RE: [ga] DNSO ICANN board member

[Simon Higgs <simon@higgs.com>]

Roberto,

> >>How would you call a root that does not use the ICANN root as
> >>baseline?
> >
> >I'd call it a "Private Root" since it does not reflect the publicly
> >viewable internet name space (anything less than the ICANN baseline
> >is a private name space). It would not be an "Alternative Root"
> >(alt.root) to the "IANA/ICANN root" in the publicaly-viewable sense.
> >
> >>(BTW, I assume that you cannot make sure that an alternate root
> >>does not point to different name servers for the TLDs that are also
> >>in ICANN's root)
> >
> >While it's possible, what incentive is there at the end user level
> >to use a zone missing any TLDs? Maybe an organization can set it's
> >DNS servers up to boycott a ccTLD (think about protesting .ZA
> >during Apartheid), but it's localized to those organizations end
> >users, and can easily be circumvented by anyone knowledgeable.
> >
> >Thinking about it some more, there's an inherent trust given to all
> >DNS server operators by the end users served. There's nothing
> >stopping the glue records for any domain name or TLD from being
> >changed on any server anywhere on the planet. You can do this at
> > any level - it is not restricted to root servers.
>
>The main thing I am worried about is that two alt.roots have different
>name servers for the same TLD.
>
>And this I don't like.

I agree. But certain facts of life are here to stay:

1. Alt.roots have been created as a direct result of:
    a. Network Solutions being granted a for-profit monopoly on the
       most popular gTLDs (COM/NET/ORG)
    b. IANA's inability to introduce competition to NSI by way of
       new registries and TLDs
    c. The .US registry's total failure to address the .US space
    d. Internet community dissatisfaction with subsequent processes
       (i.e. IAHC/gTLD-MoU/ICANN)
    e. ICANN's obligation to prevent economic harm to NSI from
       introducing competition
2. Reserved TLDs (BCP32) exist which immediately create an alt.root
3. Private corporations use Alternate Roots internally which often
    duplicates the name space outside of the USG-root - normally to
    secure the identity of internally used servers
4. Private Roots exist which for whatever reason do not have a full
    set of USG-root TLDs

There is no guidance to establish checks and balances in any DNS server 
which has been altered from the vanilla USG-root. I'm halfway through an 
Internet Draft to try and ensure that there is a minimum supported baseline 
(the USG root zone). Also I'm addressing discrepancies between RFC2826 and 
BCP32, as well as other variations. The point is to provide a common 
meeting ground and prevent a serious root fragmentation from happening.

> >We all saw what John Postel and Paul Vixie (at John Gilmore's
> >prompting) did a couple of years ago in splitting the root
> >servers up into US Gov-controlled and non-USG-controlled groups
> >by changing the non-USG-controlled root servers to pull their
> >root zone from an IANA server instead of a.root. What they
> >actually did was attempt to create an alt.root out of the
> >non-USG-controlled root servers. Had no-one noticed the change
> >of root authority then the 7 CORE TLDs would have been added to
> >half the root servers and the root would have been fragmented
> >from that point on. As a POC member you were supposed to oversee
> >and prevent this from happening. Instead the USG intervened.
>
>First of all, the intention was not at all to fragment the root and to
>start an alt.root.

The road to hell is paved with good intentions. It doesn't matter what the 
intent is if the end result is undesirable. Forcing the 7 CORE TLDs into 
the root without accountability to the internet community was undesirable. 
Splitting the IANA root into two distinct authorities like the 
IAHC/gTLD-MoU/CORE folk did was worse than starting a separate alt.root. 
Users of an alt.root make the choice to use the alt.root. Users of the 
ICANN root are not given that choice, and their queries for the CORE TLDs 
would have failed 50% of the time because the USG-controlled servers would 
not have supported them causing instant root fragmentation.

>As for the overseeing role of POC, I will not argue, just notice that I
>was not a POC member at that time.
>
>For the record, I spoke against the "experiment" at the CORE Assembly in
>  Washington, DC, that was ongoing when the events happened. I assume I
>would have had the same attitude in POC ;>).

OK, I'll let that slide. ;-)


Best Regards,

Simon Higgs

--
It's a feature not a bug...

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html