[From the sandbox] "Isolation of the Runet" or "Sovereign Internet"

[From the sandbox] "Isolation of the Runet" or "Sovereign Internet"


image finally signed law on the “sovereign Internet”, but experts almost immediately dubbed it the isolation of the Russian Internet segment so from what? (simple language)

The article pursues the goal of generally informing Internet users without immersion in excessive jungle and abstruse terminology. The article explains for many simple things, but for many it does not mean - for everyone. And also dispel the myth of the political component of the criticism of this law.

How does the Internet work?


Let's start with the basics. The Internet consists of clients, routers and infrastructure, works through the IP protocol.

image
(the v4 address is as follows: 0-255.0-255.0-255.0-255)

Clients are the user computers themselves, the one behind which you sit and read this article. They have a connection with neighboring (directly connected) routers. Clients send data to the address or range of addresses of other clients.

Routers — Connected to neighboring routers and can be connected to neighboring clients. They do not have their own unique (for redirection only) IP addresses, but are responsible for a whole range of addresses. Their task is to determine if they have clients with the requested address or to send data to other routers, here they also need to determine which of the neighbors is responsible for the required range of addresses.

Routers can stand at different levels: the provider, the country, the region, the city, the district, and even at home you most likely have your own router. And they all have their address ranges.

Infrastructure includes traffic exchange points, satellite connections, continental entrances, etc. they are needed to combine routers with other routers that belong to other operators, countries, types of communication.

How can I transfer data?


As you understand, clients and routers themselves are connected with something. These could be:

Wires


  1. By land

    Backbone network of Rostelecom
    image

  2. Underwater

    Transoceanic submarine cables
    image

Air


These are Wi-Fi, LTE, WiMax and radio bridges of operators who use where it is difficult to conduct wires. They do not build full-fledged provider networks, they are usually a continuation of wired networks.

Cosmos


Satellites can serve both regular users and be part of the infrastructure of providers.

ISATEL coverage map
image

Internet is a network


As you can see, the Internet is solid neighbors and neighbors neighbors. At this level of networking, there are no centers and red buttons for the entire Internet. That is, an evil America can never force the traffic between two Russian cities to stop moving, between a Russian and a Chinese city, between a Russian and an Australian city, as they would not want.The only thing they can do is drop bombs on routers, but this is not a network threat level at all.

in fact, there are centers, only tsss ...

but these centers are extremely informative, that is, they say that this is the address of such and such a country, such and such a device, such a manufacturer, etc. without this data for the network, nothing changes.


Tiny little people are to blame!


A level above the pure data, is our visited with you, the World Wide Web. The principle of the protocols in it is in human-readable data. Starting from the addresses of sites, for example, google.com is different from the machine 64.233.161.94. And ending with the Http protocol itself and JavaScript code, you can read all of them, and not in your own language, but in human language without any transformations.

This is the root of evil.

To convert addresses that are understandable to humans into addresses that are understandable to routers need registries of these same addresses. Just as there are state registries of administrative addresses by type: Lenin St., 16 - Ivan Ivanovich Ivanov lives. This is the general global registry, where it is indicated: google.ru - 64.233.161.94.

And it is located in America. So, here's how we will disconnect from the Internet!

In fact, everything is not so simple.

image

According to open data
ICANN is a contractor for the international community performing the IANA function without government control (primarily the US government), so the corporation can be considered international, despite being registered in California.
Moreover, even though ICANN manages, it does so only requirements and decrees, the execution is engaged in another non-state company - VeriSign.

Next come the root servers, there are 13 of them and they belong to different companies from the US Army to institutions and non-profit companies from the Netherlands, Sweden and Japan. Also, there are full copies of them all over the world, including in Russia (Moscow, St. Petersburg, Novosibirsk, Rostov-on-Don).

And most importantly, these servers contain a list of trusted servers around the world, which in turn contain another list of servers around the world, which already contain the name and address registries themselves.

The real purpose of the root servers is to say that the registry of such and such server is official, not fake. On any computer, you can raise the server with its list, and for example, when you contact sberbank.ru, you will be sent not its real address - 0.0.0.1, but - 0.0.0.2, which will contain an exact copy of the Sberbank site, but all data will be stolen. In this case, the user will see the desired address in a human-readable form and will in no way be able to distinguish a fake from the real site. And the computer itself needs only an address and it only works with it, it does not know about any letters. This, when viewed in terms of potential threats. After all, are we introducing a law for some reason?
* one recognizable ncbi - what it costs

The same applies to the general root of the https/TLS/SSL certification - which is already focused on security. The plan is the same, but the rest of the data including the public keys and signatures are sent together with the address.

The main thing is that there is an end point that serves as a guarantor. And if there are several such points and with different information, it is easier to organize a substitution.

The main purpose of address registries is to maintain a common list of names in order to avoid two sites with one address visible to a person and different IPs. Imagine the situation: one person publishes a link to the magazine.net site to a page on research on the protection from addiction of amphetamine stimulants using amphonelitic acid, another person became interested and clicked on the link.But the link is only the text itself: magazine.net, it contains nothing. However, when the author published the link, he simply copied it from his browser, but he used Google DNS (the same registry), and under his record magazine.net - the address is 0.0.0.1, and one of the readers who followed the link uses Yandex DNS and it stores another address - 0.0.0.2, at which the electronics store and the registry does not know anything about any 0.0.0.1. Then, the user will not be able to view an interesting article for him. Which basically contradicts the whole point of the links.

Who is particularly interested: in fact, the registries contain a whole range of addresses, as well as sites can change the final IP for various reasons (Suddenly, the new provider provides greater speed). And so the links do not lose relevance DNS provide the ability to change addresses. It also helps to increase or decrease the number of servers serving the site.

As a result, with any decision of the American side or military attacks, including the seizure of non-state institutions, falsification of root centers or the complete destruction of ties with Russia, in no way will it be possible to bring the stability of the Russian segment of the Internet to its knees.

First, the main encryption keys themselves are stored in two bunkers in different parts of the United States. Secondly, the administration is so distributed that it is necessary to negotiate with the entire civilized world to turn off Russia. That will be accompanied by a long discussion and Russia will just have time to adjust its infrastructure. At the moment, no such proposals in the history have ever been formulated. Well, there are always copies anywhere in the world. It will be enough to redirect traffic to a Chinese or Indian copy. In the end, you have to negotiate with the world in principle. And again, on the territory of Russia there will always be the last list of servers and you can always continue from where you left off. Or you can simply replace the signature with another one.

You can not check the signature at all - even if everything happens instantly, and Russian centers are destroyed, providers can ignore the lack of communication with root servers, this is purely for additional security and does not affect routing.

Also, the operators store the cache (the most popular requested) both keys and the registries themselves, and a piece of the cache of the websites you have is stored on your computer. In the end, the first time you do not feel anything at all.

There are also other WWW centers, but they often work on a similar principle and are less necessary.

Everyone will die, and the pirates will live!


image

In addition to the official root servers, there are alternative ones, but they usually belong to pirates and anarchists opposing any censorship, so providers do not use them. But the chosen ones ... Even if the whole world conspires against Russia, these guys will still continue to serve.

By the way, the DHT algorithm of the Torrent peering networks can live in peace without any registries, it does not request a specific address, but communicates with the hash (identifier) ​​of the desired file. That is, pirates will live in general under any circumstances!

The only real attack!


The only real threat can only be collusion around the world, with the cutting of all cables leading from Russia, knocking down satellites and installing radio interference. True, in this case of the world blockade, the last thing that will be of interest is the Internet. Either active war, but everything is the same there.

Internet inside Russia will continue to function. Just with a temporary decrease in security.

So what's the law?


The strangest thing is that the law describes this situation in theory, but offers only two real things:

  1. Make your WWW centers.
  2. Transfer all points of the boundary transition of Internet cables to Roskomnadzor and install content blockers.

No, these are not two things that solve the problem, these are basically two things that are in the law, the rest is of the type: “we need to ensure the stability of the Internet”. Not methods, fines, plans, distribution of duties and those responsible, but simply a declaration.

As you already understood, only the first item is relevant to the sovereign Internet, the second is censorship and only. Moreover, this may reduce the activity of building border networks, as a result, reduce the stability of the sovereign Internet.

The first point, as we have already found out, solves the problem of an unlikely temporary and little dangerous threat. This will be done by network participants when threats appear, but here it is proposed to do this in advance. It is necessary to do this in advance, only in one very depressing case.

Results - disappointing!


Summing up, it turns out that the government allocated 30 billion rubles to the law, which resolves an unlikely non-dangerous situation, which in the best case does not harm. And the second part will establish censorship. We are offered the introduction of censorship so that we are not turned off. With the same success, you can offer to drink milk on Thursdays throughout the country to avoid murder. That is, both logic and common sense say that these things are not related and cannot be connected.

So why is it that the government is preparing for pre-emption for total censorship ... censorship and war?

image

Minute of care from a UFO


This material could cause conflicting feelings, so before writing a comment, refresh something important:

How to write a comment and survive
  • Do not write abusive comments, do not get personal.
  • Refrain from using obscene language and toxic behavior (even in a veiled form).
  • To report comments that violate the site’s rules, use the “Report” button (if available) or the feedback form .

What to do if: minus karma | blocked an account

Habr's Authors Code and habraetics
Full site rules

Source text: [From the sandbox] "Isolation of the Runet" or "Sovereign Internet"