7 (Whereupon, a short recess
8 was taken.)
9 ASSISTANT SECRETARY GALLAGHER: Well, there was
10 certainly a lot of vibrant discussion over the break. That's
11 good to see. We're now ready to start our second panel which
12 is going to focus on the appropriate role of government.
13 And before we start that I want to once again thank Joe
14 Watson for the great job he did comoderating that panel
15 with Dan Caprio and with Mark Skall.
16 It's a pleasure to work with both of them as
17 teammates as we look to advance the cause of technology in
18 growing our economy here at the Department of Commerce.
19 And we'll sit down and start this panel right
20 away. And we'll start with introductions. And why don't
21 we start with you, Jim, over here on the right. If you
22 could use the microphone.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
113
1 MR. BOUND: Good morning. My name is Jim Bound.
2 I'm here as chairman of the North American IPv6 Task Force
3 and I'm also the Chief Technology Officer at IPv6 Forum
4 and my part-time job is as a Hewlett-Packard fellow.
5 MS. KRAUS: I'm Marilyn Kraus and my full-time
6 job is in the office of the DOD CIO working on IPv6 policy
7 and transition planning.
8 ASSISTANT SECRETARY GALLAGHER: And all the vendors
9 are very interested in what you have to say.
10 MR. MARSHALL: I'm Preston Marshall from Defense
11 Advanced Research Project Agency, DARPA. I do a number of
12 wireless research programs.
13 ASSISTANT SECRETARY GALLAGHER: If I could just
14 pause for just a second on Preston. Preston has been another
15 friend of the Department for a long time and somebody who on
16 other panels and other fora mostly regarding these
17 wireless issues has been a real leader in helping the
18 United States develop spectrum policies that makes sense
19 looking forward with adaptive technologies.
20 And probably the key way he's done that is by
21 really cementing in the minds of policy makers what it's
22 all about and seeing that the importance of the goal that
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
114
1 we strive for every day in spectrum policy. So thank you,
2 Preston, for coming.
3 DR. MAUGHAN: Douglas Maughan. I'm a Program
4 Manager in the Department of Homeland Security Science and
5 Technology Directorate running the cybersecurity R&D
6 programs.
7 ASSISTANT SECRETARY GALLAGHER: Vendor interest
8 there, too.
9 MR. SOKOLOWSKI: Gene Sokolowski from GSA's
10 federal technology service.
11 DR. SUMMERHILL: I'm Rick Summerhill with
12 Internet2. Internet2's a consortium of roughly 200 or so
13 research universities and my responsibilities are
14 primarily backbone research so we run an IPv6 backbone for
15 example.
16 MR. TANNER: My name's Ted Tanner and I'm an
17 architectural strategist in the Windows Technical Public
18 Policy Division.
19 ASSISTANT SECRETARY GALLAGHER: Welcome. And now
20 for those of you that don't know Rick is my former boss and a
21 great representative from the state of Washington who is
22 here today and we welcome here at the Department of
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
115
1 Commerce.
2 MR. WHITE: Thank you, Mike. It's great to be
3 here and I knew I couldn't refuse when you invited me so I
4 appreciate that. I'm currently CEO of TechNet which is an
5 organization of about 200 CEOs of technology companies.
6 ASSISTANT SECRETARY GALLAGHER: Just to start the
7 questioning I was wondering if we could get some input
8 from those that have knowledge and authority within the
9 government what's the state of deployment of IPv6 in
10 software and hardware today?
11 How would we measure it, if you have suggested
12 measurements, and then also what those measurements are
13 today to the extent we know them. And Marilyn, since you
14 have the most experience in this, why don't we start with
15 you?
16 MS. KRAUS: And I'm probably the least able to
17 answer that question in the Department of Defense but let
18 me try to. Many of you know that a year ago, almost a
19 little over a year ago, DoD decided to, after much thought
20 and consideration, set a goal for itself of implementing
21 and transitioning to IPv6. And it set a goal date of
22 2008.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
116
1 And it also laid out some tasks because it
2 recognized that IPv6 was not here today in the form that
3 we, the Department of Defense, needed it to be and that
4 transition was going to be a difficult thing.
5 The Department of Defense is very complex with
6 lots of different stakeholders and lots of different
7 technical requirements. So it laid out the foundation of
8 what needed to be done in terms of transition planning, in
9 terms of testing and assessment.
10 And it also said that in order to be ready to
11 turn on IPv6 at the appropriate point that it was the
12 policy of the Department that we were going to start
13 buying products that were capable of operating in the
14 future world of IPv6 as well as continuing to be able to
15 operate in today's IPv4 world.
16 So we recognize that there was a lot of work to
17 be done and hopefully there was a lot of people out there
18 willing to work in that area besides us. We have spent
19 the last year in disseminating the word throughout DoD,
20 try to do at least the first level of transition planning.
21 We have established a transition office at the
22 Defense Information Systems Agency to coordinate efforts
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
117
1 on a technical level amongst our service components and
2 other components.
3 Now, as part of that we have done some looking
4 at products. I think everyone has read some of the
5 reports in Moonv6 and I guess our considered opinion at
6 this point is that the core set of standards and products
7 are probably out there, probably is not going to meet all
8 the requirements of DoD but certainly when you're talking
9 about a fixed-space infrastructure it's largely there.
10 Certainly, there are very key parts of it that
11 are not there and the ones that we're going to be looking
12 to work very hard in the future years, things like
13 mobility and operations and tactical environment, security
14 both in the transition and in the end state and as
15 enabling a quality of service to provide the performance
16 that we really need.
17 IPv6 comes as part of an overall major
18 transformation in Department of Defense one of which is
19 focused on netting our forces. So IPv6 is not the only
20 story but it's a critical enabler as far as we are
21 concerned.
22 So we have started to follow the standards,
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
118
1 hopefully participate in the standards bodies. We're
2 starting to understand from our components where our
3 current capabilities are, when things are going to be
4 technology refreshed or replaced by replacement systems.
5 But again, the big hole besides the ones I
6 talked about is and the one we're probably more concerned
7 with right now is lack of applications. And we've been
8 talking to our vendors through the Enterprise Software
9 Initiative where we have some blanket contracts with
10 vendors. And I think we're going to be seeing more and
11 more emphasis placed on what are your IPv6 capable road
12 map and when will it be in hand.
13 So I don't know if I answered your question but
14 basically if you're talking about running IPv6
15 infrastructure in something like Gig bandwidth expansion
16 we think we're pretty close to doing that and we could run
17 a dual stack. Not a hundred percent.
18 There's certainly holes that were talked about
19 here as far as tools aren't always available to run a pure
20 IPv6 but of course we see transition occurring on these
21 pilot networks over a long period of time.
22 We do have running a fairly large substantiation
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
119
1 of a dual-stack network called the Defense Research and
2 Engineering Network and we do get regularly lessons
3 learned from them and inputs into our standards work into
4 products assessment and where we need to go in the future.
5 But that is not a network that carries
6 operational traffic. And right now we have by policy no
7 IPv6 running on any networks that carry operations traffic
8 and that's because our business is mission critical.
9 And we need to solve the interoperability and be
10 assured we can solve the interoperability and security
11 problems associated with the transition before we're ready
12 to start to put it on operational networks.
13 Our plans are that that will occur over the next
14 year or so, start to see that happening, but again, we're
15 talking at the beginning probably the focus on the fixed-
16 space large networking infrastructure.
17 DR. SKALL: Can I just ask a followup? You
18 mentioned testing requirements. One of the things we're
19 very interested in at NIST, as I said before, we do a lot
20 of work in testing, conformance testing, and the generic
21 question is do we need more conformance testing procedures
22 in place?
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
120
1 Do we need more tests in place? Do you, in
2 looking at the testing requirements, feel that you have
3 that well in hand and what's the role of the development
4 of conformance tests and how does that relate to your
5 testing plan?
6 MS. KRAUS: Well, that's a good question. In
7 fact, that's one of the tasks we've given to the
8 transition office to go back and report back with some
9 recommendations early is how we plan on making sure,
10 verifying products meet what we call IPv6 capable
11 standards.
12 Right now, there are several options that need
13 to be looked at. We have, of course, the joint
14 interoperability and test command. Then certain cases
15 does certification for the Department of Defense of
16 certain standards, that they don't do it for things like
17 IPv4 but they will do it for some tactical data links to
18 make sure products conform to those standards.
19 So that's certainly an option. We're looking
20 very closely at the logo program as being an option and
21 we're also looking at perhaps things like an open group or
22 some other group that perhaps could do a logo type of
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
121
1 program or branding. Do we have all the testing we need?
2 No, obviously not.
3 We really see this as a multiyear program and
4 when I mean testing there's a whole variety of testing
5 from engineering testing and modeling and simulation that
6 needs to go on, and even basic things like some of these
7 transition mechanisms to make sure that they scale, to
8 make sure that we can do it in a secure way.
9 There's also product testing and that's what you
10 saw in Moonv6 the first beginnings of the interoperability
11 testing and sort of an idea of what kind of performance
12 but certainly not to any conformance type or performance
13 standards.
14 So that's going to have to be done and basically
15 we're going to have to start and our direction from our
16 senior leadership is we were going to implement a set of
17 pilots over the next three years.
18 Defense Research and Engineering Network is the
19 first one of those pilots. And as I said, as we move
20 along and implement in other controlled environments but
21 in this case operational environments, in some cases very
22 large environments. They have not been totally defined.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
122
1 Where we're going to do it there's going to have to be a
2 lot of testing done before then in terms of for those
3 particular networks or applications or systems to make
4 sure they meet our needs.
5 So if I can respond, I think there's a whole
6 range of testing that has to go on as with any new
7 technology that gets inserted in a major way. Department
8 of Defense Internet protocol is we're not only replacing
9 IPv4 eventually with IPv6 but we're also looking to bring
10 a lot of new users onto an IP network that previously were
11 not either attached to a network or either were attached
12 or translated through some other data link specific
13 engineered data links. So there's a whole lot of issues
14 associated with that.
15 There's also a lot of -- well, we use a lot of
16 COTS and we're certainly looking to COTS products out
17 there to solve the bulk of our needs.
18 There's a lot of long-term customized
19 development that goes on from our joint tactical radio
20 system to our transformational communications assets that
21 are going to have to be tested and engineered and tested
22 on an end-to-end basis and it really gets much beyond the
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
123
1 issues of IPv6, those things.
2 And of course, those systems are probably one of
3 the key drivers on why we made a decision in June of 2003
4 and not a decision today is those things were being
5 designed, developed and going to come online in the next
6 four or five years and we wanted to make sure that they
7 recognized that they were going to, in all likelihood,
8 have to operate and be prepared to operate in the IPv6
9 world.
10 ASSISTANT SECRETARY GALLAGHER: Other thoughts from other
11 panelists about the degree of use or deployment of IPv6
12 within the government, just to get an idea of our baseline
13 going in? Gene.
14 MR. SOKOLOWSKI: I'd like to give you a
15 quantifiable measure but I really can't. It's not part of
16 the GSA Federal Technology Services charter but
17 nonetheless I just want to offer from our standpoint we
18 serve as a facilitator between the customer agencies on
19 the one hand and our industry partners on the other.
20 And we do that effectively in three ways. We
21 consolidate the requirements across the government; we try
22 to leverage those requirements to not only get state-of-
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
124
1 the-art services but also at best possible prices; and
2 then we provide the contract vehicles, the mechanisms that
3 are flexible enough to allow, on the one hand, industry to
4 diffuse and deploy the emerging technologies and on the
5 other hand allow the customer agencies to procure those at
6 the best possible prices.
7 So we certainly support the diffusion of IPv6.
8 We currently have FTS 2001 is our principal contract right
9 now. IPv6 is available through our industry partners MCI
10 and Sprint. And then those contract vehicles will be
11 replaced. They'll terminate at the end of 2006. There
12 will be the successor contracts are the networks
13 acquisitions and that will have a ten-year life span. And
14 we also offer a number of IPv6 services under there.
15 So I think to summarize it GSA would follow
16 industry's lead. We certainly support the deployment of
17 IPv6 and again, to provide a quantifiable measure, I'm not
18 sure. I would defer to both Marilyn and Doug, I guess, on
19 the DHS side with their respective individual programs.
20 DR. MAUGHAN: Anything to add, Doug?
21 MR. MAUGHAN: I'm unaware of anything IPv6
22 operational in DHS at the moment.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
125
1 ASSISTANT SECRETARY GALLAGHER: Very good. Well,
2 that’s a quick answer. Then we're looking towards the
3 future. Preston, maybe you could share with us, you sit at
4 DARPA where it's your job to look around the corner, to look
5 over the hill, to see and be working on things that other
6 people can't quite imagine yet. Where do you see the IPv6
7 world and our evolution into it?
8 MR. MARSHALL: I think our focus is not so much
9 on the transition work but the exploitation work. I think
10 it's really hard to build a case that IPv6 is a plug-and-
11 play replacement for IPv4 is compelling.
12 If the argument is how do you exploit it and one
13 of the people who is not here, say, is Microsoft or Oracle
14 because the real question is when do they build something
15 that's IPv6 dependent? And up until now we really ask
16 people when are you going to build IPv6 operable. Not a
17 real big opportunity there.
18 So our interest is really assuming that IPv6
19 happens by policy which takes it off our plate, the same
20 plate that GOSSIP was on once. Those who can think back
21 that far. The other government-mandated protocol is
22 really thinking about not in a core infrastructure, the
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
126
1 core infrastructure, if that makes sense.
2 People have talked about IPv6 mobility. Think
3 about putting IPv6 in your cell phone for the moment. If
4 you got to Best Buy you can buy Vonage, a little voice
5 over IP and it costs you $50 to buy their package.
6 You read the back of it and you'll read the ugly
7 words it says it needs 200 kilobits of downlink-uplink
8 bandwith. It needs 80 kilobits just to run. That's
9 replacing a 5 kilobit-per-second phone. And that's just
10 with IPv4. So imagine IPv6.
11 So the thing we want out of IPv6 is wireless.
12 That's really the big value that everybody wants, the
13 Department with JTRS. And so a lot of our research is
14 focused towards the middle ground. We know the
15 infrastructure is going to be IPv6 because someone wrote a
16 letter. He's a Secretary and he can say so. But we now
17 need to know how do we make that work in things that are
18 battery-powered, that are limited life --
19 ASSISTANT SECRETARY GALLAGHER: Can you speak into
20 the microphone.
21 MR. MARSHALL: How do we make that work in
22 things that are battery-powered, your cell phone, your
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
127
1 IPv6 cell phone doesn't go from a 20-hour cell phone to a
2 two-hour cell phone.
3 And I think that's a large part of the chicken
4 or the egg for the philosophers. Does the network drive
5 your vision of the network application or the network
6 applications drive your vision of what the network should
7 be?
8 Right now, the IPv4 applications are really
9 driving our vision of what an IPv6 network could be. And
10 so we haven't really thought about how the thermometer at
11 home interacts with your office computer, the things that
12 are exposed.
13 And I'm not sure we, even in DARPA, have done
14 that. And I would invite anyone who's listening to come
15 and send us a proposal for something that stretches our
16 ideas there. But clearly, the peer-peer interaction
17 Internet, today you buy from someone, Vonage, even voice
18 over IP you buy from someone.
19 Well if everyone's got voice over IP why would I
20 buy it from anybody? I'd go right across the network to
21 them. So there's a lot of thinking that we're trying to
22 get to where we back out the assumptions of the hub spoke
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
128
1 v4 network then v6 becomes enabling and really becomes
2 attractive. And then we get our payoff.
3 In the meantime, my partner next to me here has
4 the job of slugging it out with all the vendors to make
5 that part of the infrastructure reality.
6 ASSISTANT SECRETARY GALLAGHER: Responses from panelists
7 panelists to what Preston had to say? Could we hear perhaps
8 from Microsoft?
9 MR. TANNER: There is one person -- there's two
10 people from Microsoft: myself and Bill Guidera (phonetic).
11 So yeah, we look at this as an opportunity and IPv6 is
12 just another protocol, TDMA, ZDMA, 3G, et cetera, et
13 cetera, that is going to allow a ubiquitous connected
14 environment.
15 We would like and we work very closely with DOD,
16 DHS, et cetera, et cetera, to look at the opportunities to
17 articulate the need for deployment of this technology to
18 enable these scenarios. And it's our belief that the
19 opportunity is going to occur from the edge device outside
20 and remove back into the core.
21 ASSISTANT SECRETARY GALLAGHER: Good. Any other
22 thoughts? Jim.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
129
1 MR. BOUND: I just want to make it clear that
2 there are operational benefits with IPv6 you simply do not
3 have with IPv4, mobility being one, stateless
4 autoconfiguration being another.
5 And I would argue a restoration of end-to-end
6 security which is very important to the DOD first
7 responders and wire the mass transit bid that is going
8 down right now in New York City where they know all about
9 what happens when you're not connected.
10 ASSISTANT SECRETARY GALLAGHER: I'd like to just
11 focus on one thing because Preston raised it. What is the
12 impact? The administration, we support voice over Internet
13 protocol. We're quite pleased with what we see developing
14 in the marketplace as a technical matter and also as a
15 competitive source for phone or voice service in the local
16 market.
17 Also as a driver of broadband because you can't
18 have VoIP without broadband. What's the impact of IPv6
19 and the evolution toward an on voice over Internet
20 protocol deployment, if any? Preston, you want to take a
21 shot since you started it?
22 MR. MARSHALL: It's a nice thing to blame me
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
130
1 for. Certainly IPv6 voice over IP we're looking for today
2 we're buying from Vonage, ATT, whatever. The logical
3 consequence of IPv6 is it's between me and him and I don't
4 need to pay anyone between us because I'm really paying
5 someone to go and connect to a telephone system to connect
6 back ultimately to another voice over IP.
7 Department, our voice over IP is a peer-peer
8 service. The ability of IPv6 to get us from behind our
9 NAT boxes, to pick up the earlier session, so we can all
10 take them and put them in the trash some happy day, the
11 ability to do that then makes voice over IP actually even
12 skip a step.
13 I can have, my children can call their friends
14 without buying a telephone line. They just call them up
15 on the Internet-enabled VoIP. So the opportunity to think
16 not of selling services but of the peer-peer interactions
17 which are imagination limited as much as anything is what
18 we're after.
19 The Department, JTRS and all, has made a
20 commitment to develop technologies that are peer oriented
21 rather than hub spoke. Wideband networking, Waveform
22 people can look on the web.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
131
1 But it's a peer-peer relationship, self-forming,
2 ad hoc, networks. That implies a totally different kind
3 of application and business model for the people
4 provisioning those kind of products, IPv6 very enabling to
5 it.
6 And it's not so much it doesn't offer benefit
7 because certainly the features in it we're after but it's
8 that critical energy to get people to replace something.
9 GOSSIP offered a lot of benefits but it never made it
10 enough over IPv4.
11 The other benefit I think is the extensibility,
12 the IPv4 Vint earlier today talked about well, I had to
13 make a decision between 64-bit, 32-bit address and 256.
14 Well, that's a horrible decision to make because there's
15 no right decision.
16 So the fact that it's an extensible set of
17 frameworks maybe means we don't have to sit to pick "the"
18 framework and make everyone match it. We have an ability
19 for people to tune and tailor it so it can be lightweight
20 for cellular devices, heavyweight for the infrastructure
21 and in between. More secure for some people.
22 So it's the extensibility rather than the fixed
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
132
1 design. Maybe ten or 15 years from now the people will
2 look back and say that was really what was enabling.
3 ASSISTANT SECRETARY GALLAGHER: Other thoughts on the VoIP
4 question? Rick?
5 DR. SUMMERHILL: Yeah. I might just comment we
6 run what we call an IPv4/IPv6 backbone for the
7 universities. It's national in scope and our bearer
8 surface, what we consider really important, is IP. And
9 that doesn't mean IPv4 or IPv6. It means IP and both of
10 those protocols run perfectly well together.
11 We're very focused on performance and we see
12 very little differences in performance between v4 and v6.
13 And I think the critical benefit for us is going back to
14 this model of being an end-to-end protocol.
15 It's not that you can't do it with NATs. You
16 can do it with NATs. You can do anything with software if
17 you write it the correct way. It's just that v6 allows
18 you to keep this very simple. And that we see as a real
19 benefit in our arena. It's probably not the end-all of
20 protocols but there are significant advantages.
21 ASSISTANT SECRETARY GALLAGHER: Jim.
22 MR. BOUND: Also just to make a point that voice
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
133
1 over IP, the predominant current model is really IP
2 telephony which is not voice over IP, okay, and that's
3 coming through a switch and gateways.
4 Realize that the session initiation protocol,
5 which I believe is the answer to voice over IP for the
6 Internet, does require knowledge of other nodes. Okay?
7 And to be able to see other nodes assumes you can see the
8 addresses.
9 So if they're behind a NAT you can't see them.
10 But also, products that support the session initiation
11 protocol, if you go to the voice over, the Jeff Pulver
12 voice-over-network events, that all has to be ported.
13 So we're back again to applications for voice
14 over IP for IPv6 too. So again, you're talking
15 applications. There's layers above IPv6 that are involved
16 with making voice over IP work.
17 MR. MARSHALL: I think the quickest way to
18 understand the benefits of IPv6 for voice over IP is to go
19 to the web site one of the IP, voice over IP providers and
20 look at how you have to set up your home firewall to put
21 it in a demilitarized zone which is really not something
22 that most people think of in their home.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
134
1 Put it in the demilitarized zone, forward all
2 these ports, TCP, UDP, eight years of college, you can
3 probably do it.
4 But clearly, the concept of NATs and the way we
5 deploy the Internet to people's homes there's just a
6 technological limit to the people who can exploit it and
7 tell you that this end-to-end connectivity paradigm's
8 back.
9 We had it once and then we lost it and we hid
10 ourselves in the gated communities behind NATs. And until
11 that comes back we've really got to question how
12 approachable a lot of these technologies really are.
13 ASSISTANT SECRETARY GALLAGHER: Now, thoughts from
14 Ted and then from Rick from the outside of the government
15 perspective. We've heard government talking quite a bit
16 here at the beginning. Love to get your reaction to
17 either what you heard so far or specifically this
18 question.
19 MR. WHITE: Well, thanks, Mike. It's a
20 fascinating discussion. It sounds to me like there's lots
21 of great thinking going on on this issue at the government
22 level. I think that the issue you're posing here at this
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
135
1 session today is the one that really we have to face for
2 every time the government deals with some kind of
3 technology it's what's the approach that the government
4 should take in technology policy.
5 Frankly, I think it's a question that most
6 people who have thought about it a lot have kind of
7 figured out a few principles. You know, we recognize that
8 in technology it's tough for the government to stay ahead
9 of the curve in terms of implementing things or predicting
10 what's going to happen in the future.
11 ASSISTANT SECRETARY GALLAGHER: Except for Preston.
12 MR. MARSHALL: Government is still ahead in
13 GOSSIP. No one has caught up to us. (Laughter.)
14 MR. WHITE: And I won't bore you on the story I
15 used to tell where there's lots of examples where other
16 governments, not necessarily ours, that kind of locked in
17 on a particular technology only to find out that that's
18 the technology of the past, not the technology of the
19 future.
20 So in this case and Mike and I were talking
21 earlier about how bumper stickers are the effective way to
22 do things in Washington. So if I had any advice to give
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
136
1 you on this question I would say there are basically four
2 things the government should consider doing to kind of
3 promote this.
4 One is to facilitate research and fund research.
5 Maybe we're a little bit beyond that in the IPv6 area.
6 Maybe you don't need much research anymore but research is
7 one thing the government can do and do well and can do in
8 a helpful way in technology.
9 The other one is what Marilyn was talking about
10 is to use the technology, be an early user of the
11 technology. Help people kind of figure out where it's
12 going, how it can be used, what the applications are, what
13 some of the problems may be.
14 Another one we haven't talked about but I think
15 is absolutely critical is to defend the technology
16 internationally. You know, there's lots of -- we were
17 just talking about that earlier. There are lots of
18 challenges.
19 There are lots of countries and organizations in
20 the world that don't share some of the principles that we
21 share that have made the Internet so effective in terms of
22 making it open and available to everybody.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
137
1 And then possibly you could also encourage it.
2 I mean, sometimes, if you encourage things you can
3 encourage things in the wrong way. But I think
4 encouraging people to develop this kind of technology is
5 probably another thing.
6 Now, I -- this is probably a bad thing to do but
7 to make sure it's a bumper sticker you could make this
8 into an acronym which would be RUDE. Research it, use it,
9 defend it and encourage it. And that's probably where I
10 come down.
11 ASSISTANT SECRETARY GALLAGHER: Thank you, Rick.
12 That was very well done. Ted, that's a tough act to follow
13 but it's up to you.
14 MR. TANNER: I will not add another acronym, I
15 promise you. One aspect of IP Everywhere being the
16 foundational bedrock of what we're all discussing here is
17 the broadband, the aspects of broadband deployment.
18 Before we get to IPv6, before we get to killer
19 applications like voice over IP, we need to have a
20 strategy going forward for full-on broadband deployment.
21 Sometime I think it's like we're trying to make
22 bread without water. We're looking at this protocol and
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
138
1 saying okay, what is it going to do, how is it going to do
2 it, etcetera, etcetera.
3 And then we look at some of the numbers based on
4 the U.S. economy for broadband adoption. So we,
5 Microsoft, we already have a dual-stack approach and we
6 are looking, as I said earlier, to articulation of the
7 requirements from the government and assist all the other
8 IT companies in proper education so everybody doesn't have
9 to turn into a home administrator.
10 I thought that was a great point that Dr. Liao
11 made earlier. I'm the local home administrator in my
12 neighborhood.
13 ASSISTANT SECRETARY GALLAGHER: Well, just to -- we
14 share that in common. I mentioned this at the Kids.us Forum
15 a couple of weeks ago that we had here but we're talking
16 about kids using the Internet and my son came to me and
17 asked me, he says, Dad, who's the systems administrator,
18 because clearly he was seeking to go someplace he wasn't
19 supposed to go.
20 But these tools are very useful on the one hand.
21 Those are important. On the other hand, doing the things
22 that Preston talked about to get your VoIP phone to work,
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
139
1 those are the obstacles that go with being that type of
2 administrator, that type of role. Other thoughts reacting
3 to Rick's and Ted's thoughts and then I think Rick gave us
4 a few things that we can pursue for a few minutes.
5 DR. MAUGHAN: I'd just like to comment on his
6 first point of his RUDE acronym, which is the R&D. I
7 think the first session pointed out a number of things
8 that still remain to be done in the R&D space in
9 particular the end-to-end security model.
10 We don't even have IPsec working in an IPv4
11 environment and I think we're kidding ourselves if we
12 think we're going to just drop IPv6 in and IPsec is going
13 to work magically from the start. We don't have any tests
14 of any kind to prove that.
15 The second one I think is the interoperability
16 testing which is both a national problem and a global
17 problem that I think we from the government should think
18 about in the R&D space, which comes back to the question
19 earlier about what is the testing plan? What is the
20 conformance to standards, et cetera?
21 And I believe the R part of your acronym is
22 something that we, the government, need to figure out
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
140
1 exactly what we should do and who should do it and
2 somebody needs to go to Capitol Hill and get more funding
3 to do that.
4 MR. BOUND: I'll explain.
5 ASSISTANT SECRETARY GALLAGHER: Jim.
6 MR. BOUND: I think what my esteemed colleague,
7 Doug, just said is valid but I'd like to raise some
8 caution here going back to GOSSIP. We did all that with
9 GOSSIP and look what happened. That was a bad protocol of
10 course.
11 DR. MAUGHAN: That was because it was mandated.
12 MR. BOUND: I agree with that, too. But the
13 point is the IPv6 Forum we just met with the Elkin Group
14 last week down in Boston. We have a logo program that
15 covers the course spec, IPsec, mobile IPv6 and transition
16 mechanisms which have been adopted.
17 We also run Moonv6. The North American Task in
18 collaboration of United 2, Department of Defense and
19 various universities. So I would argue that industry has
20 already started this process.
21 I would hope from as Chairman of the North
22 American Task Force that the government would work with
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
141
1 us, specifically NIST. And I've worked with people in
2 NIST back on POSICS 1003.
3 You have to be careful when you say you want
4 conformance. Okay. What do you mean? Do you mean
5 conformance or do you mean compliance? These are -- so I
6 don't want to see IPv6 slowed down because we all wait for
7 a conformance mecca either.
8 DR. MAUGHAN: Let me just clarify one comment
9 that I probably should have said instead of R&D funding
10 just D funding. I believe there's very little research
11 left in the IPv6 world.
12 What I think we don't know are the development
13 spiderwebs in there of taking and working with industry to
14 deploy it. It's the 80/20 or the 90/10 solution. We've
15 spent 90 percent of our time and now we just need to
16 finish the last 10 percent and that's really where I think
17 the hard problems still lie.
18 ASSISTANT SECRETARY GALLAGHER: We're changing Rick's
19 acronym from RUDE to DUDE. So could you -- did you want
20 to respond to that, Rick?
21 MR. WHITE: I would just say, and I think I
22 agree with Jim on this, RUDE's good. DUDE's a little more
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
142
1 of a question in my mind, I think, because the development
2 part of things usually does tend to be something that at
3 least needs to be shared with the private sector.
4 That's really an area where I think it's better
5 to have 100,000 different groups working on a hundred
6 thousand different solutions than one person trying to
7 direct things in the right way.
8 So there's a little bit of gray area between
9 research and development but I think where the government
10 can make the most contribution usually is on the research
11 side.
12 ASSISTANT SECRETARY GALLAGHER: Mark had something
13 to add. Hopefully, it's not to make it LUDE.
14 DR. SKALL: I'm too old to say dude, I think, so
15 I need a fourth word. With respect to conformance, what I
16 was really getting at was not compliance or certification
17 or issuing logos, just the need to have tests in place
18 where one can determine conformancy.
19 And at NIST we do that in many, many different
20 ways. In many arenas, for instance, we have a
21 comprehensive set of XML tests which are used voluntarily
22 yet every vendor uses those tests because it's free
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
143
1 resources to find out whether in fact that products
2 conform.
3 That's a separate issue than compliance
4 certification, branding. The two can be discussed
5 separately and I think they're both important issues.
6 But I think right now our emphasis is to make
7 sure that everyone who needs it has the testing, the
8 technical tests in place to make this determination. And
9 then later we can look at the policy issue.
10 Now, of course, there are funding issues about
11 how to produce those tests. But that's the thing we do
12 and that's the thing that I'd like to find out, what's the
13 plan for doing that in this particular scenario.
14 MR. SOKOLOWSKI: If I could pick up on Rick's
15 acronym on the E part, I don't know if you want to call it
16 RUDE-E but on the encouragement side, from the GSA
17 standpoint what we're looking at is we want to encourage
18 the agencies to adopt it, of course.
19 And one of the incentives or I don't know if I
20 should call it an incentive, but certainly, one of the
21 approaches that we would offer is that we want to help the
22 agencies transition. For those agencies that need
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
144
1 assistance in transitioning from v4 to v6 we would make
2 that available with our flexible contract vehicles.
3 ASSISTANT SECRETARY GALLAGHER: Thanks, Gene. Doug.
4 DR. MAUGHAN: So given that I started the
5 discussion on Rick's RUDE I'd like to go to your U and to
6 the use and I completely agree with you. I think the
7 government needs to be seen as an early adopter and a
8 consumer.
9 I think the Department of Defense did the right
10 thing in at least putting a stake in the ground for the
11 vendors to say, okay, there's a market here. I believe
12 it's in -- this is Doug Maughan personal opinion -- that I
13 think all the rest of the government should take a look at
14 that and consider doing something similar that will only
15 continue to force the vendors to get something ready
16 sooner and push us that way more quickly than just one
17 department.
18 I don't think we should mandate it like GOSSIP.
19 That was a complete mistake. I think we've learned our
20 lesson. But telling the vendors you need to have
21 technology available by such and such time frame so that
22 our users can turn it on when they need to will only help
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
145
1 us get it there sooner and push the vendor community and
2 let them know there is a market to be used.
3 ASSISTANT SECRETARY GALLAGHER: Ted, you've been on the
4 receiving end of those types of requests from government
5 and from your customers no doubt, your private sector
6 customers. What's your general reaction to Doug's point?
7 MR. TANNER: It comes in the form of checks and
8 balances. We adopt a plan of coexistence and migration.
9 This is not something that can happen overnight. Market
10 factors will drive the adoption of the technology. As we
11 have seen, Japan and China are doing some amazing things
12 to enable the deployment.
13 Something that does concern us is the balances
14 of national security business social construct and privacy
15 as we are very cognizant of the security and privacy
16 checks and balances. That is a very complex issue and one
17 that we are working on.
18 It's just like spam. We're interested in
19 spectrum allocation from the DTV standpoint. So this
20 issue of how we are dealing with the market adoption while
21 at the same point having the market adopt.
22 DR. MAUGHAN: And I think the fact that DoD in
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
146
1 2003 said 2008, five years, hopefully that's enough of a
2 lead time to be able to think about and address some of
3 those issues so that when they want it, it's ready.
4 MR. TANNER: Right. And I believe that
5 articulation of the needs of broadband and IPv6 will at
6 the same time enable that party's stake in the ground to
7 be good.
8 ASSISTANT SECRETARY GALLAGHER: Just shifting the
9 discussion for a second, to something that the previous
10 panel touched on but here we have more of a government
11 presence, security. And Ted, it's a directive that Bill
12 Gates has repeated several times to the public and to your
13 company about secure computing.
14 What is the judgment of the folks at the table,
15 the views of the folks at the table, on the security value
16 of a transition to IPv6? Does it make us more vulnerable
17 in the short run but it's more valuable in the long run to
18 get there? Is this something we can accomplish within
19 version 4? What's the general view of our security needs
20 not two years from now but perhaps five years or ten years
21 from now? Marilyn.
22 MS. KRAUS: Yes. From a DoD perspective from
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
147
1 our senior leadership there's a clear belief that in the
2 long-term IPv6 will be good for the Department of Defense
3 in terms of end-to-end security. And that's where we're
4 really going. It's a huge step from where we are today
5 and we recognize it's not going to be accomplished in the
6 next two years.
7 Now, we also recognize and that's why we are not
8 allowing IPv6 today on networks that carry operational
9 traffic although we see this as a very short-term
10 prohibition.
11 In fact, hopefully in the next six months to a
12 year that will be lifted because we will be assured that
13 we understand better how to configure things in a dual
14 stack to make sure that we don't create worse security
15 problems than we have today with IPv4 networks and that
16 the products are out there.
17 A year ago there was literally, I believe, no
18 firewall products out there that did anything as far as
19 IPv6. Maybe there was some freeware out there. Today
20 things have gotten better. We still don't have, I don't
21 believe, tested and certified at least in the DOD sense
22 firewall products but at least there are some products out
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
148
1 there. We still don't have intrusion detection products
2 as far as I know with IPv6.
3 Until those issues can be resolved, until we
4 have guidance to give out to our components on what are
5 the configurations that are acceptable, what are the
6 transition mechanisms that are acceptable from a security
7 viewpoint, that prohibition won't be lifted.
8 But I think we feel comfortable and I've talked
9 to a lot of people in this Department that have been
10 working on security aspects that we can do it. It's not
11 an insurmountable problem. Transition and running both
12 IPv4 and v6 whether tunnel stacks, et cetera, can be done
13 in a way that certainly minimizes any additional security
14 risk but it's something that has to be well thought out
15 and planned. So hopefully as I said, next year or so,
16 we'll start to see some actual implementations.
17 Long-term, we believe firmly it will be good.
18 There's a lot of issues to be solved. There's no
19 question. And you talked about research and development
20 certainly in the security area and all the related things
21 like key management are things that we strongly are
22 looking at.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
149
1 ASSISTANT SECRETARY GALLAGHER: Preston.
2 MR. MARSHALL: Yeah. There's a different take
3 on security, and I think that's to argue that the enabling
4 condition to really IPv6 make it happen is, in fact,
5 security issues as much as anything.
6 The benefit of IPv6 is the end-to-end
7 addressability. It's got some good technical advantages
8 to network managers but those don't sell systems. They
9 sell systems because we can get incredibly new behavior
10 and capabilities.
11 The earlier panel, I think, focused on poor Dr.
12 Francis's NAT box but in the discussion over here about
13 how we'll do v6 and we can get firewall, all that is
14 making v6 look like v4, and so if you really want to argue
15 v6 is enabling to new kinds of applications, new kinds of
16 devices, new kinds of interactions then you've got to
17 create a security model that's not firewall based, that's
18 not NAT based.
19 There's no point throwing my NAT out and still
20 having a firewall in front that blocks every port except
21 port 80. And so you have to in order to really use v6 to
22 create fundamentally different kinds of computer networks,
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
150
1 have faith in a peer-peer end-to-end security model that
2 goes way beyond just IPsec and better firewalls and all.
3 And so in the research area, and normally Doug
4 and I used to fight I/A stuff and wireless stuff and
5 compete dramatically for resources when we used to work
6 together.
7 But nevertheless, the thing that may limit the
8 network's real attractiveness is no one's got this
9 incredible trust that let's something, that any enterprise
10 is going to take its whole firewall and put it in the
11 dumpster. Or even at home.
12 All it takes if you're at home is look at the
13 number of port scans that occur over a weekend where the
14 people who are knocking on each of your windows checking
15 to see if they're locked. It's truly scary.
16 So until there's a metaphor that replaces that
17 with that same confidence you really don't unlock IPv6.
18 If you don't unlock it it becomes a GOSSIP. Technically
19 better, all that, but there's not that compelling reason
20 for Microsoft to believe it can get money up by creating a
21 product that only works in IPv6.
22 So I think the security is not 'have' to catch
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
151
1 up to 4. To be really meaningful, 6's security has to go
2 leave the firewall-to-firewall and truly reach that end-
3 to-end Blackberry, cell phone, true destination or you
4 really have just created IPv4 with a really big address.
5 ASSISTANT SECRETARY GALLAGHER: Doug.
6 DR. MAUGHAN: Yeah. So, in answer to your
7 question, I think in the long run v4 and the v4 security
8 is not going to get us there. So even if we said let's
9 not do IPv6 eventually we'll do IPv4 and it will all work.
10 And I think that's not the answer. Are we
11 vulnerable in transition? I don't think we know all the
12 answers there. And in fact maybe that's where we go back
13 and do a little research but I don't think we have the
14 story about that.
15 In the long-term, yeah, I completely agree with
16 what other -- well, I don't know. Can I say this? Can I
17 say I completely agree with what Preston said?
18 DR. MAUGHAN: Holy cow. Please take that off
19 the record.
20 ASSISTANT SECRETARY GALLAGHER: It's been converted to IP.
21 DR. MAUGHAN: Yeah, it's been converted to IP.
22 MR. MARSHALL: It's Six. No one can read it.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
152
1 DR. MAUGHAN: That is the long-term vision,
2 right? That we get to the end-to-end model and we have
3 enough confidence in the security that I can get away from
4 some of the perimeter defense mechanisms that we're used
5 to. I can be assured that my communication between
6 Preston and I, no matter where we are in the world, is
7 secure.
8 There's proper identity management. There's all
9 of the key management and the infrastructure just works.
10 It's going to take a long time to get there but that is
11 the vision, and I think the end game will make all of us
12 much more secure than we currently are in the, what I
13 call, IPv4 IPsec islands of today which is how we live.
14 ASSISTANT SECRETARY GALLAGHER: Jim and then we'll flip to
15 this side of the table, get their views on security.
16 MR. BOUND: Just a request is, just as a
17 request, one of the missing ingredients for IPsec v6 which
18 is absolutely a benefit because the permutation matrix of
19 secure credentials is far greater than the soft, chewy
20 center of a firewall.
21 But the government's supporting application
22 research for funding in universities for PKI
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
153
1 identification, is this something that I would love to say
2 that the firewall vendors and the PKI vendors are doing
3 but right now I see no ports in IPv6 whatsoever.
4 So maybe other government could help by
5 supporting University of Michigan and University New
6 Hampshire to go off and do some of the applications
7 development that Doug was speaking about.
8 ASSISTANT SECRETARY GALLAGHER: Over here on this side of
9 the table thoughts about security and the role of IPv6 and
10 what the governmental role would be perhaps in directing
11 that.
12 DR. SUMMERHILL: I'm not sure about the
13 government role but just from an implementation point of
14 view we see some problems at this point but we believe
15 that they will be eventually resolved. It's difficult for
16 us, for example, to look at what happens on a backbone
17 right now in the v6 world to identify attacks and things
18 like that.
19 We think that will get fixed. Those are
20 basically implementation problems that vendors have. But
21 they are going to be there for the next year or two so we
22 have to deal with them.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
154
1 ASSISTANT SECRETARY GALLAGHER: Ted.
2 MR. TANNER: Since you did start this off with
3 my boss, we do have a process called Trustworthy Computing
4 Initiatives. It's a process where we do have a complete
5 end-to-end infrastructure for secure computing and that
6 includes IPv4 retrofitting if needed at all and starting
7 with IPv6 from a foundational bedrock. That would be one
8 core advantage to moving forward and working with the
9 various factions within the government.
10 Another aspect is that I see as a very robust
11 and fruitful conversation is the fact that we have layer 3
12 0SI EDP-enabled IPsec block, okay, so about the public
13 key. Well, what type of cryptographic techniques are we
14 going to enable, you know, RFC 3041, et cetera, et cetera?
15 That will be a very wise discussion for all of us to have,
16 those methodologies that will enable the next click on the
17 dial, so to speak, for IPv6.
18 ASSISTANT SECRETARY GALLAGHER: Just before we pass it
19 down to Rick, where's the best place for those discussions
20 to happen? It's probably not --
21 MR. TANNER: Well, IETF.
22 ASSISTANT SECRETARY GALLAGHER: IETF is the forum for
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
155
1 that.
2 MR. BOUND: I think you have to be careful, Ted,
3 that to build the standard the implementation is off the
4 IETF. They don't do deployment stuff.
5 MR. TANNER: Well, we have to start at a spec
6 somewhere.
7 MR. BOUND: Yeah.
8 MR. TANNER: Well, we have to start where straw
9 man spec comes somewhere and we do support the IETF.
10 ASSISTANT SECRETARY GALLAGHER: So the center of gravity
11 is around IETF is the first place to start?
12 MR. TANNER: It seems to me that's where inertia
13 is happening.
14 ASSISTANT SECRETARY GALLAGHER: Rick, any security
15 thoughts?
16 MR. WHITE: I don't really have a whole lot to
17 add. I think in our view is that you're going to be able
18 to do a lot more with IPv6. You'll be able to do a lot
19 more on the security area and in general that's a good
20 thing.
21 But I think it's still a little early to know
22 exactly what it is we are going to be able to do and again
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
156
1 I think this is a case where you want to let a thousand
2 flowers bloom rather than trying to build one big tree.
3 ASSISTANT SECRETARY GALLAGHER: Preston.
4 MR. MARSHALL: IETF is the place to go when you
5 know what you want to do. It's a horrible place to decide
6 what to do when there's a thousand choices. They don't
7 deal with a thousand choices well. They do well with a
8 proposal.
9 And so if your fundamental question is that
10 you've got a security model that is enterprise-to-
11 enterprise today and you want to make the leap to a
12 security model that is end-to-end, device-to-device then
13 that's something you've got to do.
14 It is a thousand flowers. It's lots of seeding,
15 lots of people, very hard to get to the kind of focus
16 where you can go to the IETF and say this is it.
17 Because we really don't even have a paradigm. I
18 tried to get something going at DARPA and I couldn't even
19 get it to the DARPA quality. We're going to have to face
20 it because we want mobile networks. Our wideband
21 networking wavforms and MINET network. Well, the MINET
22 network has no inside. It's just folded on itself. If
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
157
1 you have no inside, you can't do perimeter protection
2 because there's no perimeter.
3 So we are going to come face-to-face with that
4 whether in the IPv6 world or in the MINET world. But the
5 general framework, what replaces it and model of the
6 Internet that is enterprise-to-enterprise and device-to-
7 device seems like the fundamental transition you have to
8 make in order to make the IPv6 protocol truly accessible.
9 Other than that, you've thrown the NAT box out
10 which was made a lot of by the earlier panel but you've
11 still got the firewall there. The architecture looks the
12 same. The line drawing looks the same and the interaction
13 among the nodes is the same.
14 ASSISTANT SECRETARY GALLAGHER: Turning to another subject
15 because it's one that we deal with here quite a bit that -
16 - well, go ahead, Ted. Sure.
17 MR. TANNER: If I'm hearing everyone correctly
18 it seems like we're also discussing threat models and risk
19 assessments for security models. Is that a correct
20 assessment?
21 ASSISTANT SECRETARY GALLAGHER: Jim's nodding his head
22 yes.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
158
1 MR. BOUND: I agree with that.
2 MR. TANNER: Okay. Then I'm not really sure at
3 this time. That needs to have a larger area of discourse
4 then because that's a different idea than just generating
5 a specification for a security protocol.
6 ASSISTANT SECRETARY GALLAGHER: Why don't you unpack that
7 a little bit for us so maybe we can talk about that a
8 little here and there, because we have some time to do
9 that? And then we can move to a couple of other topics
10 and take questions from the floor. But this is one that
11 there's a difference of opinion about risk assessment
12 versus a standard. Let's talk about that.
13 MR. TANNER: Okay. I believe one thing is that
14 if you have some sort of, you know the problem area you're
15 going to define, we'll say, in two sentences then you can
16 take it to an organization and it's going to write a
17 specification.
18 If we need to have a discourse on what we think
19 the threat model and security models are then we have to
20 spread it out. We have to go out in concentric circles to
21 different factions.
22 MR. BOUND: For example, I could have in an end-
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
159
1 to-end model I could use AES when I'm talking to Mike. I
2 could use a triple DES with 1004-bit keys when I'm talking
3 to Ted. Okay. But in the IETF has, by the way, done
4 those two very well. And every protocol they do now it
5 requires security considerations, DNS SEC, IPsec to get
6 your list.
7 And they say here's what we believe the priority
8 is. What isn't part of that as Ted is saying is what is
9 the analysis about the threat? Were does this apply?
10 Does this apply in the airport? Does this apply in the
11 schoolroom? Does this apply at the Democratic National
12 Convention as you walk through the gate and they scan you?
13 I mean, where does the threat apply and what are
14 the scenarios? That is, I agree with Ted, a much larger
15 discourse and set of people.
16 ASSISTANT SECRETARY GALLAGHER: Preston, thoughts on that?
17 MR. MARSHALL: Well, yeah. I mean, God forbid a
18 wireless guy may put security in the agenda but --
19 DR. MAUGHAN: We've made you a security guy.
20 MR. MARSHALL: That's not a compliment. If you
21 follow the chain of logic and I'll do chain of logic that
22 IPv6 is the way to get rid of the NAT and getting rid of
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
160
1 the NAT's important, if that's your argument.
2 If it's connecting thermometers in my house, I
3 can hide behind a NAT. If it's connecting the
4 thermometers in my house to a guy who does my HVAC then I
5 need IPv6 but then I also need to be willing to open my
6 house up and so it's a fundamentally different model.
7 Today, I'm pretty comfortable; I put my little
8 $40 NAT and firewall and therefore I get no benefits to 6.
9 If you want to sell me 6 at home so I want to say to my
10 cable guy, I want v6 not v4 then you've got to also say to
11 me I'm willing to expose my whole house.
12 And that means making the thermostat immune to
13 being spoofed, jammed, someone not pretending my house is
14 a hundred degrees so I get a service call. All of those
15 issues come in.
16 Again, I think it is a different security model
17 but that's really the security model that's enabling the
18 porting to really giving consumer value and enterprise
19 value to 6. We're having to deal with it in DoD in some
20 areas but I think it's a much broader problem. It's not
21 enterprises protecting enterprises, which is really what
22 we've done and done pretty well.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
161
1 ASSISTANT SECRETARY GALLAGHER: Mark.
2 DR. SKALL: So responding to the last two
3 comments, especially Jim, when you're talking about
4 different applications, the airport, that's what I would
5 call sort of use case scenarios and we develop them when
6 I'm involved with various standards committees in W3C and
7 things like that.
8 So I guess my question is I still don't see if
9 they're not going to be developed in the IETF who's going
10 to do this? How are we going to coordinate all the
11 different use cases and make sure we have all the
12 potential applications so we can design the security
13 correctly. Is it just to be done ad hoc? Or is someone
14 going to coordinate it?
15 MR. BOUND: I believe it should be coordinated.
16 It's not now. I'll give you another example that the
17 North American Task Force and I think would be very
18 appropriate for the DoC to look at is we're now talking to
19 the financial community -- because there's eyes on the
20 record I'm not going to mention their name -- but there's
21 a whole set of e-security, e-infrastructure that has
22 nothing to do with first responders, DoD, police
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
162
1 departments, whatever, that are by definition it's a use
2 case.
3 And some of the people I've been able to share
4 that with from this particular financial community, and
5 they've clearly articulated use cases for banking
6 transactions. And I think we need to assemble those in
7 some form and get all those use cases just like I also
8 work with network-centered operation consortias and we
9 have to build use cases for that scenario.
10 We need to do the same thing for security and
11 across, I guess, using a business term, horizontal market.
12 You've got to have use cases for a horizontal market.
13 DR. SKALL: We still need someone to coordinate
14 us.
15 MR. BOUND: Yes, we do. You certainly could get
16 people to volunteer.
17 DR. MAUGHAN: But there are other organizations
18 like the IPv6 forum both in the U.S. and internationally
19 that are probably the right places to work together to do
20 these deployment scenario types of activities much better
21 than a place like the IETF.
22 MR. BOUND: Correct.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
163
1 ASSISTANT SECRETARY GALLAGHER: I'll just send a signal to
2 the panelists before we move to the next subject is that
3 we'll be concluding our panel with your thoughts on what
4 guidance you would give the government as it's looking at
5 its role in deployment of IPv6?
6 Some of us are in the government so obviously
7 this is a great pitch. And you do not need to form it in
8 the letters of a four-letter acronym like Rick did but if
9 you are able to do that, you get the bonus points for
10 that.
11 Now, moving to another subject and we were
12 talking about this a little bit in the back of the room
13 before we got started is the international implications of
14 IPv6 and the U.S. adoption of it. It seems to me we have
15 several different tangents we can talk about on this.
16 One is the standard setting itself. We have a
17 number of conflicts that have come up between the United
18 States and China in the wireless space. When you look at
19 3G standards, WAPI as a standard issue, looking at DVD
20 standards and that discussion is going on.
21 Advice so that we can avoid those types of
22 problems here and that we do not make the adoption of IPv6
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
164
1 a trade barrier or a trade issue is one thing to look at.
2 And maybe we start with that and see where that goes in
3 the international arena.
4 And if there are other international concerns
5 perhaps this would be a good time for us to share those.
6 So whoever would like to go first with the international
7 focus or I'll just pick somebody.
8 MR. BOUND: I'll start with Moonv6. Moonv6 is,
9 very briefly for those who don't know, there's a web page
10 you can get from it is really a network of peering, of
11 sites that agree to peer with each other and then you
12 agree to forward packets to that other peer and it has to
13 be native. And then you have to secure your site and
14 don't play if you can't. It's true laissez-faire survival
15 of the fittest.
16 But the point is is that Moonv6 is going to be
17 an international peering network. We at the North
18 American Task Force have signed a memorandum of
19 understanding with a Beijing Internet Institute. We are
20 going to sign a memorandum of understanding with the
21 French Task Force. We're going to do -- so I really think
22 it's important that we understand that that is going to
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
165
1 happen and what are limitations to doing that?
2 There's already been some discussion which was
3 really more a verification than a problem but the point is
4 is that that's the only way we see the international
5 interoperability working.
6 Now, I realize that's testing and then we need
7 to test at some point security. How do we do that? Now,
8 we know we can do 40-bit, whatever, and no one cares. We
9 start doing anything more than that then people start to
10 care.
11 So I would say one thing that would be very,
12 very useful is for the government to maybe help with some
13 guidelines, what you believe is legitimate and what you
14 need done as far as from private industry where we have
15 access to the international community, and we do in a
16 sense, and most of them are coming through Internet2 over
17 at Avilene so maybe Rick wants to add something.
18 DR. SUMMERHILL: I could comment a little bit on
19 that. Internet2 has memorandums of understanding with
20 many of the research and education networks around the
21 world. And that roughly includes perhaps 70 research
22 networks across the world. And half of those networks we
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
166
1 now peer with IPv6.
2 And there has been some discussion in the
3 research community about setting up various networks that
4 are v6 only which makes it very interesting for those of
5 us to get to them for a variety of technical reasons for
6 example, DNS. But we see considerable interest in the
7 research and education community on the international
8 front to make this happen.
9 ASSISTANT SECRETARY GALLAGHER: So internationally you see
10 research and education as a catalyst to drive us along?
11 DR. SUMMERHILL: Yes, yes. And again, much of
12 that goes back to the ability to do high-performance
13 applications.
14 ASSISTANT SECRETARY GALLAGHER: Ted, Microsoft is, I
15 think, gaining or has grown to the point where more of its
16 revenue comes from outside the United States than comes
17 from inside. And you certainly had your fair share of
18 these types of standards issues that you've come and
19 talked to us about. What are you thoughts about
20 international standards and IPv6?
21 MR. TANNER: Well, first, to the first comment,
22 I'm not the CFO so I don't know about revenue inside or
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
167
1 outside. I think as far as the level currently of
2 national security, is the reason we're working very
3 closely with DoD and DHS.
4 That's first and foremost in some cases. And
5 then we have research facilities in Beijing. It is very
6 interesting that, as I said earlier, the Japan and Pacific
7 Rim countries and China are enabling the research and
8 development RUDE and DUDE applications of this technology
9 and it is taking a different spin than we have seen in
10 other areas such as DVD and such as wireless.
11 So I believe that just as Rick said that the
12 education aspects and the research aspects within the
13 universities are going to be some of the main catalysts
14 for the functionality.
15 ASSISTANT SECRETARY GALLAGHER: Rick, did you have
16 anything to add at the end?
17 MR. WHITE: Well, actually, more of a question
18 to others whether they see a competitive disadvantage if
19 we don't take some organized action. Our sense is that
20 this is in some ways more of a matter of faith than
21 anything else, that if you don't get too focused on it too
22 early you can take advantage of later opportunities.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
168
1 But I know there are some countries that are
2 very focused on this. And I would be interested in
3 people's perspective on whether that's a threat. I guess
4 we don't see it right now but others may.
5 ASSISTANT SECRETARY GALLAGHER: It's addressed in the
6 report as the first mover issue. Anybody have any
7 thoughts on that? Doug.
8 DR. MAUGHAN: I think there's certainly some
9 traps along the way if you are the first adopter. But I
10 look back at 30 years ago we the U.S. started the whole
11 Internet thing in the first place. Maybe we, I think it's
12 very much a policy decision by people with a much higher
13 pay grade than mine but I can probably use an old farm
14 phrase about something to do with sitting or not but I
15 won't.
16 But we as a policy decision either need to
17 decide to get on with it and be the lead instead of
18 sitting back and letting it go as it's been going and we
19 do one or the other because there are places outside the
20 U.S. that they are putting new things together because of
21 it. And the longer we wait and sit on our thumb I think
22 the larger disadvantage we actually have.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
169
1 ASSISTANT SECRETARY GALLAGHER: Does it have to do with
2 the sitting thing?
3 DR. MAUGHAN: It has something to do about an
4 outhouse. I think that's right.
5 ASSISTANT SECRETARY GALLAGHER: But Rick's question goes
6 more toward other countries may be doing things but are
7 they getting ahead? Are they gaining an advantage out of
8 it? Any other reflections from the -- Preston.
9 MR. MARSHALL: There might be an analogy from
10 the cell phone industry where you saw U.S. cell phones and
11 we get everyone coming in saying we're losing cell phone
12 because the guy with the infrastructure is probably also
13 the last guy to adopt.
14 And so just like in the telephone industry
15 because we had a very heavy wired infrastructure we had
16 the least need for cellular and so everyone says Japan
17 rolled 3G out. How many years ahead, dah, dah, dah, dah,
18 dah. And China clearly.
19 So you really don't think about yourself as
20 putting yourself even in the race. If you do nothing, by
21 definition, we would be the last to enter it because we
22 have discussed in the earlier panel a lot of addresses.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
170
1 We're NATing homes not buildings and therefore the
2 pressure to do things is much reduced here.
3 And how many homes have v4 equipment at home
4 versus in China? So probably the question isn't fairly do
5 we want to stay ahead. The question is do you want to
6 accelerate at least linear growth otherwise the incentives
7 here are certainly greatly reduced to anyone who has much
8 less v4 infrastructure.
9 ASSISTANT SECRETARY GALLAGHER: Jim.
10 MR. BOUND: We also have to be, and the North
11 American Task Force responded to the very first response
12 to RFC you know, GM Onstar is a great program. It's a
13 walled garden. But DoCoMo Imo is a walled garden too. So
14 these walled gardens exist.
15 The question that we proposed was that do we
16 want to make sure we have the infrastructure as the walled
17 garden comes down because DoCoMo will bring that walled
18 garden down to compete with IGA and KDDI. Do we want to
19 be able once it uses TCP/IP be able to compete or KDDI has
20 every opportunity to walk into the U.S. on the West Coast
21 and set up wireless with IPv6 with mobility for all the
22 dealerships on the West Coast. I mean, that's the way we
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
171
1 operate and that's fair. I unfortunately don't get to do
2 that in Japan or China but they certainly get to do it
3 here.
4 And I think we need, in the U.S. we need to
5 understand what does that mean and can we do something to
6 at least demonstrate the importance of being aware of say
7 the Internet transportation systems project, which is a
8 whole other project that's being driven by Toyota. And
9 we're all, here I think we're all old enough to be here in
10 the '70s, know what happened there.
11 ASSISTANT SECRETARY GALLAGHER: Just one thing, Jim. I
12 think that the KDDI might have to make a swing by the FCC
13 on their way to the West Coast and pick up a license to do
14 that but otherwise they'd be more than able to do it as
15 deploying the technology. Certainly they could do that.
16 Other thoughts about the international arena and
17 then I think we can look to the floor for some questions.
18 I've got several more we can run through. I want to make
19 sure there's a fair opportunity from the floor. Other
20 thoughts on the international front? Ted.
21 MR. TANNER: Just an interesting comment. I
22 believe that the situation may not be as grim as we think.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
172
1 I think that companies like Sun and Apple and a company
2 called Microsoft have various implementations of IPv6. So
3 I think we are in that case very aligned with other
4 implementations.
5 MR. WHITE: And I would just add that I think, I
6 do think we have to have a little bit sometimes the
7 courage of our convictions. We have been very good in our
8 country at inventing lots of things and kind of staying
9 ahead of the curve sometimes surprising ourselves that
10 we've stayed ahead of the curve.
11 So I would certainly err on the side of not
12 doing too much and expecting that we do what we typically
13 do which is to stay ahead of the curve in a way that maybe
14 surprises people.
15 MR. BOUND: I find this very confusing. I mean,
16 every vendor, Ted, has shipped IPv6. There's not a vendor
17 I know that hasn't. I just want to -- but that's not the
18 issue. The issue is Pac Bell going to use IPv6 or should
19 KDDI come in and get the FCC license and do what Pac Bell
20 wouldn't do for our constituency in California as one
21 example, not to pick on them.
22 ASSISTANT SECRETARY GALLAGHER: Well, a lot of people are,
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
173
1 but that's another panel on another day. We don't need to
2 do that here. Questions from the floor at this point?
3 Happy to take some of those and then if we hit a soft spot
4 -- oh, looks like we have plenty of interest. Okay.
5 MR. NELSON: Mike Nelson with IBM. I work on
6 next generation Internet technologies talking to our
7 customers about what's going to be possible when the next
8 generation of standards are deployed and helping develop
9 those standards. My team is very involved in the IETF and
10 the global grid form.
11 We've talked about how IPv6 is going to enable
12 mobile devices, sensors, more secure communications, and
13 more secure networking. We haven't really touched on what
14 I consider one of the most important aspects of the next
15 generation Internet and that is distributed applications
16 like the grid.
17 Our team is working on grid applications that
18 wi1l allow us to take thousands of servers and
19 supercomputers and bring them all together and make them
20 function as an integrated whole. And we consider IPv6
21 rather important to that vision.
22 The U.S. government is investing quite a bit of
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
174
1 money through the National Science Foundation, through
2 DOE, through NASA, on grid testbeds. And on the way I
3 think we're going to see just how important IPv6 is to
4 that.
5 Would any of the panelists like to talk a little
6 bit about the importance of IPv6 for the grid and also
7 talk about the fact that I don't perceive that the U.S. is
8 spending enough money on IPv6 testbeds?
9 My team is involved in the European commission
10 effort on IPv6 called the SIXNET. We don't have really a
11 comparable large-scale effort here in the U.S. although
12 Internet2 is doing some useful things. I don't think
13 we're making the investment we need there.
14 So two questions: how important is the grid, is
15 IPv6 for the grid and how important are these testbeds
16 that are being funded elsewhere?
17 ASSISTANT SECRETARY GALLAGHER: Gene or Rick, did you have
18 some initial thoughts in response to that?
19 DR. SUMMERHILL: I think as far as the grid goes
20 I think IPv6 is very important in this area because it's
21 really taking a completely different view of the
22 facilities. Rather than looking at it as a network where
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
175
1 you put hosts on the network that appear to be separate
2 and operate you're viewing it as a whole system and the
3 ability to do seamless and across that system I think is
4 really important.
5 ASSISTANT SECRETARY GALLAGHER: Gene.
6 MR. SOKOLOWSKI: I'm not sure I have much to add
7 other than if our industry partners do proceed with grid
8 computing like this certainly we would make those services
9 available. But I think just commenting on it it just
10 isn't part of the GSA FDS charter. So I apologize for a
11 rather truncated response.
12 ASSISTANT SECRETARY GALLAGHER: All right. Others with a
13 response on the impact on grid computing? Okay. Next
14 question.
15 DR. MAUGHAN: Actually, could we get a comment
16 from Jim on his second question on the testbeds?
17 MR. BOUND: Testbeds. I agree with Mike on the
18 grid because I tried to get that done for awhile but the
19 testbeds, yeah, we need more testbeds for the grid and we
20 need more testbeds for security. And I would argue that
21 we need more test sites funded to be Moonv6 sites.
22 So if we use Moonv6, Mike, to do some of the
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
176
1 testing we could take two sites, like SIXNET, hook it with
2 a site to be determined, possibly through Internet2 and
3 run grid services and that is a discussion by the way.
4 But right now we have no funding to do it. We do all
5 this, as you know, cheaply.
6 UNIDENTIFIED SPEAKER: The relative funding
7 levels between SIXNET --
8 MR. BOUND: Oh, it's phenomenal.
9 UNIDENTIFIED SPEAKER: And Japanese efforts and
10 the U.S. efforts. It's just ten factor, five or ten.
11 MR. BOUND: Yes, it is. But, yeah, we also try
12 to, we run a much more open process than they -- I don't
13 know how people are over from the EU but the EU has some
14 really, I think, crazy guidelines, like they have
15 nondisclosures you have to sign and we just kind of
16 operate.
17 But some funding would be very beneficial I
18 think in the interest of, national interest, to make sure
19 the grid works with IPv6 without a doubt.
20 ASSISTANT SECRETARY GALLAGHER: And the funding item is
21 noted again and then I think that some of that just
22 operating thing gets to where Rick comes from about how we
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
177
1 tend to keep our lead and our advantage. They tend to go
2 together.
3 MR. MARCUS: Scott Marcus, FCC. My question
4 relates to this notion of the restoration of the end-to-
5 end model and the disappearance of the NATs. There's an
6 old proverb that there's nothing that persists longer than
7 an interim solution. And the NAT kind of is one of those.
8 But really what I wanted to get some sense on
9 from the panelists and their views is first, Vint had
10 noted in his keynote that shortage of address space is one
11 reason why there are NATs. It may not be the only reason
12 in fact.
13 Secondly, it seems to me that there's a time
14 phasing question, the time at which a consumer no longer
15 needs his or her NAT isn't necessarily the first day when
16 IPv6 becomes available. It's the point where the IPv4
17 address is no longer needed.
18 So is there a possibility that there is some
19 phasing issue between the point when v6 sees increasing
20 deployment versus the point where those NATs really start
21 to decline? Do we ever really get all the way back to an
22 end-to-end model?
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
178
1 ASSISTANT SECRETARY GALLAGHER: Preston.
2 MR. MARSHALL: I think one thing is that we talk
3 about the NAT but the NAT is really a NAT and a firewall.
4 And the NAT, whether it disappears or not, the firewall
5 stays and the firewall enforces the same topology as the
6 NAT.
7 So focusing on the benefit of IPv6 and getting
8 rid of the NAT because my point is that really doesn't
9 solve the whole problem because behind the NAT grew the
10 home firewall or the enterprise firewall or before it gets
11 to enterprise.
12 And until you get rid of both of them and you
13 have a solution for both you don't get the benefits of
14 either. And they're not severable benefits.
15 So if parallel with looking at getting rid of
16 the NAT which you do by the IPv6 connect you want the
17 security architecture that lets the firewall come down at
18 the same time otherwise -- it probably isn't even cheaper.
19 It's forty bucks for your firewall and NAT. You're not
20 going to sell it for 35 if I don't take the NAT.
21 So we've got to get rid of both simultaneously
22 and I'm arguing that IPv6 may not even be the long pole.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
179
1 It may be the new security model that is end-to-end to let
2 my home security system trust my HVAC vendor coming in and
3 working with it.
4 ASSISTANT SECRETARY GALLAGHER: Other thoughts from the
5 panel?
6 MS. KRAUS: Well, I would just agree that NATs
7 and firewalls are going to be around for a long time but I
8 would also say that they won't be around forever, at least
9 in the DoD model of things. But when is that point? I
10 don't know.
11 I talked about transition and I certainly agree
12 with what Preston said. One of the problems we've had
13 within DoD in implementing this transition policy is
14 convincing people of the benefits and why we are going
15 there.
16 And we have this question are we just replacing
17 IPv4 and yes, really, that's what we're doing at the
18 beginning but it's with the hope and vision that we can
19 take advantage of all these great capabilities and
20 hopefully sooner rather than later. So at least from my
21 perspective.
22 ASSISTANT SECRETARY GALLAGHER: Ted.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
180
1 MR. TANNER: There's a couple of factors here
2 that to answer your question, from a DoD -- and it's
3 different from a DoD enterprise perspective -- the time
4 frames versus a completely ubiquitous open IPv6-based
5 Internet.
6 That's the importance of what we have to have
7 with checks and balances from the 4 to 6 migration and
8 coexistence path and make sure that we are doing the,
9 quote, correct things along the way.
10 I almost can assure you that if my mom sat down
11 in front of a computer and saw something that said and she
12 did something over the Internet and said, oh, my gosh, I
13 have to have this, and it autoconfigured, that's a good
14 thing.
15 ASSISTANT SECRETARY GALLAGHER: I think we can accept that
16 as a definition. We'll take one more question then we'll
17 turn to our panelists for the final wrap-up here.
18 DR. LADID: Yes. This question is for Preston.
19 Maybe to verify the research or the announcement that
20 Nokia has made recently by comparing NAT to v6 on the
21 license and since on NAT you have to keep states and v6
22 you just have to connect so they found that the battery
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
181
1 life can be saved by 50 percent using IPv6.
2 That could be something very interesting for
3 you. So you can imagine -- I mean, I'm not going to go
4 through the phasing out of NAT. I think there are some
5 two billion NATs on the Internet. So if you phase them
6 out you might shut down a couple of nuclear power stations
7 and possibly v6 could be the first green protocol. Thank
8 you.
9 ASSISTANT SECRETARY GALLAGHER: Preston, if you want to
10 volley that we'll take one more question.
11 MR. MARSHALL: Sure. That's such a great set up
12 by Latif I can't volley it. I would say that my guess is
13 that the process of the random NATs would just end up
14 doing that much more on the firewall but there's clearly a
15 trade there.
16 I would just like to put the security issue in
17 equal because Doug's been right all along, put the
18 security in as an equal issue along with address space and
19 all as something to be solved in a serial path. And then
20 we'll get all -- we get the energy for both with you.
21 ASSISTANT SECRETARY GALLAGHER: Very good. Other
22 thoughts? Okay. Last question from the floor.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
182
1 MR. BRIGG: My name is Mike Brigg. I actually
2 support Marilyn. I'm with the DoD transition office and
3 the first thing I'd like to do is kind of make a statement
4 of something I've observed and then the second thing is
5 I'd ask a question.
6 The first is I've built a testbed and I work
7 down in Charleston, South Carolina for the Navy. I found
8 an application equivalently functional with IPv6 as IPv4
9 just about all of our applications they were not
10 necessarily on a standard COTS operating system or
11 standard platform.
12 I actually would put a lot of work in supporting
13 this testbed to make sure I could actually get the
14 functionality over IPv6 but I found in general that every
15 application, principal application that we had there was
16 alternatives, maybe open source, maybe a foreign vendor
17 but there were alternatives for vendors that, for example,
18 there are some vendors maybe that are farther ahead than
19 others or have more mature implementations.
20 There are open source applications and operating
21 systems that are very mature so there are alternatives out
22 there that we may not find palatable because of our own
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
183
1 environment to deploy IPv6 operation at this point but
2 others may find that as being an alternative. That's the
3 first statement I'd like defined to give to you.
4 The second is I've heard a lot about end-to-end
5 security and I've seen in DoD we have a great trend, we're
6 trying towards convergence. Well, I'd like to ask in the
7 other parts of the federal government do you see, for
8 example, end-to-end security morphing into a form of
9 multilevel security where we instead of having just voice
10 video and data over one network now we have secure voice,
11 secure data, unclassed data.
12 I mean, is that something that the rest of the
13 government sees as being an advantage cost performance to
14 you? Is that something -- I could see for the military
15 that we would have a great advantage for that employing
16 this end-to-end model. Does the rest of the government?
17 ASSISTANT SECRETARY GALLAGHER: Well since, Marilyn, we
18 think you probably share that I assume conviction we'll
19 ask Doug and then others as they would like to respond.
20 DR. MAUGHAN: I think we're going to throw away
21 our STU-IIIs when we throw away the NAT box. (Laughter.) It
22 certainly could be possible but I don't believe this comes
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
184
1 back to our R.U.D.E. and D.U.D.E. is I don't believe we spent any
2 time -- I spent I guess 16 years in both NSA and DARPA in
3 the DoD and I don't believe we've spent any time thinking
4 about those issues of convergence and moving to, even with
5 the statement from the Secretary on IPv6, I don't believe
6 we've spent enough time looking at those issues as they
7 apply to Type I crypto and those kinds of things where the
8 convergence we can go down that path yet.
9 It certainly would be an economic incentive to
10 think about it and to spend the time and energy to do it
11 but I just don't believe we have unless there's been -- I
12 mean, I've been to South Carolina. I've been down to your
13 testbed which is probably the best one that I've seen in
14 the DoD but I don't think we've gone any further than
15 that.
16 ASSISTANT SECRETARY GALLAGHER: Other responses? Well,
17 then now we'll go around the Horn. And since Rick already
18 did his homework, we'll start with him but thoughts for
19 the government as we're looking at the government's role
20 in the deployment of IPv6 the thoughts that you would
21 share with us.
22 MR. WHITE: Well, I certainly would in terms of
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
185
1 the positive things I do think you should focus on these
2 things where you can have an impact. But let me focus on
3 the things that maybe you shouldn't do -- you shouldn't do
4 RUDE -- maybe you should try to avoid if possible.
5 Number one, I think mandating a particular kind
6 of technology or approach is something that we all
7 probably agree is not the right approach. It's just it's
8 a hard thing for the government to do.
9 I think trying to control the development of
10 technology or even direct it in a particular way is
11 probably something you should try to avoid too. Sometimes
12 there's a temptation to do that. Sometimes there are
13 benefits from that but it's hard to make that call so
14 that's something I would avoid.
15 I would avoid trying to regulate it once it's
16 out there to the extent you can. I would avoid trying to
17 tax it. And so that's not everything that the government
18 can do but I think those are some examples where for a lot
19 of good reasons the government might want to move in this
20 direction. But I would encourage you to avoid it.
21 Now, I wanted this to say MARKET but it doesn't.
22 I couldn't find a vowel, and there really isn't a very
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
186
1 good acronym for this and in fact the one it comes out to
2 is probably the one I would least like to have but it
3 actually would come out to don't mandate. Don't regulate.
4 Don't control or don't tax. That's market.
5 ASSISTANT SECRETARY GALLAGHER: Thanks, Rick. Ted.
6 MR. TANNER: First of all, thank you for having
7 me. This has been a great discussion. I believe that the
8 government is in a great position to articulate the need
9 for this technology and work with the consumer
10 electronics, the IT industry, the security industry, the
11 Department of Defense, et cetera, et cetera, to discuss
12 the discourse and the need for the technology as a
13 backbone.
14 As I said, I think the most important aspect of
15 IPv6 is going to come from the edge device, killer
16 application and back within and then modifying the
17 enterprise aspects on an as-needed basis. But the
18 articulation from the government is going to be one of the
19 most helpful aspects.
20 DR. SUMMERHILL: I think from the point of view
21 of the research and education community, I think letting
22 it flower is really a positive thing. And I think there's
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
187
1 also a basic need for fundamental research on packet
2 networks, especially new protocols like IPv6.
3 DR. SOKOLOWSKI: Well, from the GSA standpoint
4 I'd like to just -- I guess what Rick had said earlier.
5 Certainly laissez-faire in the marketplace is certainly
6 supported by GSA. And that's why we try to, in our role,
7 serve as facilitator between our industry partners and our
8 customer agencies.
9 And as far as encouraging our customer agencies
10 we are looking seriously at providing the transitional
11 assistance so they can transition from IPv4 to IPv6.
12 ASSISTANT SECRETARY GALLAGHER: Over to Doug.
13 DR. MAUGHAN: So I think Rick did a great job
14 gave us a good acronym. Should go ahead and copyright
15 that real quick. But I think, seriously I think the
16 government needs to figure out what we're going to do in
17 the R&D use, defend and encourage strategy.
18 I am somewhat concerned. While I'm a researcher
19 at heart I think we've spent an enormous number of years
20 trying to get IPv6 to its current state and I think it's
21 time to continue to identify requirements, push things
22 forward, and if we want to do research we go back and do
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
188
1 research on IPv7 or IPv8 --
2 DR. GALLAGHER: Or 10.
3 DR. MAUGHAN: Or 10 or whatever. Pick your
4 favorite number. But it is time to put stakes in the
5 ground, work with industry, and get things deployed and
6 learn from its operational use so that we can, in fact,
7 improve IPv10.
8 ASSISTANT SECRETARY GALLAGHER: Thanks, Doug. Preston.
9 MR. MARSHALL: Yeah, I think to make research
10 suggestions would be a little bipolar but to go the other
11 way, to say that our agency exists to fund ideas that are
12 beyond our engineering and so there's an opportunity to
13 take a look at the fundamentally different frameworks, not
14 to evolve IPv6. That's the last thing you need is people
15 telling you what it ought to be because it is what it is.
16 But to look at some of the other fundamental
17 research questions that revolve around IPv6 completely
18 different security models, different routings, different
19 ways of extending protocols that are both heavy and light.
20 I think there's a lot of topics that are IPv6 plus that
21 there's certainly opportunity to perform research in and
22 interest in performing research in.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
189
1 ASSISTANT SECRETARY GALLAGHER: Thank you, Preston.
2 Marilyn.
3 MS. KRAUS: Let me take a little bit different
4 tack on this because we've talked a lot about mandating
5 and not mandating. And I'm well aware of GOSSIP, believe
6 me, and you're all polite enough not to even bring up Ada
7 which was DoD's attempt.
8 But on the other hand I believe that each agency
9 and department, whether by Klinger-Cohen or other
10 legislation or other responsibility has a requirement to
11 look at where they are today in terms of their networking
12 and IT and where they want to be in five and ten years and
13 make their own decisions.
14 Interoperability requires a common set of
15 standards across enterprises and we've learned that
16 painfully across DoD. And I think, not to say that the
17 IPv6 is a solution or a need from any other agencies but I
18 think departments really owe it to themselves to make that
19 decision themselves.
20 They also need to look at what would be a
21 transition strategy to get them to where they believe they
22 need to be and implement appropriate policy for that.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
190
1 MR. BOUND: First, I want to say thank you for
2 having me here and the North American Task Force. I think
3 that the way we have responded and my membership as chair
4 is we try to make it very clear there's two answers, Mike,
5 to the question. The first answer and it's very clear
6 under our Constitution this is a business. The government
7 is a business and I think you do need mandates just like
8 GM does, just like JCPenney does.
9 And I urge and my membership urges every agency
10 that's doing anything where you need interoperability
11 where you have to deal now with first responders that it
12 would be ludicrous not to require, as the DoD did, IPv6
13 capable systems because you need to get there.
14 And that's our view and that's our input to you.
15 IPv4 is dead. NAT is bad. And you can either move on now
16 or suffer. And that's your choice. But it is your
17 choice.
18 The other issue is that government shouldn't be
19 mandating anything. And I'm 100 percent behind Rick on
20 that. But I do think that government, as Thomas Jefferson
21 said, very clearly should provide a helping hand and
22 leadership. And I think there's a lot of leadership that
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
191
1 we require in this particular technology space as we do
2 with semiconductors, as we did with many other facets of
3 dealing with issues.
4 ASSISTANT SECRETARY GALLAGHER: Thank you for all of those
5 very concise points of input and also thank you for your
6 other contributions. But before we dismiss our panel and
7 thank them what I'd like to do is invite Mark, our partner
8 from NIST, to give us a few closing thoughts from his
9 perspective having sat through the day and his
10 perspectives and then I'll offer a few closing remarks and
11 we'll end a little bit early.
12 DR. SKALL: Thank you. I'd like to just thank
13 everyone here for participating, both panels and the
14 people in the audience. I'd like to also thank Marilyn
15 for mentioning Ada because I was sweating. GOSSIP was
16 mentioned about ten or 11 times. So thank you for getting
17 us off the hook a little.
18 I think this is extremely worthwhile. These
19 type interchanges on complex, technical, economic and
20 policy issues really are just instrumental in arriving at
21 I believe hopefully the right conclusions.
22 The discussions today really emphasize how
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
192
1 complex the Internet is and the strategies that have to be
2 deployed. And we're really just getting used to having to
3 make decisions about business needs with respect to
4 technical issues and how they drive the business needs.
5 From the NIST perspective, we're really ready to
6 assist with our technical expertise as I mentioned before.
7 We have a lot of technical expertise in IT. We've
8 participated in a lot of standards committees. We've done
9 a lot of tasks.
10 We serve as a neutral broker which you may find
11 very important. And I encourage you to contact me or Dr.
12 Semerjian the Acting Director of NIST if you need any
13 help. And again, thank you all. It's been, I think, a
14 tremendous experience.
15 ASSISTANT SECRETARY GALLAGHER: Thank you for that, Mark.
16 I'll just, if you don't mind, I'll just take us on a very
17 quick random walk through a few observations from the day
18 and then a few thank yous and then we can thank our panel.
19 You know Vint started our day with some very
20 witty discussion of the history of how we got here
21 including an explanation of where the lost version 5 went
22 and how we're on our way to version 10. And he brought up
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
193
1 a point that things that work persist which is echoed by
2 one of the questioners during this last panel was nothing
3 persists like an interim solution that works. And I think
4 that tells us how we got to where we are today.
5 RTI presented the draft report which again I
6 think I know all of the people around this table have been
7 involved in putting together would encourage others to
8 take a look at that and offer their thoughts.
9 We've heard a lot about mobility. We've heard a
10 lot about growing numbers of devices and increasing demand
11 in the world for addresses and also a lot of very I think
12 amusing but also important discussion about NATs. Are
13 they evil or not?
14 Are they something that, a platform for change,
15 which is something I think that Vint hinted at before he
16 left. I think we would have liked to have questioned him
17 about that. And then that they are kind of the party
18 lines of the Internet. I thought that was an interesting
19 analysis.
20 DoD makes it clear that they have set a goal,
21 they have put a marker out and they intend to achieve it.
22 Yet we're still in very much the developmental stages of
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
194
1 getting there and that we have perhaps adequate deployment
2 within software and hardware but applications are where we
3 need to apply effort.
4 GSA has made a clear statement today that they
5 intend to follow the industry's lead and make sure that
6 the government is aware of those best practices and the
7 value of those attributes of IPv6 as it goes about its
8 buying decisions.
9 DARPA, a very colorful, number of colorful
10 points coming from our friend, Preston. But the need for
11 improvements in other things like batteries. I mean, that
12 was one of the questions and also the need that when we
13 look at security that we need a new security paradigm not
14 just take our existing security infrastructure, put it
15 onto IPv6 and treat it like it's IPv4.
16 Also, Rick entertained us and also enlightened
17 us with the clever RUDE and DUDE analogies and the call to
18 industry. And we also heard about IPsec that it's not a
19 magic wand that is going to instantly be placed on IPv6,
20 that it's one of the things that we're going to have to
21 take time to make sure it works and that there is an
22 implementation challenge the lies there as well.
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
195
1 Internationally, surprisingly, there was a
2 consensus it seemed that the education and government
3 interest and the research elements of it will leads to
4 perhaps an easier path towards development of the standard
5 and the adoption of the standard and other more
6 troublesome standards that we have seen just in the last
7 few years and those would be just the observations.
8 At this point, we now get to turn to saying
9 thank you to some very important people who helped us
10 today put on this event and they would be from NTIA and
11 from NIST, Christina Miller, Ahmet Mather, Jennifer
12 DeMarco, Brandon Nidock, Fred Lee, who's here even though
13 he's got a bum wheel, Chris Tassey, Tim Sloan, B.K.
14 Fulton, Sandra Ryan, Dan Davis and Cathy Handley. So if
15 we could give them a hand of applause. (Applause.)
16 And then I would also just like to say thank you
17 finally to all of our panelists for your contributions not
18 just to the IPv6 effort but your contributions you make to
19 our economy and to our government and to our national
20 security as a people. We appreciate those.
21 We appreciate your participation today. Thank
22 you for coming. And to you in the audience and on the
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
196
1 Internet, thank you all for being here. We very much
2 appreciate your input and support.
3 (Whereupon, the meeting was
4 concluded at 1:13 p.m.)
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555
197
1 CERTIFICATE OF REPORTER
2
3 I, Deborah Turner, CVR, do hereby certify that
4 the foregoing proceedings were taken down by me by
5 stenomask and audiotape and thereafter reduced to
6 typewriting by me; that I am neither counsel for, related
7 to, nor employed by any of the parties to the action in
8 which these proceedings were transcribed; that I am not a
9 relative or employee of any attorney or counsel employed
10 by the parties hereto, nor financially or otherwise
11 interested in the outcome in the action.
12
13
14
15
16 DEBORAH TURNER, CVR
17
18
19
20
21 My commission expires: 02/01/2006
22
For The Record, Inc.
Suburban Maryland 301-870-8025
Outer Maryland 800-921-5555