[governance] India's communications minister - root server misunderstanding (still...)
Riaz K Tayob
riaz.tayob at gmail.com
Mon Aug 6 04:36:16 EDT 2012
David Thanks for the clarification.
Parminder, Time to go to Karl's cavebear and dig out some of the issues
he raised, like single point of failure, the misconception that the
internet is merely a collection of nets etc... such a long time ago and
such a boring escapade... and I share some sentiments that we are right
back in 2003...
But perhaps it is just as well I am an amateur (and an idiotic marginal
one at that) that I can perhaps converse directly with Parminder's views
*as if others were not around* - which is how this issue is dealt with
by many others on this list - as if legitimacy was not an issue... so
instead of talking at cross purposes let me converse with like-minded
people like Parminder so they and others can see where we are coming
from (although I am not speaking for Parminder, and it may sound like
it, you specify where you are ad idem if necessary... this a horrible
sarcastic caricature ... ) for others edification just to show them that
there is an alternate conception of things out there (not better, not
worse, just different... and perhaps if disinterested judgement is
applied, PERHAPS a more reasonable in approach)...
So Parminder, what I understand is that the system is designed in a
particular way, has incorporated a number of changes, and is rather
flexible - given certain constraints. Apparently the sense is that it
should be alright now, at the technical level, to solve the legitimacy
issues.
There remains the socio-political issue of "control" (or to give Curran
credence - participation) raised inaccurately and "deeply wrong" (which
is a vice for Southerners but Northerners who talk about a single root
are free from such aspersions - go figure) technically, but otherwise
(socio-politically) remains in tact because neither GAC nor IGF deals
with the issue to their satisfaction. Now conspiracy theories abound
(unless of course one listened to commie Cuba or how Iraq was treated
before the illegal invasion of Al Qaeeda infested Iraq -- if I recall
correctly on both counts as I am not trawling through the web to find
those references as it is tangential to my main point), but if there is
no real problem with the architecture as it is, then why can governance
structures not be changed in a way that maintains technical fidelity?
See it is nice when we too ask questions (and to anticipate the droll
responses - it is absolutely OK to have NO idea about the future shape,
but to know that current arrangements are not ok, and others are invited
to be pragmatic... see comments on evolution below).
On the technical level, I think "autonomous internet" and "single root",
these can be worked out and they are not so much of a problem as I read
this stuff - techies are cool and love engineering around problems - ...
and I am happy to be wrong and guided... On the socio-political level
the argument made by those who "support" (said guardedly, with all
necessary caveats) ICANN ask what do the likes of you/us want? I think
this has been clear - *no technical administration without
representation* - to paraphrase a famous tea party (although I do not
want to confuse that one with modern adherents, the likes of whom seem
to be on this list in large order - but that may just be my own
jaundiced eye, but it is a pre-existing condition so well... ).
So the more these fellows argue that "everything is alright" the more I
get the sense that these arguments work adequately well for the other
side (if the technical is so flexible, then it can work in a myriad of
governance arrangement just so long as integrity (system and people) and
testing is safeguarded - except for the actual shape of things to come.
From a _truly_ evolutionary perspective this is not a problem. I
suspect, however, that this argument is used to resist change so that
the destination (proposed shape of arrangements) can be criticised as
too sunny or cold as a substitute for setting upon the path of accepting
a directionality to change (and here they are right we ARE STILL in
2003). The evolutionary spirit is that of *variety creation*
(experimentation) leading to (natural iow political here) selection of
what works - and this is the test of the pudding in the evolutionary
system. Now if ICANN is more open to change than some civil society
people here then it is unavoidable that one /reasonably/ can conclude
they fall in as "true believers" or astroturfers without becoming a
conspiracy theorist.
Now it is ridiculous to assert (unless one is of John Bolton
predisposition, or the Heritage Foundation - decidedly anti-UN) that one
can handle matters of war and peace in the imperfect UN (or a really
supercharged GAC, if one is open to change and take the Chinese proposal
to heart as righteous and pious believers in the single root should -
although I am not a confessor) but can't deal with this... /perhaps it
is time to help them decolonise the evolutionary imagination... /
You see because for single rooters, whose belief - and it is a belief -
the Chinese proposal should be scary. Instead of beating the same drum
they have been for ages - they do need to be keenly aware of how
they_indict_ themselves in the socio-political realm (if one is
disinterested). Talking as if they were not listening (to be clear
because this is laden with assumptions that others could dispute, but I
do not expect much from you), they should be scrambling for a solution
because China may not be as powerful as the US but it has been patient
and has a strong vested interest in maintaining control as it
understands its political equations (if they misunderestimate this then
well there is no helping them). When they don't scramble then it puts
paid to all the (technical) bunkum that we had to deal with SINCE 2003 -
statements and actions must match, and they were so dedicated to this
view point. The indictment is the lack of depth or absence of discussion
from a believers pov on this list (for "believers" it indicates that
'the way they believe what they believe' is as much of a problem as
'what is believed' - but perhaps I am too esoteric here).
This is not so much of a problem for those who genuinely "buy" the
ICANN-ish type line (recognising that they are more flexible than some
in civil society) as they can self correct, but more of one for those
"astro-turfers" (so to speak, based on genuince concerns about the
Chinese proposal for single root rather than platitudes) - because the
question is that when the contradictions become so glaringly obvious the
"handlers" need to ask is "where can one find good help these days?"
leading to the inevitable, "how dispensable are you?" For me 'dime a
dozen' springs to mind, although there are some long haulers also - but
for them the experience has brought less, rather than more,
sophistication into civil society engagements imho.
You see, because I am chastised for name-calling (which in the IT
community I thought was par for the course, eg generally previous
discussions on IETF modalities, and particularly on this list) when I
was genuinely under the impression that this is the acceptable tenor of
robust engagement (perhaps I am not that good at induction)... I hope to
see some sincerity in those wishing to set the tone on this list to be
even handed. Now I am under no impression that this will be done, but
one must be optimistic.
And because I come from a Third World Nationalist perspective (which
is/one of many/ TW perspectives), let me put it like this, the issue of
'no technical administration with representation' is something that may
seem irrational for those with the civilising mission. But
self-determination and other issues (like sitting in the back of the
bus) became mainstream nevertheless. That said, Third World countries
have lots of problems, and corruption is certainly one of them - and
especially as raised on this list needs to dealt with head on (I hope
that this can be taken up and that the allegation is not left hanging as
it so frequently is in our countries). But some perspective is in
order, compared with Mortgage Backed Securities, Libor or the sum of
issues that make up the Great Recession (we can't call it a depression,
because well...) makes TWers look like petty thieves (and the rich
countries always score highly on Transparency International's list -
just look at Iceland's score in 2006!)...
...but more germane to the issues here is the serious violations that
have occurred in the US and the rich countries (including expropriation
of domain names by trade mark holders in the name of laws that were made
up as things went along, violations of privacy, PATRIOTIC legislation.
etc). See with this "wild west"/can do/"we the best" kind of attitude it
makes it hard to have a decent conversation... (and I drip with sarcasm
because I just do not like the pot calling the kettle black - I am odd
like that I know, just can shake it though, but will try) ... it may
come as a surprise to some, but what passes for progressive in some
quarters would not pass muster elsewhere...
I recall raising issues of conflict of interest once at a consultation,
and was lambasted. This is NORMAL in these fora - if upstarts even
question ICANN they must get their cumuppence.
And boy do we get it and take it. But I why should I let a
self-righteous tone kick me down? That we will be kicked down is a
CERTAINTY, and we engage that knowing that while maintain faith in
reason and the reality of choice - such hopeless romantics (sigh :)
So let me be absolutely clear, better 'a might is right' than supposed
ideological neutrality posing as universal. I can respect Avri when she
expresses a preference for US over others (and it is understandable - at
least the issue is contestable, if expensive, and there are some checks
and balances. This candour of techies is appreciated - then we can have
a real conversation and accept differences and work out stuff... taking
into account relative power differences, values of equality which are
put in practice (not some sublime impractical liberal assumption of
formal equality) etc... But candour should not be confused with
bullying and domination. Here at least people express themselves and are
clear, instead of the constraining political correctness that bedogs
other lists...
And I am sorry if I have to dispel the petty illusions that some on this
list seem to want to maintain (it is VERY important for them
apparently). From a marginal,amateurish perspective there is not an iota
of even handedness in many of the discussions, and the single rooters
and obsequious ICANNers in civil society stand on notions that are
threadbare (iow its time to up the game). If those who now want to make
points about namecalling and do not want to be coarse, then they should
step in with an even hand, and I will be first to admit that I am a
muppet... but like peanut butter, it needs to be spread fairly...
Riaz
On 2012/08/05 07:10 PM, David Conrad wrote:
> Parminder,
>
> On Aug 5, 2012, at 5:40 AM, parminder <parminder at itforchange.net
> <mailto:parminder at itforchange.net>> wrote:
>> Now, we know that there are three kinds of root servers, the
>> authoritative root server (in which changes are made to the root file
>> vide the IANA process), 13 root servers and then the any number of
>> mirrors that can allegedly be created by making an investment of 3k usd .
>
> No.
>
> There is a "distribution master". This is a machine that allows for
> zone transfer of the root zone data maintained by the "root management
> partners" (ICANN, Verisign, U.S. Dept. of Commerce NTIA) by anyone
> that holds the private root zone TSIG key (password). It is not
> publicly accessible and does not (I believe) respond to any DNS query
> other that "AXFR" (zone transfer), "IXFR" (incremental zone transfer),
> and "SOA" (start of authority, used to figure out if a server needs to
> do a zone transfer). As such, it is not a "root server".
>
> There are "root servers". These are devices that are numbered with
> one of 13 IP(v4) addresses listed in
> http://www.internic.net/domain/named.root to which the root zone is
> transferred and which respond to all DNS queries with referrals to
> top-level domains (exceptions being for queries for data in the
> root-servers.net <http://root-servers.net> and arpa zones which are
> co-resident with the root zone on 12 of the root servers).
>
> That's all. There are no special "13" machines that are the "true
> root servers" from which other lesser machines mirror the root zone.
> The devices that make up the root servers vary from single machines in
> one geographical location (this describes "B" and "D") to clusters of
> machines either localized or spread out geographically using "anycast"
> (this describes all the other root servers). Within the latter, there
> are different distribution models primarily to limit the load on the
> "distribution master". In many cases (particularly for the root
> servers that have many machines), there is an "internal distribution
> master" that fetches the zone from the "real" distribution master and
> makes it available to all the other machines for that root server. In
> other cases, each individual machine that makes up the root server
> fetches the root zone from the "real" distribution master directly.
>
> I should probably note that any resolver operator can (assuming their
> resolver is capable of it which most are) mirror the root zone into
> their resolver, but this doesn't make that resolver a root server
> since it doesn't have one of the 13 IP(v4) addresses.
>
>> What I see is that, while there are of course clearly very
>> significant differences between these three layers or kinds of root
>> servers, much of the 'technical input' on this list that I have come
>> across seem to focus on the non-difference and greatly underplay the
>> difference.
>
> As discussed above, the distinction you are making doesn't exist.
>
>> This I think is politically motivated, though disguised as factual
>> neutral/ technical information.
>
> Conspiracy theories are tricky things as it makes it difficult to
> communicate.
>
> As you have assumed conspiracy, I suspect trying to explain further is
> pointless since presumably I and anyone else who tries to disabuse you
> of your beliefs would obviously be part of the conspiracy. I will,
> however, continue trying since http://www.xkcd.com/386/.
>
>> We read in the discussions that the limit of 13 no longer is meaningful.
>
> You misread. The 13 IP(v4) address limitation due to the default
> maximum DNS message size still exists. While there are now ways
> around this limitation (specifically, the EDNS0 extension to the DNS
> specification), these ways are not universally supported and as such,
> cannot be relied upon, particularly for root service.
>
>> So if indeed it is not, why not breach it and make people of the
>> world happy.
>
> Even if it were possible, I sincerely doubt everyone having their own
> root server would make the people of the world happy.
>
>> Even within the limit of 13, why not allocate root servers in a
>> geo-graphically equitable manner, as Sivasubramanian has suggested,
>> especially when it seems to make no difference at all to anyone. Why
>> not make all these ill-informed ministers happy.
>
> As mentioned in a previous note, the operators of the root servers are
> independent (modulo "A" and "J" (through the Verisign contract with
> the USG) and "E", "G", and "H" (operated by USG Departments), albeit
> each of these operators deal with their root servers differently). How
> root server operators distribute their instances is entirely their
> decision. To date, there has apparently been insufficient
> justification for those root server operators to decide to distribute
> their machines in a "geo-graphically equitable manner".
>
> With that said, there are at least two root server operators ("L"
> (ICANN) and "F" (ISC)) who have publicly stated they are willing to
> give a root server instance to anyone that asks. Perhaps the
> ill-informed ministers could be informed of this so they could be happy?
>
>> I read that there is no central control over the 13 or at least 9 of
>> these root servers. Is it really true?
>
> Yes. The diversity of architecture and lack of centralized control is
> seen as a feature as it reduces the opportunities for "capture".
>
>> Is the 13 root server architecture not something that is aligned to
>> what goes in and from the authoritative root server.
>
> Root server architecture is independent of how the root zone is
> distributed.
>
>> If it is, why can these root servers not be reallocated in the way
>> tlds have been reallocated. Can they be reallocated or cant they?
>
> In practical terms, the "reallocation of a root server" boils down to
> transferring the root server's IP address and telling the new owner
> the zone transfer password.
>
> Before the DNS became a political battleground, root server
> "reallocation" occurred (extremely infrequently) when (a) the person
> to whom Jon Postel "gave" the root server changed employers or (b) the
> assets of the organization running the root server were acquired by
> another company. Today, "reallocation" of a root server would either
> require the existing root server operator voluntarily giving the root
> server IP address to a different organization or that IP address would
> have to be "taken" by eminent domain or somesuch.
>
>> I also read that the it is not about 13 physical root servers, but 13
>> root server operators,
>
> Well, 12 operators (since Verisign operates two root servers).
>
>> so the number 13 is about the root server ownership points, and not
>> physical location points.
>
> In the sense that there are 13 IP(v4) addresses that are "owned" by 12
> organizations. Geography is largely irrelevant.
>
>> Therefore what is needed is to reallocate the ownership points in a
>> geo-politically equitious manner. As Siva suggests, probably one to
>> an Indian Institute of Technology.
>
> Somewhat as an aside, my understanding is that efforts to provide
> infrastructure (not root server infrastructure specifically albeit the
> same folks do provide anycast instances for a root server operator) in
> India were blocked by demands for bribes greater than the value of
> hardware being shipped into the country (see
> http://permalink.gmane.org/gmane.org.operators.nanog/100786).
>
>> Why this is not done, or cant be done are the real questions in the
>> present debate. Any answers?
>
> Sure. You are assuming a top-down model that does not exist. There is
> no single entity that can dictate to the root server operators "you
> will give your root server to IIT". You and others that care about
> this are free to make the case to (say) Verisign that it would be in
> their corporate best interests for them to relocate administrative
> control of one of their root servers to India, but it would be up to
> Verisign (or perhaps more accurately, its shareholders) to make that
> decision.
>
>> Is the real problem here that if root server allocation issue is
>> opened up, countries would like to go country-wise on root servers
>> (as the recent China's proposal for 'Autonomous Internet') which will
>> skew the present non-nation wise Internet topology (other than its US
>> centricity), which is an important feature of the Internet.
>
> No. Placement of root servers has no impact on Internet topology.
> Really. Distributing root server instances can be helpful in reducing
> root query latency and improving resiliency in the event of network
> disruption. That's pretty much it. Opening up the "root server
> allocation issue" is a red herring, particularly given pretty much
> anyone can get a root server instance if they care and are willing to
> abide by the restrictions inherent in operating a root server.
>
> Merging a subsequent note:
>
> On Sunday 05 August 2012 06:10 PM, parminder wrote:
>> ' administrative access will not be available' to the anycast
>> operator to his own anycast server.
>
> Yes. However, if you ask anyone familiar with computer systems, you
> will be told that if you have physical access to a machine, you can
> gain control of that machine. Obtaining such control would violate
> the terms by which the machine was granted, but that's irrelevant.
>
>> This is a pretty centralised control, not at all the picture one got
>> from all the technically well informed insiders who seem to suggest
>> on this list that everything is open, uncontrolled and hunky-dory and
>> kind of anyone can set up and operate root servers.
>
> I'm getting the impression that you read what you prefer to read, not
> what is actually written. No one (to my knowledge) has suggested
> "everything is open, uncontrolled and hunky-dory". Root service is
> considered critical infrastructure and is treated as such, so anyone
> asserting it is "open and uncontrolled" would be confused at best.
> Can you provide a reference to anyone making this suggestion?
>
> As for "hunky-dory", I suppose some folks would say the way the root
> servers are operated is "hunky-dory". I am not among them.
>
>> Was the African minister really so wrong, or even the Indian minister?
>
> Yes. Really.
>
> Regards,
> -drc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120806/bc4368d4/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.igcaucus.org
To be removed from the list, visit:
http://www.igcaucus.org/unsubscribing
For all other list information and functions, see:
http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
http://www.igcaucus.org/
Translate this email: http://translate.google.com/translate_t
More information about the Governance
mailing list