108:03 of Cambridge a book he published in 79 108:05 which I didn't read it until 89 and 108:08 would have saved me a hell of a lot of 108:10 time if I'd got into it a decade earlier 108:13 called reversibility and stochastic 108:15 networks where he talks about the 108:17 properties of this detail balance and 108:20 the first principles properties are if 108:23 you construct a network that's got flow 108:25 balanced or even approximate flow 108:27 balanced some of line transform of a 108:29 balance then it's absolutely robust a 108:34 silly opponent of stable under arbitrary 108:36 traffic and arbitrary load which 108:40 basically it's why we could grow the 108:42 internet it doesn't matter how big you 108:45 make it doesn't matter help me host you 108:46 put on it the balance property let's all 108:50 of the interested parties control the 108:52 traffic so that it can not get very far 108:55 out of balance so there's a bound on how 108:58 bad it can get 109:00 now that bound can still be pretty bad 109:04 it's the amount of buffering that we've 109:05 got in the network and we tend to put a 109:07 lot of buffering in the network and so 109:09 things can suck pretty badly while 109:12 you're waiting for all those packets to 109:13 go through but it's a bound 109:15 and it's a hard bound hard mathematical 109:17 bound it says you can grow this network 109:21 so it's it's a really important property

interfaces because your step Maxime the 111:09 interfaces have to have a buffer in 111:11 front of them that's right because there 111:13 is no global scheduling system that 111:17 prevents packet conflicts it's perfectly 111:19 reasonable to have a packet arrived on 111:22 interface 0 and 1 simultaneously bound 111:26 for interface 2 right so even if all the 111:28 wires are the same speed 111:30 you're gonna instantaneously overload 111:33 the output interface by a factor of 2 111:35 and there's no requirement that those 111:37 interfaces be the same speed very often 111:40 if some are local interfaces in summer 111:41 long haul the locals tend to be many 111:44 orders of magnitude fatter higher 111:46 bandwidth in the long haul interface 111:48 because the economics aband 111:50 so you're required by the design of the 111:54 protocol to have a buffer to handle the 111:56 transient overloads in the raid 111:58 adaptation and the packet 14 model is 112:03 packet comes off the wire first thing 112:05 you have to check is is this destination 112:07 address me is it bound for this node 112:11 if so you punt it up to your transport 112:14 stack

No global dependencies, local dependencies. CCN can ask three locations at the same time, one might have it.

Thanks to link in FedWiki matrix channel by Duke