<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
David Thanks for the clarification. <br>
<br>
Parminder, Time to go to Karl's cavebear and dig out some of the
issues he raised, like single point of failure, the misconception
that the internet is merely a collection of nets etc... such a long
time ago and such a boring escapade... and I share some sentiments
that we are right back in 2003... <br>
<br>
But perhaps it is just as well I am an amateur (and an idiotic
marginal one at that) that I can perhaps converse directly with
Parminder's views <b>as if others were not around</b> - which is
how this issue is dealt with by many others on this list - as if
legitimacy was not an issue... so instead of talking at cross
purposes let me converse with like-minded people like Parminder so
they and others can see where we are coming from (although I am not
speaking for Parminder, and it may sound like it, you specify where
you are ad idem if necessary... this a horrible sarcastic caricature
... ) for others edification just to show them that there is an
alternate conception of things out there (not better, not worse,
just different... and perhaps if disinterested judgement is applied,
PERHAPS a more reasonable in approach)... <br>
<br>
So Parminder, what I understand is that the system is designed in a
particular way, has incorporated a number of changes, and is rather
flexible - given certain constraints. Apparently the sense is that
it should be alright now, at the technical level, to solve the
legitimacy issues. <br>
<br>
There remains the socio-political issue of "control" (or to give
Curran credence - participation) raised inaccurately and "deeply
wrong" (which is a vice for Southerners but Northerners who talk
about a single root are free from such aspersions - go figure)
technically, but otherwise (socio-politically) remains in tact
because neither GAC nor IGF deals with the issue to their
satisfaction. Now conspiracy theories abound (unless of course one
listened to commie Cuba or how Iraq was treated before the illegal
invasion of Al Qaeeda infested Iraq -- if I recall correctly on both
counts as I am not trawling through the web to find those references
as it is tangential to my main point), but if there is no real
problem with the architecture as it is, then why can governance
structures not be changed in a way that maintains technical
fidelity? See it is nice when we too ask questions (and to
anticipate the droll responses - it is absolutely OK to have NO idea
about the future shape, but to know that current arrangements are
not ok, and others are invited to be pragmatic... see comments on
evolution below).<br>
<br>
On the technical level, I think "autonomous internet" and "single
root", these can be worked out and they are not so much of a problem
as I read this stuff - techies are cool and love engineering around
problems - ... and I am happy to be wrong and guided... On the
socio-political level the argument made by those who "support" (said
guardedly, with all necessary caveats) ICANN ask what do the likes
of you/us want? I think this has been clear - <b>no technical
administration without representation</b> - to paraphrase a famous
tea party (although I do not want to confuse that one with modern
adherents, the likes of whom seem to be on this list in large order
- but that may just be my own jaundiced eye, but it is a
pre-existing condition so well... ). <br>
<br>
So the more these fellows argue that "everything is alright" the
more I get the sense that these arguments work adequately well for
the other side (if the technical is so flexible, then it can work in
a myriad of governance arrangement just so long as integrity (system
and people) and testing is safeguarded - except for the actual shape
of things to come. From a <u>truly</u> evolutionary perspective
this is not a problem. I suspect, however, that this argument is
used to resist change so that the destination (proposed shape of
arrangements) can be criticised as too sunny or cold as a substitute
for setting upon the path of accepting a directionality to change
(and here they are right we ARE STILL in 2003). The evolutionary
spirit is that of <b>variety creation</b> (experimentation) leading
to (natural iow political here) selection of what works - and this
is the test of the pudding in the evolutionary system. Now if ICANN
is more open to change than some civil society people here then it
is unavoidable that one <i>reasonably</i> can conclude they fall in
as "true believers" or astroturfers without becoming a conspiracy
theorist.<br>
<br>
Now it is ridiculous to assert (unless one is of John Bolton
predisposition, or the Heritage Foundation - decidedly anti-UN) that
one can handle matters of war and peace in the imperfect UN (or a
really supercharged GAC, if one is open to change and take the
Chinese proposal to heart as righteous and pious believers in the
single root should - although I am not a confessor) but can't deal
with this... <i>perhaps it is time to help them decolonise the
evolutionary imagination... </i><br>
<br>
You see because for single rooters, whose belief - and it is a
belief - the Chinese proposal should be scary. Instead of beating
the same drum they have been for ages - they do need to be keenly
aware of how they<u> indict</u> themselves in the socio-political
realm (if one is disinterested). Talking as if they were not
listening (to be clear because this is laden with assumptions that
others could dispute, but I do not expect much from you), they
should be scrambling for a solution because China may not be as
powerful as the US but it has been patient and has a strong vested
interest in maintaining control as it understands its political
equations (if they misunderestimate this then well there is no
helping them). When they don't scramble then it puts paid to all the
(technical) bunkum that we had to deal with SINCE 2003 - statements
and actions must match, and they were so dedicated to this view
point. The indictment is the lack of depth or absence of discussion
from a believers pov on this list (for "believers" it indicates that
'the way they believe what they believe' is as much of a problem as
'what is believed' - but perhaps I am too esoteric here). <br>
<br>
This is not so much of a problem for those who genuinely "buy" the
ICANN-ish type line (recognising that they are more flexible than
some in civil society) as they can self correct, but more of one for
those "astro-turfers" (so to speak, based on genuince concerns about
the Chinese proposal for single root rather than platitudes) -
because the question is that when the contradictions become so
glaringly obvious the "handlers" need to ask is "where can one find
good help these days?" leading to the inevitable, "how dispensable
are you?" For me 'dime a dozen' springs to mind, although there are
some long haulers also - but for them the experience has brought
less, rather than more, sophistication into civil society
engagements imho.<br>
<br>
You see, because I am chastised for name-calling (which in the IT
community I thought was par for the course, eg generally previous
discussions on IETF modalities, and particularly on this list) when
I was genuinely under the impression that this is the acceptable
tenor of robust engagement (perhaps I am not that good at
induction)... I hope to see some sincerity in those wishing to set
the tone on this list to be even handed. Now I am under no
impression that this will be done, but one must be optimistic. <br>
<br>
And because I come from a Third World Nationalist perspective (which
is<i> one of many</i> TW perspectives), let me put it like this, the
issue of 'no technical administration with representation' is
something that may seem irrational for those with the civilising
mission. But self-determination and other issues (like sitting in
the back of the bus) became mainstream nevertheless. That said,
Third World countries have lots of problems, and corruption is
certainly one of them - and especially as raised on this list needs
to dealt with head on (I hope that this can be taken up and that the
allegation is not left hanging as it so frequently is in our
countries). But some perspective is in order, compared with
Mortgage Backed Securities, Libor or the sum of issues that make up
the Great Recession (we can't call it a depression, because well...)
makes TWers look like petty thieves (and the rich countries always
score highly on Transparency International's list - just look at
Iceland's score in 2006!)... <br>
<br>
...but more germane to the issues here is the serious violations
that have occurred in the US and the rich countries (including
expropriation of domain names by trade mark holders in the name of
laws that were made up as things went along, violations of privacy,
PATRIOTIC legislation. etc). See with this "wild west"/can do/"we
the best" kind of attitude it makes it hard to have a decent
conversation... (and I drip with sarcasm because I just do not like
the pot calling the kettle black - I am odd like that I know, just
can shake it though, but will try) ... it may come as a surprise to
some, but what passes for progressive in some quarters would not
pass muster elsewhere... <br>
<br>
I recall raising issues of conflict of interest once at a
consultation, and was lambasted. This is NORMAL in these fora - if
upstarts even question ICANN they must get their cumuppence.<br>
<br>
And boy do we get it and take it. But I why should I let a
self-righteous tone kick me down? That we will be kicked down is a
CERTAINTY, and we engage that knowing that while maintain faith in
reason and the reality of choice - such hopeless romantics (sigh :)
<br>
<br>
So let me be absolutely clear, better 'a might is right' than
supposed ideological neutrality posing as universal. I can respect
Avri when she expresses a preference for US over others (and it is
understandable - at least the issue is contestable, if expensive,
and there are some checks and balances. This candour of techies is
appreciated - then we can have a real conversation and accept
differences and work out stuff... taking into account relative power
differences, values of equality which are put in practice (not some
sublime impractical liberal assumption of formal equality) etc...
But candour should not be confused with bullying and domination.
Here at least people express themselves and are clear, instead of
the constraining political correctness that bedogs other lists... <br>
<br>
And I am sorry if I have to dispel the petty illusions that some on
this list seem to want to maintain (it is VERY important for them
apparently). From a marginal,amateurish perspective there is not an
iota of even handedness in many of the discussions, and the single
rooters and obsequious ICANNers in civil society stand on notions
that are threadbare (iow its time to up the game). If those who now
want to make points about namecalling and do not want to be coarse,
then they should step in with an even hand, and I will be first to
admit that I am a muppet... but like peanut butter, it needs to be
spread fairly... <br>
<br>
Riaz<br>
<br>
<br>
<div class="moz-cite-prefix">On 2012/08/05 07:10 PM, David Conrad
wrote:<br>
</div>
<blockquote
cite="mid:2F7C0136-DA33-4C00-A2DA-E368182FC0B1@virtualized.org"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Parminder,
<div><br>
<div>
<div>On Aug 5, 2012, at 5:40 AM, parminder <<a
moz-do-not-send="true"
href="mailto:parminder@itforchange.net">parminder@itforchange.net</a>>
wrote:</div>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">Now, we know that
there are three kinds of root servers, the authoritative
root server (in which changes are made to the root file
vide the IANA process), 13 root servers and then the any
number of mirrors that can allegedly be created by making
an investment of 3k usd .<br>
</div>
</blockquote>
<div><br>
</div>
<div>No.</div>
<div><br>
</div>
<div>
<div>There is a "distribution master". This is a machine
that allows for zone transfer of the root zone
data maintained by the "root management partners" (ICANN,
Verisign, U.S. Dept. of Commerce NTIA) by anyone that
holds the private root zone TSIG key (password). It is
not publicly accessible and does not (I believe) respond
to any DNS query other that "AXFR" (zone transfer), "IXFR"
(incremental zone transfer), and "SOA" (start of
authority, used to figure out if a server needs to do a
zone transfer). As such, it is not a "root server".</div>
<div><br>
</div>
</div>
<div>There are "root servers". These are devices that are
numbered with one of 13 IP(v4) addresses listed in <a
moz-do-not-send="true"
href="http://www.internic.net/domain/named.root">http://www.internic.net/domain/named.root</a> to
which the root zone is transferred and which respond to all
DNS queries with referrals to top-level domains (exceptions
being for queries for data in the <a moz-do-not-send="true"
href="http://root-servers.net">root-servers.net</a> and
arpa zones which are co-resident with the root zone on 12 of
the root servers).</div>
<div><br>
</div>
<div>That's all. There are no special "13" machines that are
the "true root servers" from which other lesser machines
mirror the root zone. The devices that make up the root
servers vary from single machines in one geographical
location (this describes "B" and "D") to clusters of
machines either localized or spread out geographically using
"anycast" (this describes all the other root servers).
Within the latter, there are different distribution models
primarily to limit the load on the "distribution master". In
many cases (particularly for the root servers that have many
machines), there is an "internal distribution master" that
fetches the zone from the "real" distribution master and
makes it available to all the other machines for that root
server. In other cases, each individual machine that makes
up the root server fetches the root zone from the "real"
distribution master directly.</div>
</div>
<div><br>
</div>
<div>I should probably note that any resolver operator can
(assuming their resolver is capable of it which most are)
mirror the root zone into their resolver, but this doesn't
make that resolver a root server since it doesn't have one of
the 13 IP(v4) addresses.</div>
<div><br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">What I see is that,
while there are of course clearly very significant
differences between these three layers or kinds of root
servers, much of the 'technical input' on this list that I
have come across seem to focus on the non-difference and
greatly underplay the difference. </div>
</blockquote>
<div><br>
</div>
<div>As discussed above, the distinction you are making
doesn't exist.</div>
<br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">This I think is
politically motivated, though disguised as factual
neutral/ technical information.</div>
</blockquote>
<div><br>
</div>
<div>Conspiracy theories are tricky things as it makes it
difficult to communicate.</div>
<div><br>
</div>
<div>As you have assumed conspiracy, I suspect trying to
explain further is pointless since presumably I and anyone
else who tries to disabuse you of your beliefs would
obviously be part of the conspiracy. I will, however,
continue trying since <a moz-do-not-send="true"
href="http://www.xkcd.com/386/">http://www.xkcd.com/386/</a>.</div>
<br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">We read in the
discussions that the limit of 13 no longer is meaningful.
</div>
</blockquote>
<div><br>
</div>
You misread. The 13 IP(v4) address limitation due to the
default maximum DNS message size still exists. While there
are now ways around this limitation (specifically, the EDNS0
extension to the DNS specification), these ways are not
universally supported and as such, cannot be relied upon,
particularly for root service.</div>
<div><br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">So if indeed it is
not, why not breach it and make people of the world happy.
</div>
</blockquote>
<div><br>
</div>
<div>Even if it were possible, I sincerely doubt everyone
having their own root server would make the people of the
world happy.</div>
<br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">Even within the limit
of 13, why not allocate root servers in a geo-graphically
equitable manner, as Sivasubramanian has suggested,
especially when it seems to make no difference at all to
anyone. Why not make all these ill-informed ministers
happy. </div>
</blockquote>
<div><br>
</div>
<div>As mentioned in a previous note, the operators of the
root servers are independent (modulo "A" and "J" (through
the Verisign contract with the USG) and "E", "G", and "H"
(operated by USG Departments), albeit each of these
operators deal with their root servers differently). How
root server operators distribute their instances is entirely
their decision. To date, there has apparently been
insufficient justification for those root server operators
to decide to distribute their machines in a "geo-graphically
equitable manner".</div>
<div><br>
</div>
<div>With that said, there are at least two root server
operators ("L" (ICANN) and "F" (ISC)) who have publicly
stated they are willing to give a root server instance to
anyone that asks. Perhaps the ill-informed ministers could
be informed of this so they could be happy?</div>
<br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">I read that there is
no central control over the 13 or at least 9 of these root
servers. Is it really true? </div>
</blockquote>
<div><br>
</div>
Yes. The diversity of architecture and lack of centralized
control is seen as a feature as it reduces the opportunities
for "capture".</div>
<div><br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">Is the 13 root server
architecture not something that is aligned to what goes in
and from the authoritative root server. </div>
</blockquote>
<div><br>
</div>
Root server architecture is independent of how the root zone
is distributed.</div>
<div><br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">If it is, why can
these root servers not be reallocated in the way tlds have
been reallocated. Can they be reallocated or cant they? </div>
</blockquote>
<div><br>
</div>
<div>In practical terms, the "reallocation of a root server"
boils down to transferring the root server's IP address and
telling the new owner the zone transfer password.</div>
<div><br>
</div>
<div>Before the DNS became a political battleground, root
server "reallocation" occurred (extremely infrequently) when
(a) the person to whom Jon Postel "gave" the root server
changed employers or (b) the assets of the organization
running the root server were acquired by another company.
Today, "reallocation" of a root server would either require
the existing root server operator voluntarily giving the
root server IP address to a different organization or that
IP address would have to be "taken" by eminent domain or
somesuch.</div>
<div><br>
</div>
</div>
<div>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">I also read that the
it is not about 13 physical root servers, but 13 root
server operators, </div>
</blockquote>
<div><br>
</div>
<div>Well, 12 operators (since Verisign operates two root
servers).</div>
<br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">so the number 13 is
about the root server ownership points, and not physical
location points. </div>
</blockquote>
<div><br>
</div>
In the sense that there are 13 IP(v4) addresses that are
"owned" by 12 organizations. Geography is largely irrelevant.</div>
<div><br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">Therefore what is
needed is to reallocate the ownership points in a
geo-politically equitious manner. As Siva suggests,
probably one to an Indian Institute of Technology. </div>
</blockquote>
<div><br>
</div>
<div>Somewhat as an aside, my understanding is that efforts to
provide infrastructure (not root server infrastructure
specifically albeit the same folks do provide anycast
instances for a root server operator) in India were blocked
by demands for bribes greater than the value of hardware
being shipped into the country (see <a
moz-do-not-send="true"
href="http://permalink.gmane.org/gmane.org.operators.nanog/100786">http://permalink.gmane.org/gmane.org.operators.nanog/100786</a>).</div>
<br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">Why this is not done,
or cant be done are the real questions in the present
debate. Any answers?<br>
</div>
</blockquote>
<div><br>
</div>
<div>Sure. You are assuming a top-down model that does not
exist. There is no single entity that can dictate to the
root server operators "you will give your root server to
IIT". You and others that care about this are free to make
the case to (say) Verisign that it would be in their
corporate best interests for them to relocate administrative
control of one of their root servers to India, but it would
be up to Verisign (or perhaps more accurately, its
shareholders) to make that decision.</div>
<br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">Is the real problem
here that if root server allocation issue is opened up,
countries would like to go country-wise on root servers
(as the recent China's proposal for 'Autonomous Internet')
which will skew the present non-nation wise Internet
topology (other than its US centricity), which is an
important feature of the Internet.<br>
</div>
</blockquote>
</div>
<br>
</div>
<div>No. Placement of root servers has no impact on Internet
topology. Really. Distributing root server instances can be
helpful in reducing root query latency and improving resiliency
in the event of network disruption. That's pretty much it.
Opening up the "root server allocation issue" is a red herring,
particularly given pretty much anyone can get a root server
instance if they care and are willing to abide by the
restrictions inherent in operating a root server. </div>
<div><br>
</div>
<div>Merging a subsequent note:</div>
<div><br>
</div>
<div>
<div class="moz-cite-prefix">On Sunday 05 August 2012 06:10 PM,
parminder wrote:</div>
</div>
<div>
<blockquote type="cite"><span style="background-color: rgb(255,
255, 255); ">' administrative access will not be available'
to the anycast operator to his own anycast server. </span></blockquote>
<div><br>
</div>
<div>Yes. However, if you ask anyone familiar with computer
systems, you will be told that if you have physical access to
a machine, you can gain control of that machine. Obtaining
such control would violate the terms by which the machine was
granted, but that's irrelevant.</div>
<br>
<blockquote type="cite"><span style="background-color: rgb(255,
255, 255); ">This is a pretty centralised control, </span><span
style="background-color: rgb(255, 255, 255); ">not at all
the picture one got from all the technically well informed
insiders who seem to suggest on this list that everything is
open, uncontrolled and hunky-dory and kind of anyone can set
up and operate root servers.</span></blockquote>
<div><br>
</div>
<div>I'm getting the impression that you read what you prefer to
read, not what is actually written. No one (to my knowledge)
has suggested "everything is open, uncontrolled and
hunky-dory". Root service is considered critical
infrastructure and is treated as such, so anyone asserting it
is "open and uncontrolled" would be confused at best. Can you
provide a reference to anyone making this suggestion?</div>
<div><br>
</div>
<div>As for "hunky-dory", I suppose some folks would say the way
the root servers are operated is "hunky-dory". I am not among
them.</div>
<div><br>
</div>
<blockquote type="cite"><span style="background-color: rgb(255,
255, 255); ">Was the African minister really so wrong, or
even the Indian minister? </span></blockquote>
<br>
</div>
<div>Yes. Really. </div>
<div><br>
</div>
<div>Regards,</div>
<div>-drc</div>
<div><br>
</div>
</blockquote>
<br>
</body>
</html>