<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#CCCCCC" text="#000000">
Parminder,<br>
<br>
I've read most of the emails on this thread as well as the Q&A
with Sachin Pilot, the Indian minister of state for communications
and information technology, that started it. And I'd like to make
two points.<br>
<br>
Most recently I was thinking about the challenges that would arise
from implementing such change and the potential damage that might
result to the stability, security, and centrality or unity of the
Net. And I was reminded of the arguments used in my country for
several decades after its founding, that tinkering with that
institution of chattel slavery in the southern states would do
severe damage to the security and stability of the then nascent
state. That might be a somewhat harsh parallel, but we are only in
the first decades of the Net, and its impact on us all grows daily.
<br>
<br>
Second, with this conversation taking place on the IGC list, your
statement relating to the upcoming ITU deliberations:<br>
<blockquote>"Do you think that as a premier global IG civil society
group, we are giving the appropriate response to the developing
situation by just keeping mum and thus supporting the status quo.
It will be most unfortunate if we simply dont have any position on
these issues, or even maybe 2-3 different sets, in these crucial
times for global IG."<br>
</blockquote>
drew me to write this +1 for your effort. <br>
<br>
It is my belief that the IGC should, minimally, put forth at the
coming ITU talks that we should seek ways to incorporate the
desires, needs, dreams, and otherwise of those not currently a
central part of the Net's CIR into a broadened circle of oversight.
And that such a broadening serves the goal of a stable and
developing Internet. And that an exploration of expansion,
transfer, or movement of root resources and their oversight seems a
reasonable place to start.<br>
<br>
I do believe most everyone on this list supports a loosening of the
U.S. government's control of some of its CIR reigns, albeit without
damaging the Net. So a statement to the effect that "IGC sees merit
in exploring a more equitable geographic distribution of root
resources" should serve IGC and the Net's future. Such a statement
seems to fit quite well with our organization's Vision Statement:<br>
<blockquote><i>The policies that shape the Internet impact not only
the development of the technologies themselves, but also the
realization of internationally agreed human rights, social
equity and interdependence, cultural concerns, and both social
and economic development. Our vision is that Internet governance
should be inclusive, people centered and development oriented.
Our contributions to the various forums relevant to Internet
governance, will strive to ensure an information society which
better enables equal opportunity and freedom for all</i>.<br>
</blockquote>
Best,<br>
<br>
Tom Lowenhaupt <br>
Jackson Heights, New York<br>
<br>
<div class="moz-cite-prefix">On 8/9/2012 6:23 AM, parminder wrote:<br>
</div>
<blockquote cite="mid:50238F98.2010005@itforchange.net" type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<br>
<div class="moz-cite-prefix">On Thursday 09 August 2012 01:53 AM,
Ian Peter wrote:<br>
</div>
<blockquote cite="mid:CC4907C9.27554%25ian.peter@ianpeter.com"
type="cite">
<title>Re: [governance] India's communications minister - root
server misunderstanding (still...)</title>
<font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size:11pt">As someone who has consistently
expressed opposition to the US unilateral position as
regards root zone file authorisation, let me say also that I
do not believe Parminder’s scenario 2 is workable.<br>
</span></font></blockquote>
<br>
Ian, <br>
<br>
I am fine with your political reasoning, and see some merit in it.
But, we should accept that this is indeed a political debate. And
also, when we do discuss root file authorisation issue it is not
right to bring in the 13 server backup as a political
justification of not doing anything or much - something which got
done in the earlier discussions on the IANA role.<br>
<br>
However, dont you see that it is becoming politically
unsustainable to not do anything about the issue of the control of
the root. Should we inform the African and the Indian, minister,
and I am sure, numerous other ministers, that civil society had a
long discussion on their concerns regarding unequitous
distribution of root operators, and came to the conclusion that
other than the US and a few western countries we are not able to
trust anyone - even if it were a regional system like an RIR -
with root operations, even when root server operation in a non
monopoly multi point redundancy operation. <br>
<br>
I dont think it will look nice at all. For instance, in the middle
of the ITU staff and some authoritarian countries canvassing for
more 'innovative' solutions through the ITU and perhaps other
means as well. Do you think that as a premier global IG civil
society group, we are giving the appropriate response to the
developing situation by just keeping mum and thus supporting the
status quo. It will be most unfortunate if we simply dont have any
position on these issues, or even maybe 2-3 different sets, in
these crucial times for global IG. I repeat that seeking 3 US
organisations to cede their root server operation to 3 RIRs in
developing world will be an important first step. It will in fact
look so good for the CS to make such a demand solidly, (for
instance, to the political actors in the South - non gov and gov
- who I can tell you, have limited trust in the neutrality of
what is called the global IG civil society). <br>
<br>
However I do full agree with you, Carlos and others that the real
issue is the IANA authority with the US. For this see below....<br>
<br>
<br>
<blockquote cite="mid:CC4907C9.27554%25ian.peter@ianpeter.com"
type="cite"><font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size:11pt"> snip<br>
<br>
I come back to my original position – and perhaps the only
one where we might get some agreement and also even the
possibility of some action. The authorisation role is
completely unnecessary, whether carried out by USA or UN or
whatever. Please do not transfer it to another body – just
remove it. The authorisation is based on recommendations
involving a set of very consultative and exhaustive
procedures. Once the ICANN processes recommend a change
after these consultations, let that be the final
authorisation. <br>
</span></font></blockquote>
<br>
You know that even if the US agreed to such a position in its
contract with ICANN, all ICANN actions remain subject to US court
directives and to the emergency executive powers in the US. So,
the ICANN has to be an international body, drawing its
constitutive authority from a source other than the US state. <br>
<br>
Also, since ICANN has a huge operational role, it is always better
to have an oversight review structure above and separate from the
operational body, This is a general sound political principle. So,
I still go back to my proposal for a non UN international, say,
Technical Oversight Board, with members from different regions
selected through an innovative process (which can be discussed)
and who have a very clearly laid out and constrained mandate of
oversight and confirming root changes, and whose decisions are to
be taken only by a big majority.....<br>
<br>
<blockquote cite="mid:CC4907C9.27554%25ian.peter@ianpeter.com"
type="cite"><font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size:11pt"> <br>
<br>
I can perceive a situation where USA might actually accept
that proposition, consistent with increasing independence of
ICANN. I cant see a situation where they transfer their
authorisation function to any other body.<br>
</span></font></blockquote>
<br>
US will finally have to accept what the world's opinion comes out
solidly in favour of. That is how global politics play out. It has
huge stakes in global Internet system, especially economic, and
must talk, negotiate, and where needed make concessions. It is
just that we give up too easily.... parminder <br>
<br>
<br>
<br>
<blockquote cite="mid:CC4907C9.27554%25ian.peter@ianpeter.com"
type="cite"><font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size:11pt"> <br>
Ian Peter <br>
<br>
<br>
<hr align="CENTER" size="3" width="95%"><b>From: </b>parminder
<<a moz-do-not-send="true"
href="parminder@itforchange.net">parminder@itforchange.net</a>><br>
<b>Reply-To: </b><<a moz-do-not-send="true"
href="governance@lists.igcaucus.org">governance@lists.igcaucus.org</a>>,
parminder <<a moz-do-not-send="true"
href="parminder@itforchange.net">parminder@itforchange.net</a>><br>
<b>Date: </b>Wed, 08 Aug 2012 16:46:35 +0530<br>
<b>To: </b><<a moz-do-not-send="true"
href="governance@lists.igcaucus.org">governance@lists.igcaucus.org</a>><br>
<b>Subject: </b>Re: [governance] India's communications
minister - root server misunderstanding (still...)<br>
<br>
<br>
<br>
On Wednesday 08 August 2012 12:35 PM, Dr. Alejandro Pisanty
Baruch wrote:<br>
<br>
<br>
</span></font>
<blockquote><font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size:11pt"> <br>
</span></font><font size="2"><font face="Courier New"><span
style="font-size:10pt"> Parminder, <br>
<br>
<br>
<br>
it may be useful to separate your problem into two
parts:<br>
<br>
<br>
<br>
<br>
1. authorization for changes in the root;<br>
<br>
</span></font></font><font face="Calibri, Verdana,
Helvetica, Arial"><span style="font-size:11pt"> <br>
</span></font></blockquote>
<font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size:11pt"> <br>
Thanks for the kind advice, Alex. In fact, I have insisted
repeatedly that I am only dealing with the second part as
below. The first part was dealt in an earlier discussion in
June with the subject line 'oversight'.<br>
<br>
</span></font>
<blockquote><font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size:11pt"> <br>
</span></font><font size="2"><font face="Courier New"><span
style="font-size:10pt"> <br>
<br>
<br>
<br>
2. operation of the independent root servers, including
their submission or not to an outrageously arbitrary and
deletereous change in the root.<br>
<br>
</span></font></font><font face="Calibri, Verdana,
Helvetica, Arial"><span style="font-size:11pt"> <br>
</span></font></blockquote>
<font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size:11pt"> Yes, this alone is the issue under
consideration here.<br>
<br>
<br>
</span></font>
<blockquote><font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size:11pt"> <br>
</span></font><font size="2"><font face="Courier New"><span
style="font-size:10pt"> <br>
<br>
<br>
<br>
That, I think, will help you parse the apparent
contradictions. We all have a problem with the first's
asymmetric-power situation; the second is a fail-safe
mechanism for the potential excesses of the first. <br>
<br>
<br>
</span></font></font><font face="Calibri, Verdana,
Helvetica, Arial"><span style="font-size:11pt"> <br>
</span></font></blockquote>
<font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size:11pt"> <br>
So you agree that independence of root server operators
indeed serves as a 'fail-safe mechanism for the potential
excesses' of the unilateral root changing power with the US.
<br>
<br>
In that case, you may agree that making MORE sure that the
root operators are MORE independent of US gov will make the
system MORE fail-safe or capture-resistant. In practical
terms I mean what if instead of the present distribution of
root server operators, 9 in the US and 3 in US friendly
countries, we have these servers distributed in a more
geopolitically equitous manner - as I suggested, for a start
RIRs of Africa, LA and Asia Pacific get one each, and
perhaps one more in each of these continents at a reputed
public technical institute. What do you say?<br>
<br>
Lets first agree on the need and desirability of such
re-allocation, before we go to the question of how to do it.
<br>
<br>
(apologies for some repeat language from my email to
Roland)<br>
<br>
parminder <br>
<br>
<br>
</span></font>
<blockquote><font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size:11pt"> <br>
</span></font><font size="2"><font face="Courier New"><span
style="font-size:10pt"> <br>
<br>
<br>
<br>
(Fail-safe does not mean "it cannot fail"; it means "if
it fails it devolves to a safe state", sort of when well
designed elevators go out of electrical power they don't
sink to the bottom and crash, nor just get stuck; they
fall to the next floor down and open the doors)<br>
<br>
<br>
<br>
<br>
(As a side: it may be valuable for IT4Change to recruit
the assistance of some Internet engineers, for example
by forming an all-volunteer Technical Advisory Board, if
you don't find this too meddlesome. I've seen such an Rx
work wonders in other, similar organizations elsewhere
and it's a win-win. If too meddlesome please ignore.
Again, happy to be corrected by those more
knowledgeable.)<br>
<br>
<br>
<br>
<br>
Yours,<br>
<br>
<br>
<br>
<br>
Alejandro Pisanty<br>
<br>
</span></font><span style="font-size:10pt"><font
face="Tahoma, Verdana, Helvetica, Arial"> <br>
</font></span></font><font face="Courier New"><span
style="font-size:11pt"> <br>
</span></font><font size="2"><font face="Tahoma, Verdana,
Helvetica, Arial"><span style="font-size:10pt"> <br>
</span></font></font><font face="Courier New"><span
style="font-size:11pt">! !! !!! !!!!<br>
</span></font><font size="2"><font face="Tahoma, Verdana,
Helvetica, Arial"><span style="font-size:10pt"> <br>
</span></font></font><font face="Courier New"><span
style="font-size:11pt">NEW PHONE NUMBER - NUEVO NÚMERO DE
TELÉFONO<br>
</span></font><font size="2"><font face="Tahoma, Verdana,
Helvetica, Arial"><span style="font-size:10pt"> <br>
<br>
<br>
<br>
<br>
</span></font></font><font face="Courier New"><span
style="font-size:11pt">+52-1-5541444475 FROM ABROAD <br>
</span></font><font size="2"><font face="Tahoma, Verdana,
Helvetica, Arial"><span style="font-size:10pt"> <br>
<br>
</span></font></font><font face="Courier New"><span
style="font-size:11pt">+525541444475 DESDE MÉXICO <br>
</span></font><font size="2"><font face="Tahoma, Verdana,
Helvetica, Arial"><span style="font-size:10pt"> <br>
<br>
</span></font></font><font face="Courier New"><span
style="font-size:11pt">SMS +525541444475 <br>
Dr. Alejandro Pisanty<br>
UNAM, Av. Universidad 3000, 04510 Mexico DF Mexico<br>
<br>
Blog: <a moz-do-not-send="true"
href="http://pisanty.blogspot.com">http://pisanty.blogspot.com</a><br>
</span><font size="2"><span style="font-size:10pt">
LinkedIn: <a moz-do-not-send="true"
href="http://www.linkedin.com/in/pisanty">http://www.linkedin.com/in/pisanty</a><br>
Unete al grupo UNAM en LinkedIn, <a
moz-do-not-send="true"
href="http://www.linkedin.com/e/gis/22285/4A106C0C8614">http://www.linkedin.com/e/gis/22285/4A106C0C8614</a><br>
Twitter: <a moz-do-not-send="true"
href="http://twitter.com/apisanty">http://twitter.com/apisanty</a><br>
---->> Unete a ISOC Mexico, <a
moz-do-not-send="true" href="http://www.isoc.org">http://www.isoc.org</a><br>
. . . . . . . . . . . . . . . . <br>
</span></font></font><font size="2"><span
style="font-size:10pt"><font face="Tahoma, Verdana,
Helvetica, Arial"> <br>
</font><font face="Courier New"> <br>
<br>
</font></span></font><font face="Times New Roman"><span
style="font-size:12pt"> <br>
<hr align="CENTER" size="3" width="100%"> <br>
</span></font><font face="Tahoma, Verdana, Helvetica, Arial"><span
style="font-size:11pt"><b>Desde:</b></span><span
style="font-size:12pt"> <a moz-do-not-send="true"
href="governance-request@lists.igcaucus.org">governance-request@lists.igcaucus.org</a>
[<a moz-do-not-send="true"
href="governance-request@lists.igcaucus.org">governance-request@lists.igcaucus.org</a>]
en nombre de parminder [<a moz-do-not-send="true"
href="parminder@itforchange.net">parminder@itforchange.net</a>]<br>
<b>Enviado el:</b> miércoles, 08 de agosto de 2012 01:38<br>
<b>Hasta:</b> <a moz-do-not-send="true"
href="governance@lists.igcaucus.org">governance@lists.igcaucus.org</a>;
Norbert Klein<br>
<b>Asunto:</b> Re: [governance] India's communications
minister - root server misunderstanding (still...)<br>
<br>
</span></font><span style="font-size:12pt"><font face="Times
New Roman"> <br>
<br>
Norbert, <br>
<br>
<br>
On Wednesday 08 August 2012 07:08 AM, Norbert Klein wrote:<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font face="Times New
Roman">I do NOT understand what the debate here is about
- discussing the location of the 12, or of the many
mirrors - when it is a debate over possible changes in
the political control of this system.<br>
<br>
Only what happens or does not happen on the Alpha
Server makes any difference (and it is replicated down
the lines throughout all the sub-systems) I understand.
Wrong?<br>
<br>
So any question about control of the 12 and the mirrors
is only about technical details. If the "control"
question is pointing at anything else but the Alpha
Server it is not changing anything fundamentally.
Correct or wrong?<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New Roman"> <br>
You have asked a good question - what is the debate here
:)<br>
<br>
You seem to agree with Carlos that the political issue is
ONLY vis a vis the control over the alpha server, which we
now know is in fact not the alpha server that a new
'stealth server'. All other root servers, including their
anycast extensions, simply and ONLY reflect the root zone
file, and so it does not matter who controls them. As for
location, there has not been any known difficulty to
locate new anycasts anywhere. Fair enough. <br>
<br>
Now, I will have to take you, and others who may still be
with us, to a long discussion on 'US's oversight' over
CIRs - chiefly the IANA function, that took place in June
on this list. David was greatly involved in it. When I and
others argued why US cannot be relied on to have the
unilateral authority to change the root file at its will -
the MAIN argument by David and others was; the 13, or at
least 9, root zone operators will very likely simply
refuse to publish a file so changed by the US. This
'system feature' was listed as the MAIN defence that
things are not as problematic as some of us are making
them to be. McTim, Lee and others made the same argument
of the 'independent decision making' by root server
operators, to minimise what was seen as the 'scare' over
US's fiddling with the root in its own interest. At the
end of this email I provide a few quotes from among
several on how this single argument was repeated employed.
<br>
<br>
Whereby, when we argue about the problem with US's
unilateral control over the root, the argument of
'independence of root operators' is invoked. Such
independence means that the '13 root operators' systems is
seen, if required, as being able to go beyond simply
reflecting the root zone file. Well, it has to be one of
the two;<br>
<br>
(1) Either, root operators can and will ONLY reflect the
root zone file in the 'stealth server', whatever happens -
in which case, we should not use the argument of their
deemed independence in discussions on problems vis a vis
US's unilateral IANA oversight powers <br>
<br>
(2) Or, indeed, at least potentially, root operators can
refuse to publish what is considered as an improperly
changed file by the US, and support the internet system
continuing to work on the basis of the original 'proper'
file - whereby, it is useful to redistribute root server
operator-ship among agencies that together are more likely
to resist US unilateralism. <br>
<br>
One of the above two must be true, and both cant be true,
because they are logically exclusive arguments. It cant be
that (2) is true in a discussion over IANA authority, but
it becomes untrue when we discuss distribution of root
server operators in a geo-political even and just manner.
This alone is my case.<br>
<br>
I can accept either (1) to be true, in which case the
argument of independence of root server operators to
publish what they want should NOT be used in an IANA
related argument (David, McTim, Lee et all, are you there
:) )<br>
<br>
Or I can accept (2) to be true, in which case, I will
appeal to Carlos for sympathy to the argument that
redistribution of root server operation authority may be
useful to be considered, while agreeing that IANA
authority is a much more important question. <br>
<br>
(To be fair to David, he has said even in the present
thread of discussion that 'The diversity of architecture (
of root server operators) and lack of centralized control
is seen as a feature as it reduces the opportunities for
"capture". If I surmise right, Carlos, and perhaps you,
Norbert, do not think this of being of any real
significance.)<br>
<br>
So, indeed there are real difference of views between,
for instance David and Carlos, on the political
significance of root server operator's independence (or
absence of it) - and thus of political significance of who
the 13 root server operators are.<br>
<br>
Such independence (or absence of it) of root operators,
especially in the face of an eventuality of US's rogue
behaviour, thus remains a key political issue, and in good
part is the point of debate here. The answer to this
question would determine whether it is worth the effort to
consider reallocating root server operation authority in a
more equitous manner. <br>
<br>
parminder <br>
<br>
<br>
<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font face="Times New
Roman"><br>
<br>
Norbert Klein<br>
<br>
<br>
-- <br>
<font color="#151B8D">Norbert Klein<br>
<a moz-do-not-send="true" href="nhklein@gmx.net">nhklein@gmx.net</a><br>
<a moz-do-not-send="true"
href="http://www.thinking21.org">http://www.thinking21.org</a><br>
</font> <br>
<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font face="Times
New Roman"> <br>
This is the only place in which there is
NTIA-authorized/controlled<br>
change in the root (the so-called "IANA function"),
and all the other 12<br>
and the hundreds of Anycast servers just replicate -
the Anycast servers<br>
being replicators of replicators in nearly all cases
(except for six<br>
replicating directly from a.root-servers.net).<br>
<br>
A new gTLD/ccTLD will never become alive if NTIA does
not give the<br>
"nihil obstat" to insert it in this file in this
"mother of all<br>
servers", which interestingly (or coincidentally,
depending on your<br>
level of paranoia :)) sits very close to CIA
headquarters in Virginia.<br>
NTIA also must become aware of *any* modification
intended in existing<br>
ccTLD or gTLD records in the root zone file, whatever
the Affirmation of<br>
Commitments says.<br>
<br>
If a saboteur explodes this server installation (each
one of the 13 is<br>
actually a cluster for resilience and security), does
the Internet stop?<br>
No, of course, the net of replicators will make sure
the Internet<br>
continues to operate fine. But no more changes in the
root, Virginia,<br>
until the "mother server" is rebuilt in Virginia :)<br>
<br>
If there is a worldwide revolt agains the USA
regarding the DNS, can the<br>
Anycast net operate and be modified without resorting
to one of the 13<br>
servers (an Anycast server is by agreement used tied
to one of the 12<br>
"master replicators", the F, I, J and L being the most
popular for this)?<br>
<br>
Technically, yes, of course, but...hmmm... I think it
is better to keep<br>
a dialogue with the USA instead. :) Aside from the
root servers, 16 of<br>
the largest 20 DNS servers in the planet are in the
USA, hosting many<br>
millions of domain pointers to Web services
*worldwide* -- millions of<br>
websites in Latin America, for example, depend on
these servers and<br>
corresponding hosting services.<br>
<br>
Is this talk necessary at all? I think this is
abundantly common<br>
knowledge since the root system's 13 servers started
to operate...<br>
<br>
frt rgds<br>
<br>
--c.a.<br>
<br>
On 08/07/2012 02:17 AM, parminder wrote:<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font face="Times
New Roman"> <br>
David,<br>
<br>
On Sunday 05 August 2012 10:40 PM, David Conrad
wrote:<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
Parminder,<br>
<br>
On Aug 5, 2012, at 5:40 AM, parminder <<a
moz-do-not-send="true"
href="parminder@itforchange.net">parminder@itforchange.net</a><br>
<<a moz-do-not-send="true"
href="mailto:parminder@itforchange.net%3E">mailto:parminder@itforchange.net></a>>
wrote:<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
Now, we know that there are three kinds of root
servers, the<br>
authoritative root server (in which changes are
made to the root file<br>
vide the IANA process), 13 root servers and then
the any number of<br>
mirrors that can allegedly be created by making
an investment of 3k<br>
usd .<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
No.<br>
<br>
There is a "distribution master".<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
So, well, apologies for referring to the root zone
file as the highest<br>
level of root zone server; I should perhaps simply
have said 'the<br>
highest level of Internet's root architecture'.
However, your chastising<br>
may be biased. Someone, quite unlike me, with deep
technical training<br>
like Daniel said is a recent email;<br>
<br>
"As already mentioned, there are hundreds of root
server instances.<br>
Each of these is an actual root server."<br>
<br>
Isnt this statement as or more untrue, in a
discussion where we are<br>
mainly speaking about actual 'control' over the root
file. The hundreds<br>
of root servers mentioned above are NOT 'actual root
servers'. An actual<br>
root server is a shorthand for an actual root server
operator, who<br>
exercises control (at least potentially) over the
root zone file that he<br>
publishes. (I learnt this from my earlier
discussions with you on the<br>
IANA authority and the US.) The 'ill-informed'
Indian minister seems<br>
rather better informed than 'technical experts' here
on this particular<br>
issue. He seems to know better which is a true or
actual root server and<br>
which is not. Quote from the same interview where he
quite wrongly said<br>
that Internet traffic flows through 13 root servers
(he should have<br>
said, internet traffic, in a way, gets directed by
13 root servers).<br>
<br>
<br>
"Currently, India's mirror servers reflect the data
but without<br>
mechanisms of control and intervention."<br>
<br>
Clearly what some 'technical experts' stress and
what they suppress (or<br>
forget to mention) depends on their techno-political
proclivities. Isnt<br>
it obvious!<br>
<br>
In response to my another email, you have asked me
to "provide examples<br>
of supposed 'statements of technical facts' that are
''thoroughly<br>
wrapped in a certain techno-political viewpoint".
Apart from the above<br>
example, I will try and find others in your email
below :)<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
(snip)<br>
<br>
That's all. There are no special "13" machines
that are the "true<br>
root servers" from which other lesser machines
mirror the root zone.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
Well, you did understand early in this discussion
that the argument is<br>
not about 'true root servers' but about 'true root
server operators', so<br>
why dont we stick to the real point of contestation
rather than create<br>
strawmen and defend against them. From your email of
a few days ago<br>
<br>
"The concern (as I understand it) is that the
administration of<br>
those root servers is in the hands of 12
organizations, of which 9<br>
are US-based. " (David)<br>
<br>
Yes, true. It is this what we are discussing here,
not the network<br>
latency problem. In that email, you understood the
concern right. It is<br>
about root server operators, and the term '13 root
servers' is loosely<br>
used to mean '13 root server operators'. That is the
real issue, and it<br>
was the issue that bothered the Indian and the
African ministers the<br>
latter being wrongly, if not mischievously, retorted
to in terms to<br>
availability of root server mirrors - a very
different issue. Similarly,<br>
this current discussion is continuously pulled
towards the convenient<br>
description of geographic extensions through mirrors
of root servers,<br>
away from the real issue of 'concentration' (against
distribution) of<br>
power to change root file or resist changes to root
file that is with<br>
the root server operators and none at all with
anycast mirror operators.<br>
<br>
It is very interesting that when I did that long
discussion with you,<br>
David, on the US's unilateral IANA authority, your
almost entire case<br>
was based on how the root server operators are
really independent (which<br>
is the same thing as saying they have 'power') and
this is the insurance<br>
against any US mischief with the root zone file.
However, now when we<br>
are discussing the power of root server operators,
which is<br>
geo-politically very unevenly distributed, the
'power' with the root<br>
server operators is sought to be so minimized as to
be completely<br>
evaporated. The focus is repeatedly sought to
shifted to how anyone can<br>
set up a root server and that those who speak about
13 root servers<br>
(meaning, root server operators) being not
distributed well enough are<br>
merely stupid!<br>
<br>
How does what appears to be the 'same fact' take
such very different<br>
manifestations in two different political arguments?
This is what I mean<br>
by 'technical advice' being warped by strong
techno-political<br>
viewpoints. I am not making any personal accusation.
I am stating a<br>
sociological 'fact'.<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
(snip)<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
What I see is that, while there are of course
clearly very<br>
significant differences between these three
layers or kinds of root<br>
servers, much of the 'technical input' on this
list that I have come<br>
across seem to focus on the non-difference and
greatly underplay the<br>
difference.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
As discussed above, the distinction you are making
doesn't exist.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
Well!! See above for the distinction. A clear
distinction that you did<br>
understand and articulate in your earlier email in
terms of<br>
concentration of ability for "administration of
those root servers is in<br>
the hands of 12 organizations, of which 9 are
US-based. " There is<br>
obvious and very important distinction between the
'power' of root zone<br>
operator and someone operating a mirror. This
distinction is the very<br>
basis of the whole discussion in this thread. But
you have easily and<br>
conveniently dismissed, or minimised, distinctions
between the root file<br>
layer, root zone layer and anycast mirror layer, esp
between these two<br>
latter layers . This is done through a unilateral
decision to speak<br>
about one thing when the other party is speaking
about quite another, or<br>
at least another aspect of the issue - which here is
the issue of<br>
'control' rather than availability of root file for
resolving queries.<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
This I think is politically motivated, though
disguised as factual<br>
neutral/ technical information.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
Conspiracy theories are tricky things as it makes
it difficult to<br>
communicate.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
:). I made it clear at the onset that I am trying to
argue that when a<br>
group has strong political inclinations - as the so
called technical<br>
community has - its technical advice gets
accordingly wrapped... Call<br>
it my conspiracy theory, but at least I am upfront.
But also (try to )<br>
see how the technical community sees deep
conspiracies in every single<br>
political utterance from the South. Worse its
conspiracy theory is<br>
further compounded by a 'stupidity theory'. Double
insult!<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
(snip)<br>
<br>
You misread. The 13 IP(v4) address limitation due
to the default<br>
maximum DNS message size still exists. While
there are now ways<br>
around this limitation (specifically, the EDNS0
extension to the DNS<br>
specification), these ways are not universally
supported and as such,<br>
cannot be relied upon, particularly for root
service.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
No, I dont think I misread. Just that the fact
remains that the number<br>
13 can be expanded without much difficulty, but you
are not too<br>
interested to explore that direction while I am
(again, political<br>
proclivities intervene). Wasnt introducing
multilingual gtlds also<br>
considered a bit 'difficult to rely upon' just a few
years back.<br>
Finally, political considerations helped get over
that unnecessary and<br>
exaggerated fear. It depended who were taking the
decisions, the US<br>
centric ICANN establishment earlier, but the same
establishment with<br>
some WSIS related fears and cautions in the second
instance.<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
So if indeed it is not, why not breach it and
make people of the<br>
world happy.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
Even if it were possible, I sincerely doubt
everyone having their own<br>
root server would make the people of the world
happy.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
This is 'the' most important point - whether there
is any justification<br>
at all to increase the number or root servers and/or
to reallocate /<br>
redistribute them in a manner that is politically
more justifiable and<br>
thus sustainable. I will take it up in a separate
email.<br>
<br>
regards<br>
parminder<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
Even within the limit of 13, why not allocate
root servers in a<br>
geo-graphically equitable manner, as
Sivasubramanian has suggested,<br>
especially when it seems to make no difference
at all to anyone. Why<br>
not make all these ill-informed ministers happy.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
As mentioned in a previous note, the operators of
the root servers are<br>
independent (modulo "A" and "J" (through the
Verisign contract with<br>
the USG) and "E", "G", and "H" (operated by USG
Departments), albeit<br>
each of these operators deal with their root
servers differently). How<br>
root server operators distribute their instances
is entirely their<br>
decision. To date, there has apparently been
insufficient<br>
justification for those root server operators to
decide to distribute<br>
their machines in a "geo-graphically equitable
manner".<br>
<br>
With that said, there are at least two root server
operators ("L"<br>
(ICANN) and "F" (ISC)) who have publicly stated
they are willing to<br>
give a root server instance to anyone that asks.
Perhaps the<br>
ill-informed ministers could be informed of this
so they could be happy?<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
I read that there is no central control over the
13 or at least 9 of<br>
these root servers. Is it really true?<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
Yes. The diversity of architecture and lack of
centralized control is<br>
seen as a feature as it reduces the opportunities
for "capture".<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
Is the 13 root server architecture not something
that is aligned to<br>
what goes in and from the authoritative root
server.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
Root server architecture is independent of how the
root zone is<br>
distributed.<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
If it is, why can these root servers not be
reallocated in the way<br>
tlds have been reallocated. Can they be
reallocated or cant they?<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
In practical terms, the "reallocation of a root
server" boils down to<br>
transferring the root server's IP address and
telling the new owner<br>
the zone transfer password.<br>
<br>
Before the DNS became a political battleground,
root server<br>
"reallocation" occurred (extremely infrequently)
when (a) the person<br>
to whom Jon Postel "gave" the root server changed
employers or (b) the<br>
assets of the organization running the root server
were acquired by<br>
another company. Today, "reallocation" of a root
server would either<br>
require the existing root server operator
voluntarily giving the root<br>
server IP address to a different organization or
that IP address would<br>
have to be "taken" by eminent domain or somesuch.<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
I also read that the it is not about 13 physical
root servers, but 13<br>
root server operators,<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
Well, 12 operators (since Verisign operates two
root servers).<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
so the number 13 is about the root server
ownership points, and not<br>
physical location points.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
In the sense that there are 13 IP(v4) addresses
that are "owned" by 12<br>
organizations. Geography is largely irrelevant.<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
Therefore what is needed is to reallocate the
ownership points in a<br>
geo-politically equitious manner. As Siva
suggests, probably one to<br>
an Indian Institute of Technology.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
Somewhat as an aside, my understanding is that
efforts to provide<br>
infrastructure (not root server infrastructure
specifically albeit the<br>
same folks do provide anycast instances for a root
server operator) in<br>
India were blocked by demands for bribes greater
than the value of<br>
hardware being shipped into the country (see<br>
<a moz-do-not-send="true"
href="http://permalink.gmane.org/gmane.org.operators.nanog/100786">http://permalink.gmane.org/gmane.org.operators.nanog/100786</a>).<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
Why this is not done, or cant be done are the
real questions in the<br>
present debate. Any answers?<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
Sure. You are assuming a top-down model that does
not exist. There is<br>
no single entity that can dictate to the root
server operators "you<br>
will give your root server to IIT". You and
others that care about<br>
this are free to make the case to (say) Verisign
that it would be in<br>
their corporate best interests for them to
relocate administrative<br>
control of one of their root servers to India, but
it would be up to<br>
Verisign (or perhaps more accurately, its
shareholders) to make that<br>
decision.<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
Is the real problem here that if root server
allocation issue is<br>
opened up, countries would like to go
country-wise on root servers<br>
(as the recent China's proposal for 'Autonomous
Internet') which will<br>
skew the present non-nation wise Internet
topology (other than its US<br>
centricity), which is an important feature of
the Internet.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
No. Placement of root servers has no impact on
Internet topology.<br>
Really. Distributing root server instances can be
helpful in reducing<br>
root query latency and improving resiliency in the
event of network<br>
disruption. That's pretty much it. Opening up the
"root server<br>
allocation issue" is a red herring, particularly
given pretty much<br>
anyone can get a root server instance if they care
and are willing to<br>
abide by the restrictions inherent in operating a
root server.<br>
<br>
Merging a subsequent note:<br>
<br>
On Sunday 05 August 2012 06:10 PM, parminder
wrote:<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
' administrative access will not be available'
to the anycast<br>
operator to his own anycast server. <br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
Yes. However, if you ask anyone familiar with
computer systems, you<br>
will be told that if you have physical access to a
machine, you can<br>
gain control of that machine. Obtaining such
control would violate<br>
the terms by which the machine was granted, but
that's irrelevant.<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
This is a pretty centralised control, not at all
the picture one got<br>
from all the technically well informed insiders
who seem to suggest<br>
on this list that everything is open,
uncontrolled and hunky-dory and<br>
kind of anyone can set up and operate root
servers.<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
I'm getting the impression that you read what you
prefer to read, not<br>
what is actually written. No one (to my
knowledge) has suggested<br>
"everything is open, uncontrolled and hunky-dory".
Root service is<br>
considered critical infrastructure and is treated
as such, so anyone<br>
asserting it is "open and uncontrolled" would be
confused at best.<br>
Can you provide a reference to anyone making this
suggestion?<br>
<br>
As for "hunky-dory", I suppose some folks would
say the way the root<br>
servers are operated is "hunky-dory". I am not
among them.<br>
<br>
<br>
</font></span>
<blockquote><span style="font-size:12pt"><font
face="Times New Roman"> <br>
Was the African minister really so wrong, or
even the Indian minister? <br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
Yes. Really.<br>
<br>
Regards,<br>
-drc<br>
<br>
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New
Roman"> <br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New Roman">
<br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New Roman"> <br>
</font></span></blockquote>
<span style="font-size:12pt"><font face="Times New Roman"> <br>
<br>
<br>
</font></span><font size="2"><font face="Courier New"><span
style="font-size:10pt"> <br>
<br>
</span></font></font><font face="Calibri, Verdana,
Helvetica, Arial"><span style="font-size:11pt"> <br>
</span></font></blockquote>
<font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size:11pt"> <br>
<br>
<hr align="CENTER" size="3" width="95%"></span></font><font
size="2"><font face="Consolas, Courier New, Courier"><span
style="font-size:10pt">____________________________________________________________<br>
You received this message as a subscriber on the list:<br>
<a moz-do-not-send="true"
href="governance@lists.igcaucus.org">governance@lists.igcaucus.org</a><br>
To be removed from the list, visit:<br>
<a moz-do-not-send="true"
href="http://www.igcaucus.org/unsubscribing">http://www.igcaucus.org/unsubscribing</a><br>
<br>
For all other list information and functions, see:<br>
<a moz-do-not-send="true"
href="http://lists.igcaucus.org/info/governance">http://lists.igcaucus.org/info/governance</a><br>
To edit your profile and to find the IGC's charter, see:<br>
<a moz-do-not-send="true"
href="http://www.igcaucus.org/">http://www.igcaucus.org/</a><br>
<br>
Translate this email: <a moz-do-not-send="true"
href="http://translate.google.com/translate_t">http://translate.google.com/translate_t</a><br>
</span></font></font> </blockquote>
<br>
</blockquote>
<br>
</body>
</html>