[governance] host country agreement + "geostrategic innocence"

Joe Baptista baptista at cynikal.net
Mon Oct 17 20:00:33 EDT 2005 

On Tue, 18 Oct 2005, McTim wrote:

> So what I am hearing is:
>
> The USG controls 6 nameservers.   They are vulnerable to an Act of
> Congress/Presidential Order/ Vixie's martial law/very bad thing
> changing the root zone file unilaterally.

They could be.  Also what happens to the captured data?  Privacy concerns
are key too.  Since some are at military facilities, has the data been
compromised.  Have specific IP string been redirected.  i.e. - has any
national governments ip ranges ever been given specific answers by
military servers so the traffic could be captured ???  See page page 2 and
3 of following URL for details of root interception

http://www.cynikal.net/~baptista/P-R/RSPC.pdf

> There are other rootservers in the US, but since they anycast, they
> are less vulnerable?  How's that work?  Don't the instances of "F"
> serve the exact same file?  of course they do.

Thats the theory and the practice.  In fact they don't have too.
Anycasting means to make an ip number available in many places.  Ip
numbers are announced and if you announce an ip number in many places
using different host machines in many datacenters this is know as
anycasting.  However it only works for certain protocols like DNS.  You
could never use it for something like VoIP.

I don't know what you mean by less vulnerable.  Anycasting allows
operators to reduce the load on a root server, and distribute traffic
therefore speeding up operations and response times.  The USG root servers
get alot of traffic - most of it nonsense - especially these days now hat
china is using multilingual top level domains.  Its' always been a
problem.

http://www.theregister.co.uk/2003/02/05/dud_queries_swamp_us_internet/

With the Public-Root operations in Turkey and tiscali the traffic hitting
the USG root complex increases over times.  As public-root urls are
indexed - people outside the public-root try to access using the USG root
system and that causes congestion.  So the USG root complex has always
been vulnerable to congestions ever since the advent of the alternative
root systems

> Are you seriously suggesting that if W declared martial law the ISC
> would bend (by changing zone file served by "F" in the US) but not
> "break" (by keeping old zone file on instances)???  Surely I have
> missed smt.

Could be done.

> > > > The remainder of the root server operators have no contracts with anyone
> > > > and are completely independent operators.
> > >
> > > This doesn't bother me either, I think it is quite useful.
> >
> > It should bother you.  Should bother anyone who uses the
>
> Really. Shouldn't.
>
> Should make them feel warm and fuzzy knowing that many orgs operate
> bits of the infrastructure independent of a central authority but in
> close cooperation to accomplish goal of stability.

Ya sure - put it in a contract - get the operators to sign it and your
talkin turkey.  Until them I'm hearing gobble gobble and thats jibbersish.
You asking me to put my surfing experience and privacy in the hands of
people who have no contractual obligation whatsoever that are
representative of the services they provide.

Now that may of sold in the good ol days when the internet was the wild
wild west - but that sales job no longer works today.  If the root are so
committed - fine - lets see that committment in writing.

> > not forget the big question - who uses the data collected by these root
> > servers?
>
> I do, and haven't yet had a problem.

I am concerned with data privacy.

> > http://www.cynikal.net/~baptista/P-R/RSPC.pdf
> >
> > There unresolved privacy issues here.
>
> I read it.  The exact same "privacy issues" are present in all the
> alt-roots as well. it is the nature of the DNS (until crypto
> extensions come into play).  I recall a few weeks ago that you were
> sending messages about "Turkey's root being hijacked by criminals"
> (paraphrasing).

Exactly.  Now we have some good operators on board - but yes - essentially
there was a criminal core at the public-root.  That core is gone.  Its
still at UNIDT.  And I am the whisle blower who got the reforms done.

But yes - I agree.  In fact we have no contracts with our operators
either.  They are independent.  I don't like thatr either.  But as the
biggest root system with binding contracts with turkey and tiscali through
our affiliate UNIDT - we are now working on just that.  Proper biding
contracts as well as expanding root infrastrcture by helping countries
setup their own roots.

> > The rest would follow the herd.
>
> I am sure they would all react as a herd if the USG ever tried to
> "fiddle"  with the rootzone (likelihood approximating zero chance).
> The herd would object to the point that the USG would back down.

What if only specific IP addresses were intercepted and redirected by the
military/nasa servers.  Who would know?

Remember when Paul Vixie and Jon Postel highjacked the root by pointing
operators from a.root to f.root.  How long did it take the network to
figure out that even happened.  A week or so.

I gurantee you - these roots will not be subject to such suttle
highjacking attachs nor would the USG ever change the root.  I agree with
you there.  But as they redirect queries to capture proxies - who would
know?

Now that i've mentioned it - maybe more people maybe watching.


> > Good question.  The Public-Root seems like an appropriate choice?
>
> Hmmm do you really think y'all can do the ports, protocols, IP
> addressing, DNS, coordination, meetings, etc, etc that ICANN does?  If
> so, then it is just a power play.
>
> I prefer the "devil I know", thanks anyway.

I prefer contracts.  They provide clarity - because as you can see in the
Internet governance process clarity is in short supply.

Cheers
Joe Baptista

Joe Baptista, Official Public-Root Representative and Lobbyist to the
United States Congress and Senate / Tel: +1 (202) 517-1593

Public-Root Disclosure Documents: http://www.cynikal.net/~baptista/P-R/
Public-Root Discussion Forum: http://lair.lionpost.net/mailman/listinfo/pr-plan
_______________________________________________
governance mailing list
governance at lists.cpsr.org
https://ssl.cpsr.org/mailman/listinfo/governance

More information about the Governance mailing list