You are currently browsing the The WING Blog blog archives for June, 2011.



Interesting debate: Should it matter where data is?

By Azer Bestavros

Google’s Chief Security Officer (yes, companies now have a CIO and a CSO), Eran Feigenbaum, stirred a debate recently when he questioned the obsession of the US (and other governments) about data sovereignty in outsourced environments. He is quoted as saying: “It is an old way of thinking. Professionals should worry about security and privacy of data, rather than where it is stored.”,google-who-cares-where-your-data-is.aspx

What do you think? Should it matter *where* data is stored (or for that matter where the pipes carrying it happen to be)? Assuming a cloud provider meets what it promises in its SLA (availability, persistence, proper authentication/encryption, etc.), can you think of vulnerabilities that necessiates that data resides on “American Soil”?

The other interesting statement by Google’s CSO regards the need for encryption of data at rest (i.e., on disk as opposed to end-to-end through an application):  “It is a false sense of security. Crypto people do a good job at cryptography, but a really bad job at key management.”



World IPv6 Day is next week.

By Mark Crovella

The last IPv4 addresses have been allocated by IANA.   It seems unavoidable that soon, some new hosts are going to need to be IPv6 only.

One set of stakeholders that have resisted IPv6 has been content providers.   Content providers have been concerned that if they enable IPv6, users with older software will not be able to access their sites, or will have poor performance.  This has lead to a “not me first!” attitude — a classic suboptimal Nash equilibrium in which no single content provider has incentive to switch, since they may lose customers to other providers.

An interesting experiment designed to break out of this suboptimal equilibrium is for all the parties to agree to a simultaneous switch of strategies.   That has led to “World IPv6 Day” — June 8 — in which most of the largest content providers will simultaneously enable IPv6 for one day, and “see what happens.”  The idea is that maybe IPv6 won’t be as bad as some people think, and even if there are problems, we might learn some things to help us address them.

Estimates are that roughly 0.05% of users could have difficulty accessing participating sites on this day.  In case you are concerned, Microsoft has a fix available here.

I won’t be online myself much that day.   But I would be very interested in any observations that anyone has about unusual Internet behavior that day!    Please comment if you notice anything interesting.