Appeal to the IAB of IESG rejection of Appeal to Last Call draft-ietf-grow-anycast (Dean Anderson; 2008-11-14) - 2008-11-14
Appeal - 2008-11-14

Appeal to the IAB of IESG rejection of Appeal to Last Call draft-ietf-grow-anycast

Appeal of DNSOP WG Decision of September 13, 2008

Legal Disclaimer: In places this document refers to legal obligations and demands on certain organizations and individuals. It should be noted that this document is not submitted as a complete or final description of any legal demands that might be made by Anderson or Av8 Internet or others, but is submitted only for due process consideration by superior management. No limitation on rights is accepted nor are any specific legal theories offered. These references are to be taken only as preliminary notices of infringements and preliminary demands to cease and desist, according to our prudent duties to make such notices and demands known.

Summary of Issues for the IESG

In the Articles included, a number of issues are raised involving:

  1. Errors in decision of DNSOP WG consensus call on WG document titled draft-ietf-dnsop-reflectors-are-evil-06.txt.
  2. Untruthful statements in WG Report to the IESG.
  3. Unlawful interference in right to democratic participation in ISOC activity.

We ask the IESG to reverse the errors, disavow and repudiate the false statements and false reports, and discipline the WG chairs for breaches of duties and bad faith.

Table of Contents

Background of Dispute

According to a paper[1] released by Professor Randal Vaughn (Baylor) and Gadi Evron (formerly of Affilias, NANOG member), the first noticed DNS reflection attack occurred in October 2005. Vaughn and Evron report that Dan Kaminsky and Mike Schiffman announced they had found 580,000 open recursors at the January 2006 SchmooCon hacker conference. Vaughn and Evron describe the means of attack as most likely involving a “botnet”,

The attacker adds the IP address of the target as the request initiator’s IP address in this packet, and then repeatedly sends these queries to their established list of name servers, most likely by the use of a Botnet.

Vaughn and Evron describe the first attack that took place in October 2005:

Never-the-less, for the first 28 servers participating in this attack only 14 currently respond as supporting recursion. Again this is consistent with the attacker’s not fully gathering intelligence about the exploited servers prior to carrying out this attack.

Obviously, if half the servers aren’t open recursors, then the attack isn’t merely an OPEN RECURSOR attack. The explanation that this discrepancy is somehow consistent with the attacker not fully gathering intelligence is preposterous, since the servers, both open and closed, obviously responded to the attacker. The property of a recursive DNS server (recursor) being open or closed recursors is plainly not important to the attackers who exploit DNS servers with a Botnet.

On Febuary 24th, 2006 Paul Estes reports a “DNS deluge” of requests for a certain domain name to the NANOG list.[2]

On May 17th, 2006 Joao Damas and Frederico A. C. Neves introduced a document known as “draft-ietf-dnsop-reflectors-are-evil-00.txt” for consideration by the DNSOP Working Group. Joao Damas is an employee of Internet Systems Consortium, Inc and a NANOG member. Frederico Neves is employed by ‘NIC.br / Registro.br’, and a NANOG member.

From the beginning, the draft was contentious. On October 26th 2006, Peter Koch issued the first Working Group Last Call[3] . Strong opposition was registered on October 30th 2006 by Dean Anderson[4] :

During 2 sessions of discussion, the authors made assertions for which there is no basis in fact. In the second session, the authors and proponents simply repeated claims discredited in May, as though those arguments had no prior opposition whatsoever. They just repeated a mantra, as if repeating it often and ignoring the contrary evidence somehow makes the mantra true.

Documents published by the ISOC should be based on facts, not on disputed, unsupported, even illogical assertions, and should be as accurate as possible. High standards of fidelity are required. This document does not meet such standards. Documents should also have a high degree of community interest, which hasn't been seen for this document. Many of the messages and most of the support has been from persons closely associated with the authors.

Controversy ensued, and there was no consensus. There was little comment after November 2006 until a Last Call was issued on September 11th, 2007. Again a flurry of heated discussion and dissent went on until December 2007. There was no consensus to publish the document at this time, yet amazingly, according to the ID Tracker, on September 25th, 2007, Ron Bonica changed the state of the document as though there was a consensus. This fact was not reported to the Working Group. There was no comment whatsoever between December 2007 and September 2008. Then on September 1, 2008 a new draft was issued, hardly different from the previous draft. Again, controversy erupted; again the same already discredited, unsubstantiated rhetoric was repeated as fact. Proponents presented no new facts which might address previous objections. The only new fact was that there were no reports of serious attacks since 2006, a fact that tends to discredit the premise that the draft serves a useful purpose. On September 6th, 2008 Peter Koch suddenly announced that the draft was in “IESG Evaluation State”[5] . A review of the ID tracker page shows that this state was entered almost a YEAR before, on September 27th, 2007. Apparently this even caught Koch by surprise. That state shouldn’t happen before a working group consensus is reached. Dean Anderson objected to this submarine process on September 8th, 2008[6].

Article I. Errors in Last Call

This article is brought under RFC 2026 § 6.5.1 and RFC § 6.5.2, and describes several improper activities:

  1. Incorrect technical choice [RFC 2026 § 6.5.1]
  2. Objections not heard [RFC 2026 § 6.5.1]
  3. Pre-requisite for consensus not met [RFC 2026 § 6.5.2]

§6.5.1 Working Group Disputes:

“(a) his or her own views have not been adequately considered by the Working Group (b) the Working Group has made an incorrect
technical choice which places the quality and/or integrity of the Working Group’s product(s) in significant jeopardy.”

§6.5.2 Process Failures:

“[…] it is the IESG is charged with ensuring that the required procedures have been followed, and that any necessary prerequisites to a standards action have been met”

Section 1.01 Questions of Fact or Questions of Power

At a recent talk at Harvard University, Al Gore, quoting Theodore Adorno said

“science is often met with opposition from leaders who want to turn “questions of fact” into “questions of power,”.

“Questions of fact should be questions to be explored,” he said. “They should not be waylaid on their way to the public forum.”

A significant part of the dispute on this draft involves questions of fact.

The ISOC and the ISOC IETF Activity is chartered to be a scientific organization. As such, its principle interest is in questions of fact. The draft is based on a number of assertions no credible evidence or no evidence at all.

Are there serious DNS reflection attacks? Danny McPherson responded that there were, but that he couldn’t identify any. It is noted that the report published by McPherson’s company, Arbor Networks on November 11th, 2008 did asserted that there were DNS amplification attacks, but did not provide any information that might confirm or substantiate these claims. The report did not distinguish abuse from open recursors from abuse from closed recursors. McPherson’s company sells security software and services and stands to benefit from business opportunities substantially enhanced by this document by selling security products and services to companies that now feel the need to alter their DNS recursors.

Do open reflectors such as those operated by many ISPs and customized DNS service providers such as OpenDNS really pose a threat to the Internet? No evidence was given that this fact might be true.

Will closing open recursors eliminate the potential for abuse? Any protocol or network service is subject to some abuse. The benefit of having network services must plainly outweigh the potential for abuse. The attack vector described as the premise is already addressed by BCP38. Analysis of the first attack by Professor Vaughn shows that botnets can abuse closed recursors. Anderson pointed out that greater harm can be obtained by abusing DNSSEC authority servers. No evidence was shown that, on balance, would justify the extreme act of having the IETF recommend closure of such services.

Much of the dispute raised by Anderson comes down to questions of fact. On September 8th, Area Director Ron Bonica made approval a foregone conclusion (unknown to the working group, it was).[7] A.D. Bonica states (emphasis added)

On the surface, I deem your objection to be without merit. Unless you can convince me otherwise, I will send draft-ietf-dnsop-reflectors-are-evil to the RFC editor for publication on Friday, September 5. See below for point by point responses.

The foregone conclusion by Bonica is an improper interference in the democratic process of the Working Group.

In the same message, A.D. Bonica states the truth of these reasonable questions of fact are irrelevant:

  • that there have only been two attacks
  • that these attacks were contrived
  • that the organization reporting these attacks is not credible
  • that the organization reporting these attacks has not satisfied your requests for evidence
  • that there are easier ways to attack DNS

The truth of these facts are relevant questions of fact that affect the integrity of the working group product. if the working group doesn’t try to get beyond rhetoric to find the technical facts.

Such foregone conclusions in the absence of facts, or in this case, the willful repudiation of critical analysis of factual claims, cannot be fair or open. Rather, they are closed and opaque, as no one knows why the draft was approved, and most probably didn’t know when the draft was approved.

Section 1.02 Known Technical Omissions

There are a number of technical omissions in the draft:

  1. The draft implicitly asserts that commercial services like OpenDNS (www.opendns.com) which offer open reflector services are somehow harmful and should be closed. The draft does not address legitimate commercial services.
  2. The draft does not address the fact that a botnet would also have access to the infected hosts’ recursors. It does not matter if these recursors are open or closed. As the paper by Gadi Evron noted, half the servers responding in the first event were closed recursors. Closing open recursors would not have any effect on a typical botnet. It is probably reasonable to expect that a 100,000 host botnet might have access to a large number of recursors. Closing recursors will have no effect.
  3. The draft does not address the impact of closed recursors on reflection attacks.
  4. The Working Group did not adequately consider whether closing open recursors would have any effect. Instead, it took as a foregone conclusion that closing open recursors would solve the problem.
  5. The Working Group treated completely unsubstantiated information as being beyond dispute.

Section 1.03 Opposition to the Document

Opposition to the Last Calls of October 2006 and September 2007 is too numerous to list here. However, during the (apparently) sham Last Call of September 2008, two people expressed opposition:

  1. Kevin Darcy opposed this draft in a message to DNSOP posted September 9th, 2008.[8]
  2. Dean Anderson opposed this draft and stated that he would appeal the document. This fact is supposed to be reported to the Area Director and the IESG.

More will be said about this in Article II

Section 1.04 Improper Interference by Area Director Bonica

On Tuesday, September 9th, 2008 Area Director Bonica states that he will let the group come to a consensus, and will “keep quiet” until Friday, when the consensus will be reported.[9] About 23 hours after promising not to interfere, A.D. Bonica again begins to interfere.[10] However this promise is a sham. On the previous day, September 8th, 2008 several IESG members updated their ballot positions; Area Director Bonica would have participated in these discussions and received notices, yet continued to deceive the Working Group that there was Working Group Last Call process going on. These activities are contrary to IETF process and so IETF procedures were not being followed.

Article II. Inaccurate Statements in Consensus Report to IESG

This article is brought under RFC 2026 § 6.5.1 and RFC § 6.5.2, and describes several improper activities:

  1. Incorrect technical choice [RFC 2026 § 6.5.1] A choice based on false statements is an incorrect technical choice
  2. Objections not heard [RFC 2026 § 6.5.1] A false statement about objections means that the objections were not heard.
  3. Pre-requisite for consensus not met [RFC 2026 § 6.5.2] A false statement about the consensus means that a pre-requisite for consensus was not met.

§6.5.1 Working Group Disputes:

“(a) his or her own views have not been adequately considered by the Working Group (b) the Working Group has made an incorrect technical choice which places the quality and/or integrity of the Working Group’s product(s) in significant jeopardy.”

§6.5.2 Process Failures:

“[…] it is the IESG is charged with ensuring that the required procedures have been followed, and that any necessary prerequisites to a standards action have been met”

Peter Koch posted a statement to the DNSOP WG list on September 13th, 2008 that contained inaccurate and untruthful statements[11]

Section 2.01 First Inaccurate Statement on BCP38 Sufficiciency

On September 10, 2008, Area Director Bonica stated two conditions that were required to approve the document[12] :

The questions before the WG are:

If the answer to both of these questions is "no", the document can go forward as is.

In his message of September 13th message reporting consensus to the Area Director Bonica, Koch states that the consensus to the first question:

Amongst those individuals who responded directly to the questions, there was consensus that wide deployment of BCP38 would be sufficient

That’s it: the question is answered. The answer is YES. Instead, Koch then goes on to reverse this consensus because somehow, BCP38 is not widely deployed. While some persons did make unsubstantiated claims that BCP38 is not widely deployed, no evidence that BCP38 was not widely deployed was given. BCP38 has been a best practice since 2000 and adoption continues. It should be noted that there are wide variety of attacks that require packets with spoofed source IP addresses. These attacks include a variety of reflection/amplification attacks such as ICMP directed broadcast, DNS authority server attacks, TCP syn flood attacks, etc. All of these attacks are mitigated by a combination of BCP38 implementation and filtering after an attack has begun.

Section 2.02 Second inaccurate statement: Sufficiency of Response after Attack

Koch reports in his September 13th message:

There is also consensus that taking action after an attack has started is not a sufficient defense mechanism and proactive measures are needed. The WG's answer to the second question is "no".

There was no evidence given by the Working Group that filtering was not a sufficient defense. In the reported attacks, filtering worked. Filtering is also used in a variety of other, similar, distributed denial of service (DDOS) attacks. There is nothing particularly different about the DNS reflection attack that distinguishes it from other types of DDOS attacks. BCP38 is a “Proactive measures”. As pointed out previously, a botnet can exploit the ordinary recursors available to the botnet even if closed, so closing open recursors doesn’t not alter the equation, and was not the only “proactive measure”. The choice presented to the Working Group was simply a fallacy of false choice. This fallacy of false choice significantly affects the integrity of the Working Group product.

Section 2.03 Third untruthful statement: Nobody expressed opposition

Mr. Koch states in his September 13th message reporting: (emphasis added)

Several other people have expressed their support for publishing the draft "as is", nobody expressed opposition.

In fact, Kevin Darcy and Dean Anderson expressed opposition to the document. Although Mr. Koch notes later that Dean Anderson dissents, it is separated and apart from the text reporting no opposition such that Dean Anderson’s view is unfairly and improperly discounted and disregarded by the Working Group. RFC2026 Section 6.5.1 (a) allows an appeal when “views have not been adequately considered by the Working Group”.

Article III. Unlawful interference in right to democratic participation in ISOC activity.

This article is brought under RFC 2026 § 6.5.3 and describes several improper activities:

§6.5.3 Questions of Applicable Procedure:

“Further recourse is available only in cases in which the procedures themselves (i.e., the procedures described in this document) are claimed to be inadequate or insufficient to the protection of the rights of all parties in a fair and open Internet Standards Process.”

This article will show that the IETF procedures are inadequate to protect the property rights of members of the IETF. Prior demands and notices have been made to the IESG and IAB. This article describes predicate acts that add to those prior claims, and so must be read as conjoined to the prior demands and notices. It should also be noted that the same group of persons and companies collectively described as the BIND Cartel is alleged to have engaged in similar acts and fabrications at ARIN and NANOG, with similar objectives to threaten and interfere with the democratic rights of members to participate in democratic processes and governance. Those acts will not be described here except in the most general sense.

This group of gangsters, aided and abetted by their relatives and sycophants, engaged in a multifaceted orgy of criminal activity. For those that enthusiastically followed these arrogant mobsters in their morally debased activity there were material rewards. For those who accepted the side benefits of this perverted interpretation of business unionism, see J. Hutchinson, The Imperfect Union p. 371, (1970), there was presumably the rationalization of "I've got mine, why shouldn't he get his." For those who attempted to fight, the message was clear. Murder and other forms of intimidation would be utilized to insure silence. To get along, one had to go along, or else.

—U.S. v. Local 560 581 F.Supp. 279

Similarly, the BIND Cartel aided and abetted by their self-interested business associates and sycophants, engaged in a multifaceted orgy of improper activity of which the issues in this appeal are but one part. Similarly, for those that enthusiastically followed this arrogant group in their morally debased activity there were material rewards. Similarly, for those who accepted the side benefits of this perverted interpretation of Internet business and trade standards, there was presumably the rationalization of "I've got mine, why shouldn't he get his." Similarly, for those who attempted to fight, the message was clear. Email blacklisting, and other forms of intimidation would be utilized to insure silence. To get along, one had to go along, or else.

On September 13th, 2008 Peter Koch, DNSOP WG Chair, sent email to the list notifying the list of the suspension of posting rights to Dean Anderson. Koch falsely asserts there is a standing PR-action against Dean Anderson, despite knowledge of the falsity of this claim. Koch was notified of falsity of this claim and referred to the consensus messages found at the IETF-watch site.[13] The IESG has previously been notified that its procedure in RFC3683 doesn’t comply with the bylaws of the ISOC and laws under which the ISOC is chartered.[14] The IESG and IAB has disregarded the laws quoted in previous appeals, and through email to the IESG and IAB admin lists.

Section 3.01 Hobbs Act Allegations

The Hobbs Act states 4 requirements for prohibited activity:

  1. Did the defendant induce or attempt to induce the victim to give up property or property rights?
  2. Did the defendant use or attempt to use the victim's reasonable fear of physical injury or economic harm in order to induce the victim's consent to give up property?
  3. Did the defendant's conduct actually or potentially obstruct, delay, or affect interstate or foreign commerce in any (realistic) way or degree?
  4. Was the defendant's actual or threatened use of force, violence or fear wrongful?

Violation of the Hobbs Act is a predicate for violation of the Racketeer Influenced and Corrupt Organizations Act.

(a) First Allegation Against David Kessens

Anderson and AV8 Internet, Inc individually and collectively as member of the ISOC have a property right to participate in a democratic process by a trade organization known as the ISOC and the ISOC IETF Activity, satisfying the first condition of the Hobbs Act.

On September 23, 2005 David Kessens threatened to the property right to harm of Anderson and AV8 Internet, Inc to participate in a democratic process of the IETF unless Anderson gives up the right to object to improper and unlawful activity through the IETF process[15]. Anderson’s objections involved DNS Anycast, and Kessens’ associates stood to benefit if unfavorable facts didn’t come to light. The wrongful nature of this threat has been the subject of previous complaints and demands. It is a predicate act satisfying the second condition of the Hobbs Act.

The threat made on September 23, 2005 had the potential to obstruct plaintiff’s right to democratically participate in the ISOC trade organization and trade activity. This democratic activity involves interstate commerce and interstate communications. This act has actually obstructed the democratic participation of Anderson and AV8 Internet, Inc. This satisfies the third condition of the Hobbs Act.

As stated previously, the acts of objecting to fraud and false statements is a proper activity within the ISOC and the ISOC IETF Activity. The acts of disputing the assertions of others is also a proper activity with the ISOC and the ISOC IETF Activity. The statements made by Anderson on the DNSOP email list were fully explained and demonstrated by true statements objections to DNS Anycast. The threats against Anderson, and only Anderson, to prevent objections about false statements by other members of the IETF was wrongful and created unfair trade advantages to the particular ISOC and ISOC IETF Activity members benefiting from the false statements. This satisfies the fourth and final condition of the Hobbs Act.

Area Director Kessens selected Peter Koch to be DNSOP Working Group Chair on October 20th, 2005[16]. Area Director Kessens admitted to “playing hardball” with drafts involving DNS Anycast.[17]

(b) Second Allegation Against Peter Koch

On June 24, 2006, Peter Koch threatened the property right to harm of Anderson and AV8 Internet, Inc to participate in a democratic process of the IETF unless Anderson gives up the right to object to improper and unlawful activity through the IETF process. The June 24 message asserts that “fraud” is somehow inappropriate to IETF Working Group discussion. However RFC2026 states in Section 6.5.1 that anything that “places the quality and/or integrity of the Working Group's product(s) in significant jeopardy” is appropriate for discussion and a proper basis for dispute. Fraud on the IETF clearly places the integrity of the Working Group product in jeopardy. The IETF has also previously dealt with false and fraudulent statements to the IETF during the TLS-Authz controversy[18] and the IESG reversed approval of a document after false statements were discovered. Issues of fraud are a proper subject to the IETF democratic process. The June 24 message threatens Anderson to give up objecting to fraud and false statements made by other members of the IETF or suffer the economic harm of loss of democratic participation. This satisfies the second condition of the Hobbs Act.

The threat made on June 24, 2006 had the potential to obstruct plaintiff’s right to democratically participate in the ISOC trade organization and trade activity. This democratic activity involves interstate commerce and interstate communications. On September 13, 2008, Peter Koch carried out the threat made more than 2 years prior on June 24, 2006. This act has actually obstructed the democratic participation of Anderson and AV8 Internet, Inc. This satisfies the third condition of the Hobbs Act.

As stated, objecting to fraud and false statements is a proper activity within the ISOC and the ISOC IETF Activity. The statements made by Anderson on the DNSOP email list were fully explained and demonstrated by true statements the legal requirements commonly given for fraud. The threats against Anderson, and only Anderson, to prevent objections about false statements by other members of the IETF was wrongful and created unfair trade advantages to the particular ISOC and ISOC IETF Activity members benefiting from the false statements. This satisfies the fourth and final condition of the Hobbs Act.

Section 3.02 Allegation of RICO Violation

These acts, included with other related acts at the American Registry for Internet Numbers (ARIN), ISOC, and NANOG conducted by a group collectively described as the Bind Cartel, including but not limited to Paul Vixie and others, effect profit for and further an unlawful organization or association in violation of the Racketeer Influenced and Corrupt Organizations Act, 18 U.S.C. §1962(c).

On information and belief, Mr. Koch has knowledge of and consented to at least two RICO predicate acts performed by others, which is an act prohibited by the Racketeer Influenced and Corrupt Organizations Act, 18 U.S.C. §1962(d).

If evidence is developed that Mr. Koch acted at Mr. Bonica’s or someone else’s request, that person is a principal under 18 U.S.C. §2.

Consent by the IESG members, IAB members, and ISOC corporate officers to at least two RICO predicate acts performed by others, is prohibited by 18 U.S.C. §1962(d).

A civil remedy is allowed by 18 U.S.C. §1964.

There may be other legal issues that can and will be raised, should suit become necessary.

It is my sincere hope that these matters can be resolved without suit.

Dean Anderson
President
AV8 Internet, Inc

[1] http://www.isotf.org/news/DNS-Amplification-Attacks.pdf

[2] http://www.merit.edu/mail.archives/nanog/2006-02/msg00579.html

[3] http://www.ietf.org/mail-archive/web/dnsop/current/msg04814.html

[4] http://www.ietf.org/mail-archive/web/dnsop/current/msg04836.html

[5] http://www.ietf.org/mail-archive/web/dnsop/current/msg06722.html

[6] http://www.ietf.org/mail-archive/web/dnsop/current/msg06723.html

[7] http://www.ietf.org/mail-archive/web/dnsop/current/msg06724.html

[8] http://www.ietf.org/mail-archive/web/dnsop/current/msg06738.html

[9] http://www.ietf.org/mail-archive/web/dnsop/current/msg06732.html

[10] http://www.ietf.org/mail-archive/web/dnsop/current/msg06741.html

[11] http://www.ietf.org/mail-archive/web/dnsop/current/msg06769.html

[12] http://www.ietf.org/mail-archive/web/dnsop/current/msg06741.html

[13] http://www.av8.net/IETF-watch/IESG/IESG-PR-discussion.html

[14]http://www.av8.net/IETF-watch/Suspension_and_Expulsion_Requirements.pdf

[15] http://www.ietf.org/mail-archive/web/dnsop/current/msg03927.html

[16] http://www.ietf.org/mail-archive/web/dnsop/current/msg03955.html

[17] https://datatracker.ietf.org/idtracker/draft-ietf-grow-anycast/comment/57703/?

[18] http://www.av8.net/IETF-watch/People/Housley/index.html