[governance] RE: Human rights and new gTLDs

McTim dogwallah at gmail.com
Wed Sep 26 05:12:46 EDT 2007


EHLO Karl,

On 9/26/07, Karl Auerbach <karl at cavebear.com> wrote:
> McTim wrote:
>
> > The basic conceptual mistake you have made is to forget that the DNS
> > is a hierarchical, distributed system (RFCs 799, 1034, 1035, 920,
> > 1032, etc, etc).
> >
> > Now, if you want to put 2 million names in the root zone (instead of
> > say for example .com), well you CAN do that, but IMHO you SHOULD NOT.
>
> Three areas in which I believe we have *technical* disagreement, and one
> of policy disagreement:
>
> First, the idea that DNS is hierarchical is true but in a more limited
> way than is generally believed.
>
> In the absence of DNSSEC it is quite feasible for DNS to be a graph
> rather than a hierarchical tree with a single root.

And with DNSSEC? Is it less feasible or not feasible at all?


> The issues that people conflate are those of consistency of name query
> answers with singularity of rootness.  The former is a very desirable
> property - it fits with the principle of least surprise.  The latter is
> an undesirable property because it means that DNS would be singular
> point of failure, attack, and control.

Given that a singular root is the status quo, it seems the vast
majority of network operators are willing to put up with this
"undesirability".


>
> As for the number of names in a root zone - I ran some experiments, real
> experiments with real Bind and real computers and real data - in which
> we created a root zone with millions upon millions of TLDs.  (We pretty
> much simply elevated the .com zone of that date up one level to be a
> test root.)  It worked, although the time to load was pathetic because
> the poor machine didn't have enough memory (much less of a problem these
> days.)
>
> The limit on the number of names in a root zone has no clear technical
> upper bound - it's probably in the hundreds of millions.  The limit is
> more likely to be based on the rate of administrative errors and the
> time to reload.  But we know from .com that zones of 60million+ can be
> handled with excellent reliability, and from the point of DNS,
> experience with a TLD zone is directly applicable to experience with
> root zone.

I understand it is possible, but that doesn't mean we SHOULD do it.

>
> By-the-way, I do not agree that having more TLDs in any way requires
> that the depth of the hierarchy of DNS be diminished.  DNS space
> expansions are not zero-sum; growth in on dimension (such as root width)
> does not mean a retreat of size in another dimension (such as depth of
> the name space.)
>

I am not arguing that more TLDs REQUIRE less depth.

> Those are the technical issues.
>
> The policy issue is that even if you don't think we need additional TLDs
> why should you be empowered to impose your worldview or rather, your TLD
> sense of aesthetics, onto others?

I'm not arguing that.  I am saying that  these decisions are made in
established fora.  Those are the places where policy can be changed,
not the IGF.

For example, I am currently logged in to the jabber conference room
for Afrinic7 meeting.  I suggest that those who are concerned about
IPv6 resource distribution n the developing world (including gov'ts,
CS,) join this discussion (and others like it, instead of "flying down
to Rio".

Stream can be found here:

http://streaming.afrinic.net:8000/afrinic7.mp3


-- 
Cheers,

McTim
$ whois -h whois.afrinic.net mctim
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance



More information about the Governance mailing list