Re: [ga] Net security's a losing battle

["Ross Wm. Rader" <ross@tucows.com>]

Rick,

You make some great points. I am actually quite pleased (and surprised) to
hear that the escrow specification is so well developed. If that's the case,
let's push to get it out of the way. As far as registrar stability goes, I
agree that it's not likely that the Internet would fall apart. In fact, a
backhoe is more likely to disrupt packet connectivity than an airplane
falling out of the sky. This does not change the fact that, without an
escrow program, the title that registrants hold to their registrations is
tenuous - VGRS doesn't store much data.

I am not a cheerleader for this revised agenda. I am however optimistic that
ICANN can grow up and away from the dynamics that you describe below and
expand the scope of discussion to include some of the more esoteric
conditions that you mention. For instance, you might want to take this
opportunity to lobby some of the marketing people (that will inevitably show
up) to convince them of the importance of properly configured zones. Some of
them might get the picture, some might not, but it sounds like the perfect
entree' into exposing their back-office staff to the more important issues
that you are concerned about. I for one would completely support increased
and more formal technical and operational coordination between registrars
(and other stakeholders) - this might provide the opportunity for a first
step towards that. If a more technical ICANN is required, let's not lament
the fact that it isn't currently, let's make sure that it is tomorrow.  And,
if it can't be, let's embrace that fact for the record and start work on
increasing the involvement and visibility of the relevant technical bodies
like the IETF within ICANN circles so that we can properly get on with our
other business.

What I am trying to get at is that we have two choices when it comes to this
agenda. We can criticize it for being inappropriate for any number of
reasons, or, my preference, we can try and take a big picture view and wrap
our heads around how we might better our situation in the midst of it.


-rwr

[PS - when we grab that beer in LA, make sure that I tell you the story
about how my old boss made the tech support department, one-by-one, stand
over an open trench in the rain in shifts while the phone company spliced
thousands of pairs leading into our NOC....]






----- Original Message -----
From: "Rick H Wesson" <wessorh@ar.com>
To: "Ross Wm. Rader" <ross@tucows.com>
Cc: "Dan Steinberg" <synthesis@videotron.ca>; "Roberto Gaetano"
<ga_list@hotmail.com>; <sandy@storm.ca>; <ga@dnso.org>
Sent: Saturday, September 29, 2001 6:10 AM
Subject: Re: [ga] Net security's a losing battle


>
> Ross,
>
> As one who sat on the ICANN Escrow committee I can state that the
> committee did create a final draft that specified escrow formats and how
> escrow would be done. The document was forwarded to ICANN and I have no
> clue why they didn't implement it. All ICANN need to do is publish their
> requirements on escrow, and start up their service, which they have had
> over 9 months to complete.
>
> Also if a registrar was to be "taken out," some service certainly would be
> disrupted but we would deal, I'm sure VGRS, as the other registries have
> too, a well defined disaster recovery plan. I believe such was required in
> their Registry proposal.
>
> Do you know each root server does not answer queries for at lease two
> hours twice a day? I am sure the impact of an outage would be less than
> what the financial industry felt when the WTC towers were demolished. I
> also suggest you read up on what happens when a backhoe severs a
> fiber, they happen all the time, some huge ones that will cut out large
> chunks of the net and one rarely hears about it.
>
> finally I wish we could focus on the real ICANN issues instead of this
FUD.
> Using fear to create an environment where our attention is directed away
> from what our attention should be focused on only makes me wonder why we
> shouldn't be discussing the issues that ICANN is more equipped to discuss.
>
> I feel like ICANN does not want to deal with its important naming issues
> in the US, as there will be no meetings in the USA next year. I also feel
> ICANN, its staff, and the constituencies are illequiped to discuss
> security or stability with over 78% of .COM zones misconfigured [1]
>
> ICANN just doesn't draw the folks that work on the issues of stability and
> security, so I can's see any value coming out of a meeting dedicated in
> its entirety to discussing such.
>
> As for topics we can wrap our arms around, now would be an excellent time
> to enumerate just what "security and stability of the naming and
> addressing systems and of their operational implementation globally"  [2]
> means, because this just sounds like FUD to me.
>
> to me 'security and stability of the naming system' means DNSSEC and
> 'security and stability of the addressing systems' means IPSEC and IPv6
> and '... of their operational implementation globally' leads me to think
> about coordination.  I just can't fathom how what is usually a marketing
> and personal networking oppertunity can be billed as anything close to a
> NDSS [3] confrence.
>
> -rick
>
>
> [1] http://www.miceandmen.com/6000/61_recent_survey.html
> [2] http://www.icann.org/announcements/announcement-26sep01.htm
>     5th paragraph.
> [3] http://www.isoc.org/isoc/conferences/ndss/02/index.shtml
>
>
> On Fri, 28 Sep 2001, Ross Wm. Rader wrote:
>
> > > I have no argument with the concepts. I just think the ICANN board
meeting
> > is
> > > simply an inappropriate forum to discuss the issues.  I would think
IETF
> > risks
> > > being a waaaaaaay better place. The net has existed for years with its
> > 'dirty
> > > little secrets' surving on the basis that those with sufficient
knowledge
> > could
> > > do damage in one way or another (like kashpuref did) but chose not to
out
> > of
> > > some form or reverence or spirit of cooperation.
> >
> > Dan,
> >
> > Did you know that if NSI-Registrar was put out of business in a
permanent,
> > WTC sense (god forbid), that there are currently no defined process for
> > recreating the service records for some 16 million or so registrants?
I'd
> > say that fact alone makes ICANN an appropriate forum to discuss the
issue.
> > We might not be able to wrap our arms around a lot of topics, but the
ones
> > that we can are fairly important.
> >
> > Thanks,
> >
> > -rwr
> >
> >
> >
> > Tucows Inc.
> > t. 416.538.5492
> >
> > --
> > This message was passed to you via the ga@dnso.org list.
> > Send mail to majordomo@dnso.org to unsubscribe
> > ("unsubscribe ga" in the body of the message).
> > Archives at http://www.dnso.org/archives.html
> >
>
> --
> This message was passed to you via the ga@dnso.org list.
> Send mail to majordomo@dnso.org to unsubscribe
> ("unsubscribe ga" in the body of the message).
> Archives at http://www.dnso.org/archives.html
>

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html