[161828] in North American Network Operators' Group
Re: BCP38 - Internet Death Penalty
daemon@ATHENA.MIT.EDU (John Curran)
Wed Mar 27 11:30:19 2013
From: John Curran <jcurran@arin.net>
To: Jay Ashworth <jra@baylink.com>
Date: Wed, 27 Mar 2013 15:29:34 +0000
In-Reply-To: <27306172.11186.1364394183942.JavaMail.root@benjamin.baylink.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 27, 2013, at 10:23 AM, Jay Ashworth <jra@baylink.com> wrote:
> Indeed, but I have an even better example of how that's already done, tha=
t
> is probably pertinent.
>=20
> The National Electric Code is assimilated law now, I think, in every
> state in the US. It is promulgated by the National Fire Protection=20
> Association, which is a standards organization originally started by=20
> insurors to reduce their exposure and expenses; by professional consensus=
,
> they have become, effectively, a lawmaking body.
>=20
> So they're not the government, they're subject-matter experts, technicall=
y
> competent to have opinions, and their opinions are assimilated into=20
> controlling law.
Indeed... a perfect example of industry self-regulation supplemented by
a mandatory legal framework referencing the best practice documents.
> Is BCP38 *not* well enough though out even for large and medium sized=20
> carriers to adopt as contractual language, ...
You're back to discussing voluntary mechanisms in the above, but=20
your example is a case where compliance is due to legislation at=20
both federal and state levels.
> much less for FCC or someone to
> impose upon them? If so, we should work on it further.
Umm... How many North American ISP's/datacenters/web hosting firms were=20
aware of the BCP 38 development as it was on-going, and participated in=20
some manner in its review? The IETF is a wonderful organization, but it
is not exactly overflowing with representation from the service provider=20
community. Also, given that you really need these practices picked up
on a global basis, repeat the above question with "Global" rather than
North American... =20
If you actually want to see certain technical practices made mandatory
for Internet service providers globally, then you need a development=20
process for those practices which fairly robust to insure that the=20
practices are equally germane and reasonable to many different service=20
providers in many different parts of the world. It's actually relatively
easy to get governments to require compliance with accepted technical
practices for the Internet, the problem has been we've never taken the
effort to produce best practices with sufficient rigor than any given
government can know that it has the necessary backing (of many of the
service providers in its domain) needed to actually require compliance.
(With regard to the FCC, there is some question as to whether or not=20
their mandate would allow establishing required practices for ISPs...
To the extent that VoIP traffic is being carried, this is far more=20
likely to be possible, and hence folks should be aware of various
activities such as the CSRIC "Communications Security, Reliability=20
and Interoperability Council", which develops recommendations that
could effectively become requirements on Internet Service Providers
in some contexts.=20
<http://www.fcc.gov/encyclopedia/communications-security-reliability-and-in=
teroperability-council-iii>
Noe that the problem with this sort of approach is that having dozens=20
of countries all developing their own specific technical best practices=20
is most likely to cumulatively interact in ways impossible to comply=20
with... Hence, the need for clear global technical best practices,
through which countries with a particular desire to "improve the
state of the Internet" can channel their legislative desires...)
FYI,
/John
