James Galvin: So, when I started with the Internet when I graduated from college and I was going to graduate school, I knew that I wanted to get into networking. And so that’s what I jumped into and I chose my graduate school according to that desire and those wishes. And that was that was a good thing. I mean that was back in the early 80s, before networking was really too much of a thing. And it was an exciting time back then. The graduate school that I went to was an important part of what was then DARPANET. That allowed me the opportunity to get into secure email technologies. And from there I got into DNS security technology. And I’ve done a variety of things along the way. And as part of that, I started attending the IETF back in 1989. So I’ve been at this for a very long time. I’ve had various roles in the IETF along the way, in working groups and in fact I was chair of the working group that had created the DNS security standard. It was my team at the company that I worked at at that time that had done the first public domain implementation. And today I continue because ensuring that we have open standards is an important part of the success of an open Internet. For however you want to define “open,” and I define it rather broadly.
Access and freedom for all to use it and express it in a way that does not keep the other man from using it, too.
Intertitle: Describe one of the breakthrough moments or movements of the Internet in which you have been a key participant.
Galvin: Yes, there are actually two breakthrough moments that I want to talk about. One really was secure email, when I had gotten involved in that. Because in the early days, when we were first doing it, the first generation of secure email technologies was focused on a public key infrastructure and the idea that everybody would have some kind of certificate that would generally be available and we’d have some kind of you know, single, hierarchical distribution of certificates and all be used.
And that was interesting because the way that certificate technologies worked back then, there was no deployed infrastructure for that distribution. So there was no way to cause that model to come into existence. But then it was decided to move into DNS security. It was a concept that was invented in fall of of ’91, hallway conversations in the IETF, which are a nice colloquialism for the way a lot of things get started in the IETF. And we kicked off a working group in March of 1992. And I was chair of that working group for the length of its existence through three generations of the data security protocol.
But that was the second moment, was the ability to get involved in DNS security, because realizing that you could take a globally-deployed naming infrastructure, something which you could then put in your public key or your certificate, and you could imagine that users could get domain names and then at their domain name you now had a globally unique naming infrastructure. And now you could put useful data out there like your security key. And suddenly you could actually deploy secure email.
At the time that’s what was interesting. When the Web came around in ’94, ’95 and you had all of that in the Internet started to become the Internet as we know it today, the next thing that happens is you moved towards secure web access. And your transport layer security used certificates, too. And suddenly you had another use for DNS security. And that would be for being able to secure web sites out of the box, would be very nice. Now, we’re not even there yet, fifteen years later on that particular scenario. But that’s a future that I’d like. But I guess we’ll get to that as we dig further here into what’s coming.
Intertitle: Describe the state of the Internet today with a weather analogy and explain why.
Galvin: I would say that the Internet is partly cloudy. We have a working Internet in many ways. A lot of people on, it’s growing all the time. You know, the kind of things You want to be happening are happening. But the reason why I say it’s partly cloudy is because there are areas, there are places, there are missing technologies, there’s missing cooperation. And of course there are just areas of the world that don’t use the Internet in an open way and imposing their own will and restrictions. So I think there’s a place to get to yet. So, it’s partly cloudy, which makes it mostly good.
Intertitle: What are your greatest hopes and fears for the future of the Internet?
Galvin: I look at the Internet and I think it’s… The greatest threat to the security and stability of our Internet today is distributed attacks, distributed denial of service attacks in particular. The Internet was built on a foundation of it works because everybody because cooperates and we all agree. And that was a great environment when you pretty much could name everybody who was on the Internet, or you you got to where you could name all the sites and you know, you could name all the organizations. And we very quickly grew out of that as we got into the 90s. It just became an untenable situation. And we haven’t changed that a great deal. The baseline protocol, the Internet Protocol—IP—and TCP on top of that, you know, the Transmission Control Protocol, they’re all based on the idea that everything works because everybody just cooperate. To the extent that even all of the routing, all the networks work because they all cooperate in routing and nobody tries to cheat. Again, everything works.
But because there are not a lot of controls placed on those baseline protocols and those underlying layers on which everything is built, there is still opportunity, and a lot of opportunity, for people to cheat and for delicious actors to do bad things. Which has happened. Generally these things are noticed by the people who are principals who pay attention to how their networks and infrastructures are operating. But the fact that it can occur is really an issue. You know, you have governments and nation-states that choose to take control of their Internet from their population and things like that.
So you you know, my fear is malicious actors. Because there’s still too much opportunity, in my opinion, as someone who’s been a security technologist for a long time, for them to abuse the network and do bad things and bring bad things to far too many people.
My greatest hope is that we are finally beginning to see some growth in deployment of DNS security. The DNS is an infrastructure protocol. In today’s Internet, virtually everything that you do depends on the DNS as an ordinary user. So your browser and everything that you do with your browser, and all of your applications that you use from your work and your employment, they all depend on the DNS in one form or another. And DNS security is in that sense a critical infrastructure protocol, only one of the few, that the ability to secure that and protect it and ensure its integrity is a foundation on which you can build all kinds of things. And it sets you up for the opportunity to provide not just a stable but a secure Internet for everything, everybody, and for things to come that we haven’t even invented yet. I mean, I spoke earlier about my motivation for DNSSEC you know being individual users being able to put security information out there that can be used protect communication with them. That same kind of principle applies to applications and other services. Because with DNS, it is the only globally-deployed infrastructure protocol that everybody uses. It’s very simple. It’s just a lookup system. The idea of looking up security tokens? You know, that would just be outstanding. So my hope is that as we see more deployment, we’ll begin to see more and more interesting services and functions built that will make the Internet a safe and secure place for everybody.
Intertitle: Is there action that should be taken to ensure the best possible future?
Galvin: One action in a larger context— I mean, technologists will always build new technologies. So you’ll always have this arms race, is the colloquialism for you know, the description between the good actors and the bad actors. So, whatever you do the bad actors will still find a way—eventually away around it or through it or something. But what we don’t do today as a society is governments are not as good, yet, about cooperating to do things in an open and free way. And ensuring that they deploy technologies that enhance the security and stability of the Internet. One of the things that the Internet does offer you is anonymity, for example. But there’s a lotta data collection that goes on in the Internet, and there’s a lotta correlation of all of that data which prevents you from having any kind of anonymity or pseudonymity on the Internet.
Now the downside of offering anonymity and pseudonymity is the fact that you have to be able to protect yourself from bad actors. And so, there are things that we need to do to protect ourselves from bad actors that we’re not doing today. When I talked about the biggest threat facing us and I talked about denial of service attacks, one of things that we don’t do in the Internet today globally is be certain of the origin of information as it flows around the Internet. There are technologies that have existed for more than ten years. This is a known problem that has a known solution, and yet nobody wants to deploy it. And that’s because there’s no mechanism for making that come into existence. And I think there’s an opportunity for nation-states in particular to require that we work together, require that the networks within their sovereignty and their relationships with others, they work together to protect each other from things that circulate around the Internet that shouldn’t be there. You know, checking the source of packets that are flowing around and knowing that they could have reasonably come from where they say they’re coming from. I mean, that’s a distributed denial of service attack, and that’s our biggest threat and I think that’s the action that we should look forward to. People need to talk about this and sit down and decide that they want to fix it.