Kenya IGF 2010, Discussions :Day 4 of 8 Theme : Critical Internet Resources
Greetings All, As we continue with our online discussions, I would like to remind you that you can still post your belated remarks on the previous themes, just remember to click on the right subject/title. For the next two days (Thursday & Friday) we will be looking at Critical Internet Resources, Kenya perspective: 1) DNSSEC Definition: introduces security at the infrastructure level through a hierarchy of cryptographic signatures attached to the DNS records. Users are assured that the source of the data is verifiably the stated source, and the mapping of name to IP address is accurate. The stability, reliability and security of DNS data is paramount to any Top level domain (TLD) In non- technical terms, what is in it for Kenya? why should we discuss it? 2) IPV6 – Definition: is the culmination of over a decade's worth of work, mainly inspired by the IPV4 address* exhaustation *and is designed to enable the global expansion of the Internet.(http://www.afrinic.net/IPv6/) I would like us to delve into IPV6, discussions from two perspectives: a) Regulatory- Last year, there was a suggestion that KEBS or KRA should ensure that no hardware or software should be allowed into the country that is not IPV6 compliant. Any updates on that? Who should be in-charge? b) How prepared are we (Kenya) any statistics? Are there any benefits? What are they? In short the challenges and milestone. I hope that our responses will put Solomon’s mind to rest, as he rightfully asked on day 1: “One thing that I struggle to understand is IPV6. There are a number of essentials that will help the society fully migrate and adapt the IPV6 equipment. One thing that beats logic is how does one really know an equipment is IPV6 compliant? I posit this question because it emerged that all the so-called digital television in Kenya were not digital after all! “ Your thoughts, inputs, querries, comments, corrections are most welcome! Kind Regards, -- “To live is to choose. But to choose well, you must know who you are and what you stand for, where you want to go and why you want to get there.” Kofi Annan
Hi Judy, On Wed, Jul 7, 2010 at 7:48 PM, Judy Okite <judyokite@gmail.com> wrote:
Greetings All,
As we continue with our online discussions, I would like to remind you that you can still post your belated remarks on the previous themes, just remember to click on the right subject/title.
For the next two days (Thursday & Friday) we will be looking at Critical Internet Resources, Kenya perspective:
1) DNSSEC
Definition: introduces security at the infrastructure level through a hierarchy of cryptographic signatures attached to the DNS records. Users are assured that the source of the data is verifiably the stated source, and the mapping of name to IP address is accurate.
The stability, reliability and security of DNS data is paramount to any Top level domain (TLD)
In non- technical terms, what is in it for Kenya? why should we discuss it?
There is nothing in it for Kenya that does not hold true for Internet users from other nations. I really don't understand why we try to use a nation state POV in Internet Governance, it is not at all helpful IMHO. We should discuss it to make folk aware that it is there if they should choose to use it, but also to make them aware that if it is not implemented, then we are just using the current "vanilla" DNS. Some have thought that if the root zone is signed AND we do NOT implement DNSSEC, then we will be "offline".
2) IPV6 –
Definition: is the culmination of over a decade's worth of work, mainly inspired by the IPV4 address exhaustation and is designed to enable the global expansion of the Internet.(http://www.afrinic.net/IPv6/)
I would like us to delve into IPV6, discussions from two perspectives:
a) Regulatory-
Last year, there was a suggestion that KEBS or KRA should ensure that no hardware or software should be allowed into the country that is not IPV6 compliant.
Any updates on that? Who should be in-charge?
I am of the opinion that if a person or org wants to live in a v4 world, then a nation state sholdn't preclude them from doing that. Having said that, I think it would be useful to point out that most (if not all) kit imported (new and used) is either v6 ready or with a few software changes, can be made v6 ready.
b) How prepared are we (Kenya) any statistics?
http://www.sixxs.net/tools/grh/dfp/all/?country=ke Looks Like SafCom was routing their v6 for a day.
Are there any benefits? What are they?
with zero customer demand, it's hard to push a service.
In short the challenges and milestone.
Challenge: I challenge all listers to ask for native v6 service from their provider. Milestone: When everyone on this list has turned on Ipv6 on their Windows machines AND gotten a (free) IPv6 tunnel from a tunnel broker service, that will be a real Milestone. I did both of those things ~7 years ago. It's really not rocket science. -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel
Judy/McTim, thanx for this thread - particularly on IPv6. I particularly love this tool http://www.sixxs.net/tools/grh/dfp/all/?country=ke I sit on the both the Kenyan IPv6 Task Force and the AfriNIC Board and this tool just tells me how badly am doing on both accounts (it appears only UUNET seems to be on IPv6! Other providers including those with critical Kenyan resources KENIC, KIXP, KENET remain off IPv6 - Kiragu/Mich/Prof. Meoli is this really true?). It looks like Kenya (and Africa in general) does not need the new internet plaftorm (IPv6). And as the rest of the world moves forward, we sit and wait to complain later - that the rich West has yet again grabbed all the Internet Resources from the poor South... walu. --- On Thu, 7/8/10, McTim <dogwallah@gmail.com> wrote: From: McTim <dogwallah@gmail.com> Subject: Re: [kictanet] Kenya IGF 2010, Discussions :Day 4 of 8 Theme : Critical Internet Resources To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Thursday, July 8, 2010, 5:23 AM Hi Judy, On Wed, Jul 7, 2010 at 7:48 PM, Judy Okite <judyokite@gmail.com> wrote:
Greetings All,
As we continue with our online discussions, I would like to remind you that you can still post your belated remarks on the previous themes, just remember to click on the right subject/title.
For the next two days (Thursday & Friday) we will be looking at Critical Internet Resources, Kenya perspective:
1) DNSSEC
Definition: introduces security at the infrastructure level through a hierarchy of cryptographic signatures attached to the DNS records. Users are assured that the source of the data is verifiably the stated source, and the mapping of name to IP address is accurate.
The stability, reliability and security of DNS data is paramount to any Top level domain (TLD)
In non- technical terms, what is in it for Kenya? why should we discuss it?
There is nothing in it for Kenya that does not hold true for Internet users from other nations. I really don't understand why we try to use a nation state POV in Internet Governance, it is not at all helpful IMHO. We should discuss it to make folk aware that it is there if they should choose to use it, but also to make them aware that if it is not implemented, then we are just using the current "vanilla" DNS. Some have thought that if the root zone is signed AND we do NOT implement DNSSEC, then we will be "offline".
2) IPV6 –
Definition: is the culmination of over a decade's worth of work, mainly inspired by the IPV4 address exhaustation and is designed to enable the global expansion of the Internet.(http://www.afrinic.net/IPv6/)
I would like us to delve into IPV6, discussions from two perspectives:
a) Regulatory-
Last year, there was a suggestion that KEBS or KRA should ensure that no hardware or software should be allowed into the country that is not IPV6 compliant.
Any updates on that? Who should be in-charge?
I am of the opinion that if a person or org wants to live in a v4 world, then a nation state sholdn't preclude them from doing that. Having said that, I think it would be useful to point out that most (if not all) kit imported (new and used) is either v6 ready or with a few software changes, can be made v6 ready.
b) How prepared are we (Kenya) any statistics?
http://www.sixxs.net/tools/grh/dfp/all/?country=ke Looks Like SafCom was routing their v6 for a day.
Are there any benefits? What are they?
with zero customer demand, it's hard to push a service.
In short the challenges and milestone.
Challenge: I challenge all listers to ask for native v6 service from their provider. Milestone: When everyone on this list has turned on Ipv6 on their Windows machines AND gotten a (free) IPv6 tunnel from a tunnel broker service, that will be a real Milestone. I did both of those things ~7 years ago. It's really not rocket science. -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
Hi Walu, et al, Walubengo J wrote:
thanx for this thread - particularly on IPv6. I particularly love this tool http://www.sixxs.net/tools/grh/dfp/all/?country=ke
I sit on the both the Kenyan IPv6 Task Force and the AfriNIC Board and this tool just tells me how badly am doing on both accounts (it appears only UUNET seems to be on IPv6! Other providers including those with critical Kenyan resources KENIC, KIXP, KENET remain off IPv6 - Kiragu/Mich/Prof. Meoli is this really true?).
Not entirely. The Sixxs tool does not show prefixes that are not globally visible. IXP prefixes for that matter are not globally routed/announced hence they are not included. KIXP has been on IPv6 for a while now. FYI we have 6 members at KIXP peering on IPv6 4 of which are announcing a prefix to the IXP. A quick check on the Route-Server shows the following 3 /32s and 1 x /48 KenyaIX-RS-1#sh bgp ipv6 BGP table version is 141, local router ID is 198.32.143.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 2001:500:2F::/48 2001:43F8:60:1::125 0 0 33074 3557 i *> 2001:4238::/32 2001:43F8:60:1::72 0 21280 i *> 2001:4368::/32 2001:43F8:60:1::67 0 9129 i *> 2C0F:FE40::/32 2001:43F8:60:1::81 0 0 33770 i IMHO this is a good start since those behind this networks are already starting to gain operational experiences on IPV6. I would like to thank them for taking this initiative.
It looks like Kenya (and Africa in general) does not need the new internet plaftorm (IPv6). And as the rest of the world moves forward, we sit and wait to complain later - that the rich West has yet again grabbed all the Internet Resources from the poor South...
I know there are afew others on the way, the probably next question is why we are not seeing all the above prefixes announced globally. There could be a lot of other challenges including transit providers who dont have native v6. Asking an ISP to setup a tunnel is probably not the best way to going forward, but then its likely the only way if their upstream providers are yet to get v6 ready. FYI - the /48 IPV6 prefix is from the F-Root-Servers at KIXP. That means we already have some basic IPv6 services at the KIXP. It would also be good if KENIC can bring the IPv6 online for their services. Already some of their slave name-servers are on IPV6 which is a good start. 2 more cents :) Michuki.
Hi Judy, et al, McTim wrote:
1) DNSSEC
Definition: introduces security at the infrastructure level through a hierarchy of cryptographic signatures attached to the DNS records.
DNSSEC is Security Extensions of the DNS system (DNS protocol). Am not particularly in favor of using the terms infrastructure level since being a techie it means at layer 2.
The stability, reliability and security of DNS data is paramount to any Top level domain (TLD)
In non- technical terms, what is in it for Kenya? why should we discuss it?
There is nothing in it for Kenya that does not hold true for Internet users from other nations. I really don't understand why we try to use a nation state POV in Internet Governance, it is not at all helpful IMHO.
We should discuss it to make folk aware that it is there if they should choose to use it, but also to make them aware that if it is not implemented, then we are just using the current "vanilla" DNS. Some have thought that if the root zone is signed AND we do NOT implement DNSSEC, then we will be "offline".
With a significant push for online services mainly banks and e-Govt, i would want to believe that the recent phishing scams experienced by some of the local banks would be sufficient enough for this to be considered. Well if you may, let me indulge you with my personal experience with my bank regarding online transactions. My bank approached me with a new service called email authorization. Which means that i can send an email to authorize transactions from my account. Well as exciting as this may sound, i asked how would they be in a position to validate that am the sender. At that point the bank had no way to do so. All the same, i went ahead and said, i have a PGP key, would you be willing to exchange keys with me so that you have a way of validating that am the sender i.e encrypt my messages or digitally sign them for security purposes. At that point it was clear that such a feature did not exist. I have to give credit to my bank for taking the bold step of introducing such a service. I would however have been even more glad if they supported digital email signatures or PGP for email authorizations. But then again, how many people actually use this?.
2) IPV6 –
a) Regulatory-
Last year, there was a suggestion that KEBS or KRA should ensure that no hardware or software should be allowed into the country that is not IPV6 compliant.
Any updates on that? Who should be in-charge?
I am of the opinion that if a person or org wants to live in a v4 world, then a nation state sholdn't preclude them from doing that. Having said that, I think it would be useful to point out that most (if not all) kit imported (new and used) is either v6 ready or with a few software changes, can be made v6 ready.
My concerns is if a majority is buying from ISP lists (used hardware) the upgrade path to V6 is non-existent for some (because the are end of life products) or far too expensive to make a business case.
b) How prepared are we (Kenya) any statistics?
I challenge all listers to ask for native v6 service from their provider.
Milestone:
When everyone on this list has turned on Ipv6 on their Windows machines AND gotten a (free) IPv6 tunnel from a tunnel broker service, that will be a real Milestone. I did both of those things ~7 years ago. It's really not rocket science.
Maybe its a high time we changed the perception here. All users want is the "Internet" v4 or v6 thats not for them to care about. All i want is my internet to work period. If you think about it a significant number of us have one time or another used a USB Dongle for IP connectivity. This service often assigns IPs dynamically hence a significant percentage of subscribers will not have the interest to change the IP's if the "internet is working". Unless they are technically inclined and know what they need to do (read awareness). As such, making the providers understand the pros and cons of early adoption would be IMHO a more significant approach. The following are some of my opinions as to why early adoption maybe valuable to service providers. 1) Gain operational experience. - There's limited operational experience in the v6 world. As such the earlier you can get involved with it the better. This recent event titled Google IPv6 Implementors conference shed some light on what the early implementors experiences - http://sites.google.com/site/ipv6implementors/2010/agenda 2) With IPv6 resources currently free to all AfriNIC members, it probably worth acquiring the resources now to build that operational experience. There's a growing amount of content available on IPv6 and going forward building transition mechanisms (IPv4 to access IPv6 only content) will be adding significant costs and complexities on the network than having native IPv6 running. As such a phased adoption strategy/plan is more financially friendly than one thats driven by demand - as things cost alot more then. my 2 cents. Michuki.
Thanks Judy for bringing up an exciting discussion at least you brought on board the consumers albeit through friendly fire :-), @ Alex, even in Lancaster very few went but the benefits are there for all i am sure we are on the right track. @ Walu i suppose i agree with your sentiments the problem is the mentality, we are a copy paste society even though we are slowly moving out of this, i suppose the only way we can change is for the governmnet to recognize and reward innovation, we have made some attempts in this direction but the have not been very successfull, as a country we might need to review our strategy is so far as technologically inspired R&D is concerned, i had an opportunity to visit the University of Nairobi Labs one day and i was amazed at what was going on inside that building unfortunately brilliant ideas end in the lab since there is no one to expose them, i suppose we might need to review our approach towards technology incubators @ Mich you couldnt have put it in a better way, it will take a few daring organisations to help us cross over, as you have rightly mentioned all that Mwanainchi wants is stable secure and efficient Internet, however we need a people who will ensure that this is the case and congratulations for doing that alongside McTim, the KIXP team, Walu at Afrinic, CCK and Kenic, on another note i suppose CCK should include some of this terms in its consumer outreach programs to educate Mwanainchi starting at school level. On Thu, Jul 8, 2010 at 9:06 AM, Michuki Mwangi <michuki@swiftkenya.com>wrote:
Hi Judy, et al,
McTim wrote:
1) DNSSEC
Definition: introduces security at the infrastructure level through a hierarchy of cryptographic signatures attached to the DNS records.
DNSSEC is Security Extensions of the DNS system (DNS protocol). Am not particularly in favor of using the terms infrastructure level since being a techie it means at layer 2.
The stability, reliability and security of DNS data is paramount to any Top level domain (TLD)
In non- technical terms, what is in it for Kenya? why should we discuss it?
There is nothing in it for Kenya that does not hold true for Internet users from other nations. I really don't understand why we try to use a nation state POV in Internet Governance, it is not at all helpful IMHO.
We should discuss it to make folk aware that it is there if they should choose to use it, but also to make them aware that if it is not implemented, then we are just using the current "vanilla" DNS. Some have thought that if the root zone is signed AND we do NOT implement DNSSEC, then we will be "offline".
With a significant push for online services mainly banks and e-Govt, i would want to believe that the recent phishing scams experienced by some of the local banks would be sufficient enough for this to be considered.
Well if you may, let me indulge you with my personal experience with my bank regarding online transactions.
My bank approached me with a new service called email authorization. Which means that i can send an email to authorize transactions from my account. Well as exciting as this may sound, i asked how would they be in a position to validate that am the sender. At that point the bank had no way to do so.
All the same, i went ahead and said, i have a PGP key, would you be willing to exchange keys with me so that you have a way of validating that am the sender i.e encrypt my messages or digitally sign them for security purposes. At that point it was clear that such a feature did not exist.
I have to give credit to my bank for taking the bold step of introducing such a service. I would however have been even more glad if they supported digital email signatures or PGP for email authorizations. But then again, how many people actually use this?.
2) IPV6 –
a) Regulatory-
Last year, there was a suggestion that KEBS or KRA should ensure that no hardware or software should be allowed into the country that is not IPV6 compliant.
Any updates on that? Who should be in-charge?
I am of the opinion that if a person or org wants to live in a v4 world, then a nation state sholdn't preclude them from doing that. Having said that, I think it would be useful to point out that most (if not all) kit imported (new and used) is either v6 ready or with a few software changes, can be made v6 ready.
My concerns is if a majority is buying from ISP lists (used hardware) the upgrade path to V6 is non-existent for some (because the are end of life products) or far too expensive to make a business case.
b) How prepared are we (Kenya) any statistics?
I challenge all listers to ask for native v6 service from their provider.
Milestone:
When everyone on this list has turned on Ipv6 on their Windows machines AND gotten a (free) IPv6 tunnel from a tunnel broker service, that will be a real Milestone. I did both of those things ~7 years ago. It's really not rocket science.
Maybe its a high time we changed the perception here. All users want is the "Internet" v4 or v6 thats not for them to care about. All i want is my internet to work period. If you think about it a significant number of us have one time or another used a USB Dongle for IP connectivity. This service often assigns IPs dynamically hence a significant percentage of subscribers will not have the interest to change the IP's if the "internet is working". Unless they are technically inclined and know what they need to do (read awareness).
As such, making the providers understand the pros and cons of early adoption would be IMHO a more significant approach. The following are some of my opinions as to why early adoption maybe valuable to service providers.
1) Gain operational experience. - There's limited operational experience in the v6 world. As such the earlier you can get involved with it the better. This recent event titled Google IPv6 Implementors conference shed some light on what the early implementors experiences - http://sites.google.com/site/ipv6implementors/2010/agenda
2) With IPv6 resources currently free to all AfriNIC members, it probably worth acquiring the resources now to build that operational experience. There's a growing amount of content available on IPv6 and going forward building transition mechanisms (IPv4 to access IPv6 only content) will be adding significant costs and complexities on the network than having native IPv6 running. As such a phased adoption strategy/plan is more financially friendly than one thats driven by demand - as things cost alot more then.
my 2 cents.
Michuki.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: otieno.barrack@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail....
-- Barrack O. Otieno +41767892272 Skype: barrack.otieno
Dear All thanx McTim, Mwas, Walu, Barrack..... for your comments, thus far..... clearly, there are those things that we cannot explain in nontechnical terms....:-) and i understand that this a passion for some of us and hence we could use some very strong language.... my question is how can we change that? who should be worried about DNNSEC? and why are they not? IPV6- .we are not read or is it we are far from ready? who and what can we do? AfriNIC in Africa and KENIC in Kenya have had capacity building sessions on IPV6 have they yielded any results? queries, comments 'fires' -:) are welcome. Kind Regards, On Thu, Jul 8, 2010 at 10:30 AM, Barrack Otieno <otieno.barrack@gmail.com>wrote:
Thanks Judy for bringing up an exciting discussion at least you brought on board the consumers albeit through friendly fire :-), @ Alex, even in Lancaster very few went but the benefits are there for all i am sure we are on the right track. @ Walu i suppose i agree with your sentiments the problem is the mentality, we are a copy paste society even though we are slowly moving out of this, i suppose the only way we can change is for the governmnet to recognize and reward innovation, we have made some attempts in this direction but the have not been very successfull, as a country we might need to review our strategy is so far as technologically inspired R&D is concerned, i had an opportunity to visit the University of Nairobi Labs one day and i was amazed at what was going on inside that building unfortunately brilliant ideas end in the lab since there is no one to expose them, i suppose we might need to review our approach towards technology incubators @ Mich you couldnt have put it in a better way, it will take a few daring organisations to help us cross over, as you have rightly mentioned all that Mwanainchi wants is stable secure and efficient Internet, however we need a people who will ensure that this is the case and congratulations for doing that alongside McTim, the KIXP team, Walu at Afrinic, CCK and Kenic, on another note i suppose CCK should include some of this terms in its consumer outreach programs to educate Mwanainchi starting at school level.
On Thu, Jul 8, 2010 at 9:06 AM, Michuki Mwangi <michuki@swiftkenya.com>wrote:
Hi Judy, et al,
McTim wrote:
1) DNSSEC
Definition: introduces security at the infrastructure level through a hierarchy of cryptographic signatures attached to the DNS records.
DNSSEC is Security Extensions of the DNS system (DNS protocol). Am not particularly in favor of using the terms infrastructure level since being a techie it means at layer 2.
The stability, reliability and security of DNS data is paramount to any Top level domain (TLD)
In non- technical terms, what is in it for Kenya? why should we discuss it?
There is nothing in it for Kenya that does not hold true for Internet users from other nations. I really don't understand why we try to use a nation state POV in Internet Governance, it is not at all helpful IMHO.
We should discuss it to make folk aware that it is there if they should choose to use it, but also to make them aware that if it is not implemented, then we are just using the current "vanilla" DNS. Some have thought that if the root zone is signed AND we do NOT implement DNSSEC, then we will be "offline".
With a significant push for online services mainly banks and e-Govt, i would want to believe that the recent phishing scams experienced by some of the local banks would be sufficient enough for this to be considered.
Well if you may, let me indulge you with my personal experience with my bank regarding online transactions.
My bank approached me with a new service called email authorization. Which means that i can send an email to authorize transactions from my account. Well as exciting as this may sound, i asked how would they be in a position to validate that am the sender. At that point the bank had no way to do so.
All the same, i went ahead and said, i have a PGP key, would you be willing to exchange keys with me so that you have a way of validating that am the sender i.e encrypt my messages or digitally sign them for security purposes. At that point it was clear that such a feature did not exist.
I have to give credit to my bank for taking the bold step of introducing such a service. I would however have been even more glad if they supported digital email signatures or PGP for email authorizations. But then again, how many people actually use this?.
2) IPV6 –
a) Regulatory-
Last year, there was a suggestion that KEBS or KRA should ensure that no hardware or software should be allowed into the country that is not IPV6 compliant.
Any updates on that? Who should be in-charge?
I am of the opinion that if a person or org wants to live in a v4 world, then a nation state sholdn't preclude them from doing that. Having said that, I think it would be useful to point out that most (if not all) kit imported (new and used) is either v6 ready or with a few software changes, can be made v6 ready.
My concerns is if a majority is buying from ISP lists (used hardware) the upgrade path to V6 is non-existent for some (because the are end of life products) or far too expensive to make a business case.
b) How prepared are we (Kenya) any statistics?
I challenge all listers to ask for native v6 service from their provider.
Milestone:
When everyone on this list has turned on Ipv6 on their Windows machines AND gotten a (free) IPv6 tunnel from a tunnel broker service, that will be a real Milestone. I did both of those things ~7 years ago. It's really not rocket science.
Maybe its a high time we changed the perception here. All users want is the "Internet" v4 or v6 thats not for them to care about. All i want is my internet to work period. If you think about it a significant number of us have one time or another used a USB Dongle for IP connectivity. This service often assigns IPs dynamically hence a significant percentage of subscribers will not have the interest to change the IP's if the "internet is working". Unless they are technically inclined and know what they need to do (read awareness).
As such, making the providers understand the pros and cons of early adoption would be IMHO a more significant approach. The following are some of my opinions as to why early adoption maybe valuable to service providers.
1) Gain operational experience. - There's limited operational experience in the v6 world. As such the earlier you can get involved with it the better. This recent event titled Google IPv6 Implementors conference shed some light on what the early implementors experiences - http://sites.google.com/site/ipv6implementors/2010/agenda
2) With IPv6 resources currently free to all AfriNIC members, it probably worth acquiring the resources now to build that operational experience. There's a growing amount of content available on IPv6 and going forward building transition mechanisms (IPv4 to access IPv6 only content) will be adding significant costs and complexities on the network than having native IPv6 running. As such a phased adoption strategy/plan is more financially friendly than one thats driven by demand - as things cost alot more then.
my 2 cents.
Michuki.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: otieno.barrack@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail....
-- Barrack O. Otieno +41767892272 Skype: barrack.otieno
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: judyokite@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
-- “To live is to choose. But to choose well, you must know who you are and what you stand for, where you want to go and why you want to get there.” Kofi Annan
Listers, digging up some archives i am reliable informed that Afrinic has only allocated 36 % of its current IPv4 and below 1% of the IPv6 assignment. Walu could you please authenticate this figures since its your arena?, my concern is what is hindering service providers from applying for this resources from Afrinic. Digging further i notice the issue of the governmnet providing economic incentives to operators to deploy IPv6 and IPv4 resources, how can this be actualised and what will the outcome be, McTim, Mich on the spot... On Thu, Jul 8, 2010 at 11:06 AM, Judy Okite <judyokite@gmail.com> wrote:
Dear All
thanx McTim, Mwas, Walu, Barrack.....
for your comments, thus far.....
clearly, there are those things that we cannot explain in nontechnical terms....:-) and i understand that this a passion for some of us and hence we could use some very strong language....
my question is how can we change that?
who should be worried about DNNSEC? and why are they not?
IPV6- .we are not read or is it we are far from ready? who and what can we do?
AfriNIC in Africa and KENIC in Kenya have had capacity building sessions on IPV6 have they yielded any results?
queries, comments 'fires' -:) are welcome.
Kind Regards,
On Thu, Jul 8, 2010 at 10:30 AM, Barrack Otieno <otieno.barrack@gmail.com>wrote:
Thanks Judy for bringing up an exciting discussion at least you brought on board the consumers albeit through friendly fire :-), @ Alex, even in Lancaster very few went but the benefits are there for all i am sure we are on the right track. @ Walu i suppose i agree with your sentiments the problem is the mentality, we are a copy paste society even though we are slowly moving out of this, i suppose the only way we can change is for the governmnet to recognize and reward innovation, we have made some attempts in this direction but the have not been very successfull, as a country we might need to review our strategy is so far as technologically inspired R&D is concerned, i had an opportunity to visit the University of Nairobi Labs one day and i was amazed at what was going on inside that building unfortunately brilliant ideas end in the lab since there is no one to expose them, i suppose we might need to review our approach towards technology incubators @ Mich you couldnt have put it in a better way, it will take a few daring organisations to help us cross over, as you have rightly mentioned all that Mwanainchi wants is stable secure and efficient Internet, however we need a people who will ensure that this is the case and congratulations for doing that alongside McTim, the KIXP team, Walu at Afrinic, CCK and Kenic, on another note i suppose CCK should include some of this terms in its consumer outreach programs to educate Mwanainchi starting at school level.
On Thu, Jul 8, 2010 at 9:06 AM, Michuki Mwangi <michuki@swiftkenya.com>wrote:
Hi Judy, et al,
McTim wrote:
1) DNSSEC
Definition: introduces security at the infrastructure level through a hierarchy of cryptographic signatures attached to the DNS records.
DNSSEC is Security Extensions of the DNS system (DNS protocol). Am not particularly in favor of using the terms infrastructure level since being a techie it means at layer 2.
The stability, reliability and security of DNS data is paramount to any Top level domain (TLD)
In non- technical terms, what is in it for Kenya? why should we discuss it?
There is nothing in it for Kenya that does not hold true for Internet users from other nations. I really don't understand why we try to use a nation state POV in Internet Governance, it is not at all helpful IMHO.
We should discuss it to make folk aware that it is there if they should choose to use it, but also to make them aware that if it is not implemented, then we are just using the current "vanilla" DNS. Some have thought that if the root zone is signed AND we do NOT implement DNSSEC, then we will be "offline".
With a significant push for online services mainly banks and e-Govt, i would want to believe that the recent phishing scams experienced by some of the local banks would be sufficient enough for this to be considered.
Well if you may, let me indulge you with my personal experience with my bank regarding online transactions.
My bank approached me with a new service called email authorization. Which means that i can send an email to authorize transactions from my account. Well as exciting as this may sound, i asked how would they be in a position to validate that am the sender. At that point the bank had no way to do so.
All the same, i went ahead and said, i have a PGP key, would you be willing to exchange keys with me so that you have a way of validating that am the sender i.e encrypt my messages or digitally sign them for security purposes. At that point it was clear that such a feature did not exist.
I have to give credit to my bank for taking the bold step of introducing such a service. I would however have been even more glad if they supported digital email signatures or PGP for email authorizations. But then again, how many people actually use this?.
2) IPV6 –
a) Regulatory-
Last year, there was a suggestion that KEBS or KRA should ensure that no hardware or software should be allowed into the country that is not IPV6 compliant.
Any updates on that? Who should be in-charge?
I am of the opinion that if a person or org wants to live in a v4 world, then a nation state sholdn't preclude them from doing that. Having said that, I think it would be useful to point out that most (if not all) kit imported (new and used) is either v6 ready or with a few software changes, can be made v6 ready.
My concerns is if a majority is buying from ISP lists (used hardware) the upgrade path to V6 is non-existent for some (because the are end of life products) or far too expensive to make a business case.
b) How prepared are we (Kenya) any statistics?
I challenge all listers to ask for native v6 service from their provider.
Milestone:
When everyone on this list has turned on Ipv6 on their Windows machines AND gotten a (free) IPv6 tunnel from a tunnel broker service, that will be a real Milestone. I did both of those things ~7 years ago. It's really not rocket science.
Maybe its a high time we changed the perception here. All users want is the "Internet" v4 or v6 thats not for them to care about. All i want is my internet to work period. If you think about it a significant number of us have one time or another used a USB Dongle for IP connectivity. This service often assigns IPs dynamically hence a significant percentage of subscribers will not have the interest to change the IP's if the "internet is working". Unless they are technically inclined and know what they need to do (read awareness).
As such, making the providers understand the pros and cons of early adoption would be IMHO a more significant approach. The following are some of my opinions as to why early adoption maybe valuable to service providers.
1) Gain operational experience. - There's limited operational experience in the v6 world. As such the earlier you can get involved with it the better. This recent event titled Google IPv6 Implementors conference shed some light on what the early implementors experiences - http://sites.google.com/site/ipv6implementors/2010/agenda
2) With IPv6 resources currently free to all AfriNIC members, it probably worth acquiring the resources now to build that operational experience. There's a growing amount of content available on IPv6 and going forward building transition mechanisms (IPv4 to access IPv6 only content) will be adding significant costs and complexities on the network than having native IPv6 running. As such a phased adoption strategy/plan is more financially friendly than one thats driven by demand - as things cost alot more then.
my 2 cents.
Michuki.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: otieno.barrack@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail....
-- Barrack O. Otieno +41767892272 Skype: barrack.otieno
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: judyokite@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
-- “To live is to choose. But to choose well, you must know who you are and what you stand for, where you want to go and why you want to get there.” Kofi Annan
-- Barrack O. Otieno +41767892272 Skype: barrack.otieno
@ Judy let me attempt this DNSsec issue, i remember being Michs student at some point this year and we were taught that the successfull deployment of IPv6, secure DNS and secure routing will improve the security of the internets core infrastructure (difficult stuff but i passed the Kenyan style). during the training session organised just before the ICANN meeting in Nairobi i also realised that deployment of this technologies raises significant challenges to stakeholders , operations and comes along with governance issues hence the need for various actors to be involved since this are the technical foundations that ensure continued growth of the global internet. Sorry if i sounded technical someone else can break it down further On Thu, Jul 8, 2010 at 11:06 AM, Judy Okite <judyokite@gmail.com> wrote:
Dear All
thanx McTim, Mwas, Walu, Barrack.....
for your comments, thus far.....
clearly, there are those things that we cannot explain in nontechnical terms....:-) and i understand that this a passion for some of us and hence we could use some very strong language....
my question is how can we change that?
who should be worried about DNNSEC? and why are they not?
IPV6- .we are not read or is it we are far from ready? who and what can we do?
AfriNIC in Africa and KENIC in Kenya have had capacity building sessions on IPV6 have they yielded any results?
queries, comments 'fires' -:) are welcome.
Kind Regards,
On Thu, Jul 8, 2010 at 10:30 AM, Barrack Otieno <otieno.barrack@gmail.com>wrote:
Thanks Judy for bringing up an exciting discussion at least you brought on board the consumers albeit through friendly fire :-), @ Alex, even in Lancaster very few went but the benefits are there for all i am sure we are on the right track. @ Walu i suppose i agree with your sentiments the problem is the mentality, we are a copy paste society even though we are slowly moving out of this, i suppose the only way we can change is for the governmnet to recognize and reward innovation, we have made some attempts in this direction but the have not been very successfull, as a country we might need to review our strategy is so far as technologically inspired R&D is concerned, i had an opportunity to visit the University of Nairobi Labs one day and i was amazed at what was going on inside that building unfortunately brilliant ideas end in the lab since there is no one to expose them, i suppose we might need to review our approach towards technology incubators @ Mich you couldnt have put it in a better way, it will take a few daring organisations to help us cross over, as you have rightly mentioned all that Mwanainchi wants is stable secure and efficient Internet, however we need a people who will ensure that this is the case and congratulations for doing that alongside McTim, the KIXP team, Walu at Afrinic, CCK and Kenic, on another note i suppose CCK should include some of this terms in its consumer outreach programs to educate Mwanainchi starting at school level.
On Thu, Jul 8, 2010 at 9:06 AM, Michuki Mwangi <michuki@swiftkenya.com>wrote:
Hi Judy, et al,
McTim wrote:
1) DNSSEC
Definition: introduces security at the infrastructure level through a hierarchy of cryptographic signatures attached to the DNS records.
DNSSEC is Security Extensions of the DNS system (DNS protocol). Am not particularly in favor of using the terms infrastructure level since being a techie it means at layer 2.
The stability, reliability and security of DNS data is paramount to any Top level domain (TLD)
In non- technical terms, what is in it for Kenya? why should we discuss it?
There is nothing in it for Kenya that does not hold true for Internet users from other nations. I really don't understand why we try to use a nation state POV in Internet Governance, it is not at all helpful IMHO.
We should discuss it to make folk aware that it is there if they should choose to use it, but also to make them aware that if it is not implemented, then we are just using the current "vanilla" DNS. Some have thought that if the root zone is signed AND we do NOT implement DNSSEC, then we will be "offline".
With a significant push for online services mainly banks and e-Govt, i would want to believe that the recent phishing scams experienced by some of the local banks would be sufficient enough for this to be considered.
Well if you may, let me indulge you with my personal experience with my bank regarding online transactions.
My bank approached me with a new service called email authorization. Which means that i can send an email to authorize transactions from my account. Well as exciting as this may sound, i asked how would they be in a position to validate that am the sender. At that point the bank had no way to do so.
All the same, i went ahead and said, i have a PGP key, would you be willing to exchange keys with me so that you have a way of validating that am the sender i.e encrypt my messages or digitally sign them for security purposes. At that point it was clear that such a feature did not exist.
I have to give credit to my bank for taking the bold step of introducing such a service. I would however have been even more glad if they supported digital email signatures or PGP for email authorizations. But then again, how many people actually use this?.
2) IPV6 –
a) Regulatory-
Last year, there was a suggestion that KEBS or KRA should ensure that no hardware or software should be allowed into the country that is not IPV6 compliant.
Any updates on that? Who should be in-charge?
I am of the opinion that if a person or org wants to live in a v4 world, then a nation state sholdn't preclude them from doing that. Having said that, I think it would be useful to point out that most (if not all) kit imported (new and used) is either v6 ready or with a few software changes, can be made v6 ready.
My concerns is if a majority is buying from ISP lists (used hardware) the upgrade path to V6 is non-existent for some (because the are end of life products) or far too expensive to make a business case.
b) How prepared are we (Kenya) any statistics?
I challenge all listers to ask for native v6 service from their provider.
Milestone:
When everyone on this list has turned on Ipv6 on their Windows machines AND gotten a (free) IPv6 tunnel from a tunnel broker service, that will be a real Milestone. I did both of those things ~7 years ago. It's really not rocket science.
Maybe its a high time we changed the perception here. All users want is the "Internet" v4 or v6 thats not for them to care about. All i want is my internet to work period. If you think about it a significant number of us have one time or another used a USB Dongle for IP connectivity. This service often assigns IPs dynamically hence a significant percentage of subscribers will not have the interest to change the IP's if the "internet is working". Unless they are technically inclined and know what they need to do (read awareness).
As such, making the providers understand the pros and cons of early adoption would be IMHO a more significant approach. The following are some of my opinions as to why early adoption maybe valuable to service providers.
1) Gain operational experience. - There's limited operational experience in the v6 world. As such the earlier you can get involved with it the better. This recent event titled Google IPv6 Implementors conference shed some light on what the early implementors experiences - http://sites.google.com/site/ipv6implementors/2010/agenda
2) With IPv6 resources currently free to all AfriNIC members, it probably worth acquiring the resources now to build that operational experience. There's a growing amount of content available on IPv6 and going forward building transition mechanisms (IPv4 to access IPv6 only content) will be adding significant costs and complexities on the network than having native IPv6 running. As such a phased adoption strategy/plan is more financially friendly than one thats driven by demand - as things cost alot more then.
my 2 cents.
Michuki.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: otieno.barrack@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail....
-- Barrack O. Otieno +41767892272 Skype: barrack.otieno
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: judyokite@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
-- “To live is to choose. But to choose well, you must know who you are and what you stand for, where you want to go and why you want to get there.” Kofi Annan
-- Barrack O. Otieno +41767892272 Skype: barrack.otieno
Policy on IPV6 would come in handy. Assume that one day we wake up, and there are no more public IPV4 to allocate, yet our companies and government agencies are stuck with IPV4 hardware. According to AFRINIC, we only have like 370 days to exhaustion of IPV4. We are coming to an era where all appliances home and industrial will be IP based. I dream of a day when I will turn on my home alarm from the office, or when I will turn off the fridge from another country. @Barrack, you are right by calling us names "A copy paste society" J. But don’t forget the East achieved innovation and growth by first realizing that "imitate then innovate" is just as good. Ask Tata motors who now own big brands like Land Rover. Isaac Newton put it correctly, " If I have seen further it is by standing on the shoulders of Giants. ". On us being a copy paste society, you realize the problems we face, struggling with the basic essentials of life, that being food, health, and shelter, and also the mediocrity of our politicians that filters through to the down trodden. Congratulations to the relevant Kenyan Ministries of Technology which have really endeavored to be being abreast with changing trends in the tech field despite the many challenges we face. On innovation, our universities and institutes have outdates labs, and teach outdated subject that were copy pasted some years back from the west. Solutions to these problems have to be found. As much as Muchuki has put a good effort in explaining the update of IPV6 in Kenya, we are far behind our Brothers in South Africa as shown http://www.sixxs.net/tools/grh/dfp/all/?country=za Early adoption of IPV6 would help us learn and get experience on the various services and innovation that we can implement on the new IP scheme. We don’t want to be struggling with implementing IPV6 systems decades down the line after the west are comfortably using theirs. Michuki put it correctly, we need the experience of using the new scheme, not just the theory we learn in Cisco classes. And experience can only be achieved by implementation DNSSEC signing of the root domain server will surely improve cyber security. We all know DNSSEC has been adopted by Internet Society through the isoc.orgdomain, and the Public Interest Registry also announced that the entire .org domain is now running on DNSSEC. In the KENIC AGM, the Chairman Mr Burachara hinted that they are exploring DNSSEC, with an aim of implementing it. Maybe the Chairman or Joe can clarify further Some social complexities of DNSSEC according to http://epic.org/privacy/dnssec/ have been identified 1. The DNS system consists of both resolvers (find the DNS data for a DNS name) and hosts (those that publish DNS data for a domain name). The pilot in Sweden has shown that DNSSEC is only of value when both the hosts and resolvers deploy 2. The implementation of DNSSEC has proven to be pricely and it is difficult to develop a viable business model and pricing strategy. Sweden proposed a skimming strategy: setting the price high and lowering it to increase demand. Regards Mwendwa Kivuva ______________________ transworldAfrica.com | Fluent in computing transworldAfrica.com/domain | The ALL powerful domain search tool kenya.or.ke | The Kenya we know oneshop.biz | Open for business biblia.kenya.or.ke | A verse a day
Lord Mwesh, I am amazed at your mastery of the dynamics associated with IPV6, DNS Sec and the future of the industry, considering that this is coming from the youth, the future is certainly bright :-). I apologise to listers for using the wrong language it was inadvertent, maybe there is some sense, you are certainly on the spot we have no excuse to be left behind by the developed world. On Thu, Jul 8, 2010 at 12:15 PM, lordmwesh <lordmwesh@gmail.com> wrote:
Policy on IPV6 would come in handy. Assume that one day we wake up, and there are no more public IPV4 to allocate, yet our companies and government agencies are stuck with IPV4 hardware. According to AFRINIC, we only have like 370 days to exhaustion of IPV4. We are coming to an era where all appliances home and industrial will be IP based. I dream of a day when I will turn on my home alarm from the office, or when I will turn off the fridge from another country.
@Barrack, you are right by calling us names "A copy paste society" J. But don’t forget the East achieved innovation and growth by first realizing that "imitate then innovate" is just as good. Ask Tata motors who now own big brands like Land Rover. Isaac Newton put it correctly, " If I have seen further it is by standing on the shoulders of Giants. ". On us being a copy paste society, you realize the problems we face, struggling with the basic essentials of life, that being food, health, and shelter, and also the mediocrity of our politicians that filters through to the down trodden. Congratulations to the relevant Kenyan Ministries of Technology which have really endeavored to be being abreast with changing trends in the tech field despite the many challenges we face. On innovation, our universities and institutes have outdates labs, and teach outdated subject that were copy pasted some years back from the west. Solutions to these problems have to be found.
As much as Muchuki has put a good effort in explaining the update of IPV6 in Kenya, we are far behind our Brothers in South Africa as shown http://www.sixxs.net/tools/grh/dfp/all/?country=za
Early adoption of IPV6 would help us learn and get experience on the various services and innovation that we can implement on the new IP scheme. We don’t want to be struggling with implementing IPV6 systems decades down the line after the west are comfortably using theirs. Michuki put it correctly, we need the experience of using the new scheme, not just the theory we learn in Cisco classes. And experience can only be achieved by implementation
DNSSEC signing of the root domain server will surely improve cyber security. We all know DNSSEC has been adopted by Internet Society through the isoc.org domain, and the Public Interest Registry also announced that the entire .org domain is now running on DNSSEC. In the KENIC AGM, the Chairman Mr Burachara hinted that they are exploring DNSSEC, with an aim of implementing it. Maybe the Chairman or Joe can clarify further
Some social complexities of DNSSEC according to http://epic.org/privacy/dnssec/ have been identified
1. The DNS system consists of both resolvers (find the DNS data for a DNS name) and hosts (those that publish DNS data for a domain name). The pilot in Sweden has shown that DNSSEC is only of value when both the hosts and resolvers deploy 2. The implementation of DNSSEC has proven to be pricely and it is difficult to develop a viable business model and pricing strategy. Sweden proposed a skimming strategy: setting the price high and lowering it to increase demand.
Regards Mwendwa Kivuva ______________________ transworldAfrica.com | Fluent in computing transworldAfrica.com/domain | The ALL powerful domain search tool kenya.or.ke | The Kenya we know oneshop.biz | Open for business biblia.kenya.or.ke | A verse a day
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: otieno.barrack@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail....
-- Barrack O. Otieno +41767892272 Skype: barrack.otieno
On Thu, Jul 8, 2010 at 6:15 AM, lordmwesh <lordmwesh@gmail.com> wrote:
Policy on IPV6 would come in handy.
We have a Pan-African IPv6 policy. You can read it here: http://www.afrinic.net/docs/policies/AFPUB-2004-v6-001.htm Assume that one day we wake up, and
there are no more public IPV4 to allocate, yet our companies and government agencies are stuck with IPV4 hardware.
Unless their kit is like 15 years old, then this is not the case. All *Nix boes, Apple, and Windows (NT and after IIRC) are v6 ready. It's the CPEs/home routers that we need to be concerned about. Many are not v6 compatible. Doesn't matter where you are in the world. According to AFRINIC, we only have
like 370 days to exhaustion of IPV4.
Well, what does that mean? It means that IANA will have no more /8s of v4 to allocate to RIRs. AfriNIC will have v4 for at least another year after that.
@Barrack, you are right by calling us names "A copy paste society" J. But don’t forget the East achieved innovation and growth by first realizing that "imitate then innovate" is just as good. Ask Tata motors who now own big brands like Land Rover.
TATA also run SEACOM and have a PoP in KE.
Congratulations to the relevant Kenyan Ministries of Technology which have really endeavored to be being abreast with changing trends in the tech field despite the many challenges we face. On innovation, our universities and institutes have outdates labs, and teach outdated subject that were copy pasted some years back from the west. Solutions to these problems have to be found.
KENET is implementing v6 across its network, no?
As much as Muchuki has put a good effort in explaining the update of IPV6 in Kenya, we are far behind our Brothers in South Africa as shown http://www.sixxs.net/tools/grh/dfp/all/?country=za
as expected..they are a bigger market and have more engineers to do things like deploy v6.
Early adoption of IPV6 would help us learn and get experience on the various services and innovation that we can implement on the new IP scheme.
"early adoption" would have been done a decade ago. We don’t
want to be struggling with implementing IPV6 systems decades down the line after the west are comfortably using theirs.
Not to worry, the West will implement v6 pole pole, just like KE. Michuki put it correctly, we
need the experience of using the new scheme, not just the theory we learn in Cisco classes. And experience can only be achieved by implementation
that's right, have you dual stacked your network? Maybe we should have a competition amongst network operators?
DNSSEC signing of the root domain server will surely improve cyber security.
only if your nameserver uses DNSSEC.
Some social complexities of DNSSEC according to http://epic.org/privacy/dnssec/ have been identified
a page that has a misleading headline of "Google Expands Control of Internet Architecture:" leads me to think twice about their perspective.
The DNS system consists of both resolvers (find the DNS data for a DNS name) and hosts (those that publish DNS data for a domain name).
hmmm, I would say there are resolvers and other nameservers, not hosts. The pilot in
Sweden has shown that DNSSEC is only of value when both the hosts and resolvers deploy
of course, all links in the chain MUST speak DNSSEC. @Walu: Dude, It';s not your fault, and it's not the fault of AfriNIC/Kenyan IPv6 Task Force. If ISPs don't use v6 it's becasue there is no DEMAND for it (yet). Customers create demand, the GoK could mandate v6 connectivity in all their contracts with ISPs, starting with KT/Oranje running their fiber net. I think your being a bit paranoid about the rich world here....It is not possible for the well off to "grab all the Internet Resources from the poor South...". You shold know this, and being part of the Board of the NIC, you should fight this kind of misperception, not perpetuate it!! -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel
Dear McTim, thank you, for youre insightful thoughts..... if I read you correct....is that Kenya is where it is regarding to IPV6, because of lack of Knowledge or Capacity? e.g we do have engineers- so that shouldn't be the reason why SA is ahead of us in terms of deployment, right? Kind Regards, On Thu, Jul 8, 2010 at 7:08 PM, McTim <dogwallah@gmail.com> wrote:
On Thu, Jul 8, 2010 at 6:15 AM, lordmwesh <lordmwesh@gmail.com> wrote:
Policy on IPV6 would come in handy.
We have a Pan-African IPv6 policy. You can read it here:
http://www.afrinic.net/docs/policies/AFPUB-2004-v6-001.htm
Assume that one day we wake up, and
there are no more public IPV4 to allocate, yet our companies and government agencies are stuck with IPV4 hardware.
Unless their kit is like 15 years old, then this is not the case. All *Nix boes, Apple, and Windows (NT and after IIRC) are v6 ready.
It's the CPEs/home routers that we need to be concerned about. Many are not v6 compatible. Doesn't matter where you are in the world.
According to AFRINIC, we only have
like 370 days to exhaustion of IPV4.
Well, what does that mean? It means that IANA will have no more /8s of v4 to allocate to RIRs. AfriNIC will have v4 for at least another year after that.
@Barrack, you are right by calling us names "A copy paste society" J. But don’t forget the East achieved innovation and growth by first realizing that "imitate then innovate" is just as good. Ask Tata motors who now own big brands like Land Rover.
TATA also run SEACOM and have a PoP in KE.
Congratulations to the relevant Kenyan Ministries of Technology which have really endeavored to be being abreast with changing trends in the tech field despite the many challenges we face. On innovation, our universities and institutes have outdates labs, and teach outdated subject that were copy pasted some years back from the west. Solutions to these problems have to be found.
KENET is implementing v6 across its network, no?
As much as Muchuki has put a good effort in explaining the update of IPV6
in
Kenya, we are far behind our Brothers in South Africa as shown http://www.sixxs.net/tools/grh/dfp/all/?country=za
as expected..they are a bigger market and have more engineers to do things like deploy v6.
Early adoption of IPV6 would help us learn and get experience on the
various
services and innovation that we can implement on the new IP scheme.
"early adoption" would have been done a decade ago.
want to be struggling with implementing IPV6 systems decades down the
We don’t line
after the west are comfortably using theirs.
Not to worry, the West will implement v6 pole pole, just like KE.
Michuki put it correctly, we
need the experience of using the new scheme, not just the theory we learn in Cisco classes. And experience can only be achieved by implementation
that's right, have you dual stacked your network? Maybe we should have a competition amongst network operators?
DNSSEC signing of the root domain server will surely improve cyber
security.
only if your nameserver uses DNSSEC.
Some social complexities of DNSSEC according to http://epic.org/privacy/dnssec/ have been identified
a page that has a misleading headline of "Google Expands Control of Internet Architecture:" leads me to think twice about their perspective.
The DNS system consists of both resolvers (find the DNS data for a DNS
name)
and hosts (those that publish DNS data for a domain name).
hmmm, I would say there are resolvers and other nameservers, not hosts.
The pilot in
Sweden has shown that DNSSEC is only of value when both the hosts and resolvers deploy
of course, all links in the chain MUST speak DNSSEC.
@Walu: Dude, It';s not your fault, and it's not the fault of AfriNIC/Kenyan IPv6 Task Force. If ISPs don't use v6 it's becasue there is no DEMAND for it (yet). Customers create demand, the GoK could mandate v6 connectivity in all their contracts with ISPs, starting with KT/Oranje running their fiber net.
I think your being a bit paranoid about the rich world here....It is not possible for the well off to "grab all the Internet Resources from the poor South...". You shold know this, and being part of the Board of the NIC, you should fight this kind of misperception, not perpetuate it!!
-- Cheers,
McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: judyokite@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
-- “To live is to choose. But to choose well, you must know who you are and what you stand for, where you want to go and why you want to get there.” Kofi Annan
On Thu, Jul 8, 2010 at 12:43 PM, Judy Okite <judyokite@gmail.com> wrote:
Dear McTim, thank you, for youre insightful thoughts.....
You are Welcome ;-)
if I read you correct....is that Kenya is where it is regarding to IPV6, because of lack of Knowledge or Capacity?
no, it's largely becasue there are no customers who want/need it.
e.g we do have engineers- so that shouldn't be the reason why SA is ahead of us in terms of deployment, right?
well, they have more engineers, and therefore more folk who can learn/have learned how to deploy v6. They are a bigger market, and will always be AFAICS. All it takes is one engineer with a bit of clue, some time, and support from above (suits who count the beans). -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel
I need enlightenment from those who are well versed with IPV6, apart from icreasing the number of devices that are publicly accessible, i.e. Public IP space, are there other special applications and innovations for IPV6 that IPV4 doesn't support? On 7/8/10, McTim <dogwallah@gmail.com> wrote:
On Thu, Jul 8, 2010 at 12:43 PM, Judy Okite <judyokite@gmail.com> wrote:
Dear McTim, thank you, for youre insightful thoughts.....
You are Welcome ;-)
if I read you correct....is that Kenya is where it is regarding to IPV6, because of lack of Knowledge or Capacity?
no, it's largely becasue there are no customers who want/need it.
e.g we do have engineers- so that shouldn't be the reason why SA is ahead of us in terms of deployment, right?
well, they have more engineers, and therefore more folk who can learn/have learned how to deploy v6. They are a bigger market, and will always be AFAICS. All it takes is one engineer with a bit of clue, some time, and support from above (suits who count the beans).
-- Cheers,
McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: Lordmwesh@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/lordmwesh%40gmail.com
-- ______________________ transworldAfrica.com | Fluent in computing transworldAfrica.com/domain | The ALL powerful domain search tool kenya.or.ke | The Kenya we know
On Thu, Jul 8, 2010 at 1:29 PM, lordmwesh <lordmwesh@gmail.com> wrote:
I need enlightenment from those who are well versed with IPV6, apart from icreasing the number of devices that are publicly accessible, i.e. Public IP space, are there other special applications and innovations for IPV6 that IPV4 doesn't support?
Yes, in theory, which is why the 2 are not compatible. Very few network are putting all the v6 bells n whistles into practice however. Look at the headers and you will see the diff. BTW, I just got the below on afriv6-discuss, would be useful if someone makes a similar move in Africa: PRESS RELEASE July 8, 2010, 10:36 a.m. EDT · Recommend · Post: http://i.marketwatch.com/MW5/content/Story/Images/icon-facebook.gif http://i.marketwatch.com/MW5/content/Story/Images/icon-twitter.gif Qwest Addresses Explosive Internet Growth with Dedicated IPv6 Internet Address Government and Business Customers Now Benefit from Enhanced End-to-End Security http://i.marketwatch.com/MW5/content/story/images/PR-Logo-Businesswire.gif DENVER, Jul 08, 2010 (BUSINESS WIRE) -- To stay ahead of the Internet's explosive growth, Qwest Communications (Q 5.36, +0.01, +0.09%) today announced it is offering public and private Internet Protocol Version 6 (IPv6) addresses to its government and business customers. Now Qwest iQ(R) Networking service customers can take advantage of IPv6's built-in security measures and options, as well as a near-endless supply of IP addresses. This morning, Qwest chairman and chief executive officer Ed Mueller announced the new IPv6 functionality during a keynote address at the Cybersecurity Symposium 2010 conference hosted by the Armed Forces Communications and Electronics Association (AFCEA) in Washington, D.C.. Mueller also is the current chairman of the National Security Telecommunications Advisory Committee (NSTAC). KEY FACTS -- Qwest offers transition paths so customers can use the next generation of addressing protocol to run both IPv4 and/or IPv6 addresses via either: -- Dual Stack approach which offers the ability to run both IPv4 and IPv6 so customers may transition over time and with ease; or -- Native IPv6 which allows Qwest customers to adapt to the next-generation IP protocol as they build new locations and bring on new sites and devices. -- IPv4 has a limit of approximately 4 billion serviceable IP addresses that will exhaust in 2011 as the current pool of available IPv4 addresses dwindles to approximately 600 million, according to the Internet Assigned Numbers Authority. However, IPv6 is nearly inexhaustible (128 bits -- 2 to the 128th power). -- With native IPv6, Qwest business and government customers no longer need to use Network Address Translation (NAT), making configuration of complex networks simpler while providing simpler connectivity between peer-to-peer networks for highly secure end-to-end connectivity. -- Through the Qwest Control dashboard, iQ(R) Networking service customers can view their new IPv6 addresses, take advantage of trouble ticketing and repair functions and create reports. Qwest iQ(R) Networking service is a reliable and dedicated Internet access service over the advanced Qwest 10 Gig backbone, one of the most sophisticated networks available. -- To participate in the federal government's Networx program, the largest communications services contract in the world, Qwest was certified to offer both IPv4 and IPv6 capability and public and private network native IPv6 connectivity. In June, Qwest announced compliance with the requirements for offering Most Trusted Internet Protocol Services (MTIPS) to federal agencies under the Networx contracts. Qwest provides its MTIPS Internet security solution in a cloud-based environment to secure federal government agencies' external access points to the Internet. SUPPORTING QUOTE Pieter Poll, Qwest chief technology officer "Qwest has long supported the federal government's focus on cyber security. We have worked actively with government and industry on issues associated with protecting networks and the information that flows through them. By offering the next-generation security that is baked into dedicated IPv6 addressing, Qwest is doing its part to provide government and business customers with the most advanced Internet security that is available." SUPPORTING RESOURCES -- News Release: Qwest MTIPS Approved for Meeting OMB Directive to Secure Internet Access; Federal Agencies Must Select Vendor, Place MTIPS Orders by Aug. 31, 2010 About Qwest Business Qwest Business is a choice of 95 percent of Fortune 500 companies, offering a comprehensive portfolio of data and voice networking communications solutions to enterprises, government agencies and educational institutions of all sizes. The Qwest network backbone covers the entire continental United States and has one of the largest fiber footprints in the U.S., capable of supporting 40 Gbps data transmission rates now and 100 Gbps soon. Go to Qwest.com/business to see why enterprises coast-to-coast rely on Qwest for first-class communications solutions and to learn more about Qwest's commitment to perfecting the customer experience. The marks that comprise the Qwest logo are registered trademarks of Qwest Communications International Inc. in the U.S. and certain other countries. SOURCE: Qwest Communications -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel
I need enlightenment from those who are well versed with IPV6, apart from icreasing the number of devices that are publicly accessible, i.e. Public IP space, are there other special applications and innovations for IPV6 that IPV4 doesn't support? -- ______________________ transworldAfrica.com | Fluent in computing transworldAfrica.com/domain | The ALL powerful domain search tool kenya.or.ke | The Kenya we know
participants (6)
-
Barrack Otieno -
Judy Okite -
lordmwesh -
McTim -
Michuki Mwangi -
Walubengo J