James Galvin: So, when I start­ed with the Internet when I grad­u­at­ed from col­lege and I was going on to grad­u­ate school, I knew that I want­ed to get into net­work­ing. And so that’s what I jumped into and I chose my grad­u­ate school accord­ing to that desire and those wish­es. And that was a good thing. I mean that was back in the ear­ly 80s, before net­work­ing was real­ly too much of a thing. And it was an excit­ing time back then. The grad­u­ate school that I went to was an impor­tant part of what was then DARPANET. That allowed me the oppor­tu­ni­ty to get into secure email tech­nolo­gies. And from there I got into DNS secu­ri­ty tech­nol­o­gy. And I’ve done a vari­ety of things along the way. And as part of that, I start­ed attend­ing the IETF back in 1989. So I’ve been at this for a very long time. I’ve had var­i­ous roles in the IETF along the way, in work­ing groups and in fact I was chair of the work­ing group that had cre­at­ed the DNS Security stan­dard. It was my team at the com­pa­ny that I worked at at that time that had done the first pub­lic domain imple­men­ta­tion. And today I con­tin­ue because ensur­ing that we have open stan­dards is an impor­tant part of the suc­cess of an open Internet. For how­ev­er you want to define open,” and I define it rather broadly.


Access and free­dom for all to use it and express it in a way that does not keep the oth­er man from using it, too. 

Intertitle: Describe one of the break­through moments or move­ments of the Internet in which you have been a key participant.

Galvin: Yes, there are actu­al­ly two break­through moments that I want to talk about. One real­ly was secure email, when I had got­ten involved in that. Because in the ear­ly days, when we were first doing it, the first gen­er­a­tion of secure email tech­nolo­gies was focused on a pub­lic key infra­struc­ture and the idea that every­body would have some kind of cer­tifi­cate that would gen­er­al­ly be avail­able and we’d have some kind of you know, sin­gle, hier­ar­chi­cal dis­tri­b­u­tion of cer­tifi­cates and all be used. 

And that was inter­est­ing because the way that cer­tifi­cate tech­nolo­gies worked back then, there was no deployed infra­struc­ture for that dis­tri­b­u­tion. So there was no way to cause that mod­el to come into exis­tence. But then it was decid­ed to move into DNS Security. It was a con­cept that was invent­ed in fall of 91, hall­way con­ver­sa­tions in the IETF, which are a nice col­lo­qui­al­ism for the way a lot of things get start­ed in the IETF. And we kicked off a work­ing group in March of 1992. And I was chair of that work­ing group for the length of its exis­tence through three gen­er­a­tions of the DNS Security protocol.

But that was the sec­ond moment, was the abil­i­ty to get involved in DNS Security, because real­iz­ing that you could take a globally-deployed nam­ing infra­struc­ture, some­thing which you could then put in your pub­lic key or your cer­tifi­cate, and you could imag­ine that users could get domain names and then at their domain name you now had a glob­al­ly unique nam­ing infra­struc­ture. And now you could put use­ful data out there like your secu­ri­ty key. And sud­den­ly you could actu­al­ly deploy secure email. 

At the time that’s what was inter­est­ing. When the Web came around in 94, 95 and you had all of that and the Internet start­ed to become the Internet as we know it today, the next thing that hap­pens is you moved towards secure Web access. And your trans­port lay­er secu­ri­ty used cer­tifi­cates, too. And sud­den­ly you had anoth­er use for DNS Security. And that would be for being able to secure web sites out of the box, would be very nice. Now, we’re not even there yet, fif­teen years lat­er on that par­tic­u­lar sce­nario. But that’s a future that I’d like. But I guess we’ll get to that as we dig fur­ther here into what’s coming. 

Intertitle: Describe the state of the Internet today with a weath­er anal­o­gy and explain why.

Galvin: I would say that the Internet is part­ly cloudy. We have a work­ing Internet in many ways. A lot of peo­ple on, it’s grow­ing all the time. You know, the kind of things You want to be hap­pen­ing are hap­pen­ing. But the rea­son why I say it’s part­ly cloudy is because there are areas, there are places, there are miss­ing tech­nolo­gies, there’s miss­ing coop­er­a­tion. And of course there are just areas of the world that don’t use the Internet in an open way and impos­ing their own will and restric­tions. So I think there’s a place to get to yet. So, it’s part­ly cloudy, which makes it most­ly good. 

Intertitle: What are your great­est hopes and fears for the future of the Internet?

Galvin: I look at the Internet and I think it’s… The great­est threat to the secu­ri­ty and sta­bil­i­ty of our Internet today is dis­trib­uted attacks, dis­trib­uted denial of ser­vice attacks in par­tic­u­lar. The Internet was built on a foun­da­tion of it works because every­body coop­er­ates and we all agree. And that was a great envi­ron­ment when you pret­ty much could name every­body who was on the Internet, or you got to where you could name all the sites and you know, you could name all the orga­ni­za­tions. And we very quick­ly grew out of that as we got into the 90s. It just became an unten­able sit­u­a­tion. And we haven’t changed that a great deal. The base­line pro­to­col, the Internet Protocol—IP—and TCP on top of that, you know, the Transmission Control Protocol, they’re all based on the idea that every­thing works because every­body just coop­er­ates. To the extent that even all of the rout­ing, all the net­works work because they all coop­er­ate in rout­ing and nobody tries to cheat. Again, every­thing works. 

But because there are not a lot of con­trols placed on those base­line pro­to­cols and those under­ly­ing lay­ers on which every­thing is built, there is still oppor­tu­ni­ty, and a lot of oppor­tu­ni­ty, for peo­ple to cheat and for mali­cious actors to do bad things. Which has hap­pened. Generally these things are noticed by the peo­ple who are prin­ci­pals who pay atten­tion to how their net­works and infra­struc­tures are oper­at­ing. But the fact that it can occur is real­ly an issue. You know, you have gov­ern­ments and nation-states that choose to take con­trol of their Internet from their pop­u­la­tion and things like that. 

So you know, my fear is mali­cious actors. Because there’s still too much oppor­tu­ni­ty, in my opin­ion, as some­one who’s been a secu­ri­ty tech­nol­o­gist for a long time, for them to abuse the net­work and do bad things and bring bad things to far too many people. 

My great­est hope is that we are final­ly begin­ning to see some growth in deploy­ment of DNS Security. The DNS is an infra­struc­ture pro­to­col. In today’s Internet, vir­tu­al­ly every­thing that you do depends on the DNS as an ordi­nary user. So your brows­er and every­thing that you do with your brows­er, and all of your appli­ca­tions that you use from your work and your employ­ment, they all depend on the DNS in one form or anoth­er. And DNS Security is in that sense a crit­i­cal infra­struc­ture pro­to­col, only one of the few, that the abil­i­ty to secure that and pro­tect it and ensure its integri­ty is a foun­da­tion on which you can build all kinds of things. And it sets you up for the oppor­tu­ni­ty to pro­vide not just a sta­ble but a secure Internet for every­thing, every­body, and for things to come that we haven’t even invent­ed yet. I mean, I spoke ear­li­er about my moti­va­tion for DNSSEC you know being indi­vid­ual users being able to put secu­ri­ty infor­ma­tion out there that can be used pro­tect com­mu­ni­ca­tion with them. That same kind of prin­ci­ple applies to appli­ca­tions and oth­er ser­vices. Because with DNS, it is the only globally-deployed infra­struc­ture pro­to­col that every­body uses. It’s very sim­ple. It’s just a lookup sys­tem. The idea of look­ing up secu­ri­ty tokens? You know, that would just be out­stand­ing. So my hope is that as we see more deploy­ment, we’ll begin to see more and more inter­est­ing ser­vices and func­tions built that will make the Internet a safe and secure place for everybody. 

Intertitle: Is there action that should be tak­en to ensure the best pos­si­ble future?

Galvin: One action in a larg­er con­text— I mean, tech­nol­o­gists will always build new tech­nolo­gies. So you’ll always have this arms race, is the col­lo­qui­al­ism for you know, the descrip­tion between the good actors and the bad actors. So, what­ev­er you do the bad actors will still find a way—eventually a way around it or through it or some­thing. But what we don’t do today as a soci­ety is gov­ern­ments are not as good, yet, about coop­er­at­ing to do things in an open and free way. And ensur­ing that they deploy tech­nolo­gies that enhance the secu­ri­ty and sta­bil­i­ty of the Internet. One of the things that the Internet does offer you is anonymi­ty, for exam­ple. But there’s a lot­ta data col­lec­tion that goes on in the Internet, and there’s a lot­ta cor­re­la­tion of all of that data which pre­vents you from hav­ing any kind of anonymi­ty or pseu­do­nymi­ty on the Internet. 

Now the down­side of offer­ing anonymi­ty and pseu­do­nymi­ty is the fact that you have to be able to pro­tect your­self from bad actors. And so, there are things that we need to do to pro­tect our­selves from bad actors that we’re not doing today. When I talked about the biggest threat fac­ing us and I talked about denial of ser­vice attacks, one of things that we don’t do in the Internet today glob­al­ly is be cer­tain of the ori­gin of infor­ma­tion as it flows around the Internet. There are tech­nolo­gies that have exist­ed for more than ten years. This is a known prob­lem that has a known solu­tion, and yet nobody wants to deploy it. And that’s because there’s no mech­a­nism for mak­ing that come into exis­tence. And I think there’s an oppor­tu­ni­ty for nation-states in par­tic­u­lar to require that we work togeth­er, require that the net­works with­in their sov­er­eign­ty and their rela­tion­ships with oth­ers, they work togeth­er to pro­tect each oth­er from things that cir­cu­late around the Internet that should­n’t be there. You know, check­ing the source of pack­ets that are flow­ing around and know­ing that they could have rea­son­ably come from where they say they’re com­ing from. I mean, that’s a dis­trib­uted denial of ser­vice attack, and that’s our biggest threat and I think that’s the action that we should look for­ward to. People need to talk about this and sit down and decide that they want to fix it.


Help Support Open Transcripts

If you found this useful or interesting, please consider supporting the project monthly at Patreon or once via Cash App, or even just sharing the link. Thanks.