[registrars] Four very useful notes between Bob Frankston and Vint Cerf re the message -- ICANN's new role: It's about keeping people from being killed by terrorist plots hatched over the net says Mike Roberts

["Timothy Denton" <tim@tmdenton.com>]

As we head into the ICANN meetings, this exchange, set out below, should be
of interest and concern to registrars. Bob Frankston, David Reed, Dave
Farber and Vint Cerf have been deeply implicated in the evolution of the
TCP/IP protocols and the engineering of the Internet.
Timothy Denton, BA,BCL
Secretary, ICANN-Registrars Constituency
37 Heney Street
Ottawa, Ontario
Canada K1N 5V6
www.tmdenton.com
1-613-789-5397 Ottawa
1-819-842-2238 North Hatley
tmdenton@magma.ca




>>From: "Bob Frankston" <rmf2g2@bobf.Frankston.com>
>>To: <farber@cis.upenn.edu>, <ip-sub-1@majordomo.pobox.com>
>>Cc: "David Reed" <dpreed@reed.com>, "Vinton G. Cerf" <vcerf@MCI.NET>
>>
>>[Dave, I don't want to harp on one point but the comments I sent on the
>>DNS yesterday were relatively mild compared with the danger that Mike
>>Roberts comments represent. We must put an end to pandering to naïve
>>panic...]
>>
>>I used to think that ICANN was misguided and relatively harmless; it now
>>seems very dangerous. The whole notion that the DNS is the vital source
>>of magic names and authority is literally medieval. Making the DNS more
>>secure is no more of a solution that the Maginot was for the French when
>>they sought protection from Germany before World War II.
>>
>>I realize that the ICANN is not an evil conspiracy. It is just the
>>result of a common and deep misunderstanding akin to the notion that
>>words have fixed invariant meanings rather than being determined by
>>usage. I realize that Mike Roberts is trying to do his best to help us.
>>Unfortunately, given that ICANN is faced with an impossible meaning,
>>many people do see conspiracy rather than just the failure of best
>>efforts against an impossible mission.
>>
>>The use of the DNS as a source of meaning and authority is a direct
>>violation of the fundamental design principle of the Internet -- that
>>authority rests and the end points not in the center. The success of the
>>Internet is a direct result of this principle. Creating central
>>dependencies and vulnerabilities, like this, weakens the security of the
>>net and stymies innovation.
>>
>>The DNS works well in as a housekeeping tool for tracking IP addresses
>>and other information. Overloading it as a bad keyword system and an
>>authoritative and secure source of meaning is dangerously misguided.
>>
>>Alas, this is just one more example of the price we pay for reacting
>>blindly out of fear without understanding. I greatly fear those who try
>>to do me good whether I like it or not.
>>
>>September 11th hysteria is a poor substitute for reason. By focusing on
>>vulnerabilities we are failing to appreciate the resilience of a very
>>large country in a very large world. It seems tiny and exposed on
>>television and in blaring headlines. This makes it difficult to put
>>tragedies in perspective and instead we leverage terrorism by become
>>rigid. FDR was right in citing fear as the danger. We also should fear
>>those who promise to eliminate risk rather than help us understand it.
>>
>>Is there any web site that gives perspective and assessment? I've been
>>expecting the Anthrax attack to be domestic and we'll see whether it is.
>>Have there been other "Bin Laden" attacks since Sept 11th? What is the
>>current reality of WTC victims? Are the reports of Middle East
>>support/protests supported by more than how well random video clips will
>>play on TV?
>>
>>Bob Frankston
>>http://www.Frankston.com
>Date: Sat, 27 Oct 2001 22:20:22 -0400
>From: vint cerf <vinton.g.cerf@wcom.com>
>
>Bob,
>
>your message and Mike Roberts' message seem to be talking past each
>other.
>
>Mike is talking about the At Large Study Group, generally.
>
>That everyone with an operating responsibility for some part of the
>Internet needs to take resilience, robustness and recovery seriously
>seems self-evident. Perhaps more so as people look to Internet to be
>an increasingly useful and reliable communication infrastructure.
>You and I are in agreement that expansion of the DNS top-level domains
>is of uncertain value if the purpose is to turn DNS into some poor-quality
>index/directory of Internet content. Some people are apparently convinced
>either that DNS can/should be such a directory or that they can make a
>lot of money because other people think that way.
>
>ICANN concluded to allow modest expansion to find out what the consequences
>would be (a bunch of lawsuits for starters!). I am glad we did not try to
>open up TLDs wholesale on the first go around.
>
>DNS itself can do little to prevent terrorist attacks. We can try to make
>all the parts of the Internet increasingly resilient and resistant to
various
>forms of DOS - but the major vulnerabilities seems to be in the hosts.
>We HAVE seen some bad problems with DNS in which responses to unasked
queries
>have overwritten tables and allowed hijacking of DNS entries. I'm sure the
>catalog of problems merits attention.
>
>I did not see anything in Mike's remarks that led me to think he was
>suggesting
>that DNS can be a secure source of "meaning" - but why isn't it a useful
>exercise
>to try to minimize the opportunity for making deliberately falsified
bindings?
>vint
>
>From: "Bob Frankston" <BobRMF17@Bobf.Frankston.com>
>To: "'vint cerf'" <vinton.g.cerf@wcom.com>,
>"'Bob Frankston'" <rmf2g2@Bobf.Frankston.com>, <farber@cis.upenn.edu>,
><ip-sub-1@majordomo.pobox.com>
>Cc: "'David Reed'" <dpreed@reed.com>
>
>First, I accept your criticism and one can read the message as simply
>saying that we need to stop all the harping about ICANN and make
>progress.
>
>Phrases like "It's about keeping people from being killed by terrorist
>plots hatched over the net" aren't at all temperate and are more in the
>spirit of invoke fear rather than effective action. One needn't attack
>the DNS to hatch a plot. In fact, one needn't use the DNS at all to
>exchange messages. Stable IP addresses work fine and volatile ones can
>be transmitted in a phone call.
>
>As I pointed out, the real problem is that we are over-dependent on the
>DNS as a smart center. The question is whether ICANN is compounding the
>problem by increasing this dependency. In my earlier letter I noted that
>Google has found that people are using lookup more than the DNS to find
>things already.
>
>There is a need for real debate on this issue. But I sympathize with
>Mike in that the debate has been more about evil conspiracies than basic
>issues. The very premise that the DNS is a vital center.
>
>To the extent that it is we do need to be concerned about security
>though the attacks seem to be more of the form of stealing domain names
>for commercial purposes.
>
>Rather than invoking the terrorist menace, it would be wise to separate
>out the issues:
>
>* Protecting the current domain servers independent of other TLD
>policies. While I don't know the current protocols for shared control of
>the .COM (et al) servers I presume that there is a lot of complexity
>associated with preserving the "marketplace" that provides rich rewards
>to its members. Would the problem be simpler if the TLDs had no
>semantics and if there the names were owned and never reused?
>
>* The whole issue of TLDs and names. Does this matter to the terrorists
>beyond compounding the first issue? Well, there is a related issue for
>those who think that one can control terrorism or Napster by controlling
>the names.
>
>* The issue I am concerned about -- how do we return the role of the DNS
>to simply a source of stable handles? Security is still an issue but
>simple protocols should go a long way to reducing the concerns. It could
>also help by reducing churn in the servers. Instead of putting a billion
>names at the top or second level we could create as many tertiary
>servers as needed without the burden of using just one dot.
>
>So I might be unfair in characterizing Mike as calling upon us to
>militarize the servers (or maybe just nationalize them -- same thing at
>this point) I do see the call for an end to the debate as endorsing a
>fundamentally flawed, well not architecture as the DNS isn't bad, it is
>a flawed perception of what the DNS is and how to use it. It is
>certainly not about keeping terrorists from communicating.
>
>
>Bob Frankston
>http://www.Frankston.com
>
>Date: Sun, 28 Oct 2001 00:24:37 -0400
>From: vint cerf <vinton.g.cerf@wcom.com>
>as usual you and I are more in synch than not.
>
>your message below makes it far more clear than the earlier one that
>there are all kinds of alternatives to DNS to associate handles with
>IP addresses - and we ought to be exploring the alternatives if they
>are more robust and/or useful than the DNS (which has been very
>useful and remarkably scalable).
>
>vint
>
>
>For archives see:
>http://www.interesting-people.org/archives/interesting-people/