[governance] India's communications minister - root server misunderstanding (still...)

parminder parminder at itforchange.net
Tue Aug 7 02:23:04 EDT 2012 

David,

On Sunday 05 August 2012 10:40 PM, David Conrad wrote:
> Snip)
>
>> So if indeed it is not, why not breach it and make people of the 
>> world happy.
>
> Even if it were possible, I sincerely doubt everyone having their own 
> root server would make the people of the world happy.

A good issue, and in the present circumstances, the right issue, to 
explore.

I understand that you and the technical community agree that, in the 
first instance, the root servers were distributed among different 
agencies primarily to avoid capture. Right!

To make sure we agree on this, I quote you from your email below

"The diversity of architecture and lack of centralized control is seen 
as a feature as it reduces the opportunities for "capture"." (David)

And I quote an ISOC document, as something that could represent the 
viewpoint of technical community in general.

    "......the root name servers that publish this zone file are
    organised in a distributed and diverse fashion. No single entity has
    authority or control over the operation of these servers. This
    diversity and the distributed authority has been a key element of
    the reliability of the root name service. Therefore this diversity
    should be maintained in the face of increasing pressure for more
    hierarchical "Internet Governance". http://www.isoc.org/briefings/019/

Again, what is being suggested is that distribution of 'power' over 
different entities running root servers helps avoid 'capture'. Very 
well! Now we should see that this is clearly political territory, talk 
of capture and distribution of power. Somebody rightly decided that if 
root server operations are distributed among different agencies and not 
subject to any 'single entity having authority or control over the 
operation of these servers' it will be good for the Internet, users etc. 
I understand that we agree up to this point.

Now, it is obvious that the decision to do the above was a political 
decision, including the choice of which all agencies should operation of 
root servers be distributed over. It was basically a US decision - take 
or give something from a compact of  US gov - other US entities. Now a 
few years down the line, the Internet globally being what it is, some 
people think that this political decision is not quite adequate to the 
current circumstances, and want a 'political' review of it.

They are not satisfied that the 'capture' possibility has been 
adequately accounted for. (Let us not lose sight of the fact that the 
idea and possiblity of 'capture' is not an invention of their 
conspiratorial minds. As above it is a prior issue central to current 
design of root server ownership.)

The logic of 'no single entity having the authority or control over 
operation of root server' does not stand close geo-political scrutiny, 
esp in today's world. 9 of the 12 root server operators are in the US 
and directly and full subject to US executive's emergency authority 
(believe me, they very surely are, and if we want to argue this point, 
lets argue it separately, so that we dont dilute the chain of logic 
here). Three root servers are outside in US friendly OECD countries, 
that routinely cooperate with the US closely in all kinds of strategic, 
including military and criminal, matters. Hounding of CEO of megauploads 
and wikileaks come easily to mind as instances of close cooperation in 
cross border Internet manners of the kind that are not so palatable to 
the rest of the world. Through OECD and other plurilateral pacts these 
countires are configuring an ever closer relationship vis a vis the 
global Internet. On global military and security matters, and the term 
'capture' relates to exceptional but plausible global scenarios, these 
countries always coordinate closely, and largely follow US diktats, esp 
on real 'global' emergencies.

Now, would you fault someone if he were to reason that the present 
strategy against 'capture' vis a vis the operation or the root/ DNS 
system of the Internet, while laudable in its initial intentions, is not 
quite  adequate, and is not in keeping with times. A simple and direct 
political formulation. What do you say to it? This is crucial point for 
us to cross, and if need be, argue and come to some common conclusion 
on. This requires clear political views, not technical, and I think we 
will agree to this fact.

One can suggest that given the current situation of the Internet, the 
very same laudable intention of avoiding capture that informed the 
present root server system, when it was instituted,  requires us to 
change the system. Is it really all that illegitimate a political 
demand. What is your response to this question? No, this is not an 
aside. This is the only question that the Indian and African minister 
really brought to the table, something which triggered and underlies the 
present discussion. One side cant conveniently turn the discussion 
around to what it wants to discuss, and calling the 'allocation of root 
servers' issue as a red herring as you do in your email. Such allocation 
and possible reallocation is 'the' issue we want to discuss. Of course 
there are other issues that you may want to bring to the table, and sure 
enough, we should discuss them too. But we cant just unilaterally 
pooh-pooh issues that are considered very important by others. 
especially when, as shown above, it take the very logic of 'capture' 
that you propose to its logical political consideration.

This brings us to the key, in fact, the original question, rescued from 
under the labyrinth of all kinds of obfuscations; why cant we either 
increase the number of root servers (operators) and allocate new ones to 
new agencies in a manner that is globally better distributed and more 
just or, if that is not possible, reallocate the existing root servers 
from too many agencies in a single country to those in others, esp in 
the South.

This will require an examination of the following questions

(1) whether the number 13 can be breached, and more root server 
operators created, and/or
(2) the existing root server operations can be reallocated.

I believe both options are possible (but surely, at least one is 
possible which serves as well), but we can discuss the technical and 
political issues involved.

This is the political demand from the South which cannot just be pooh 
poohed by describing its ministers as ill-informed or stupid. We seek 
full engagement of the civil society and other actors with this 
political demand.

parminder




>
>> Even within the limit of 13, why not allocate root servers in a 
>> geo-graphically equitable manner, as Sivasubramanian has suggested, 
>> especially when it seems to make no difference at all to anyone. Why 
>> not make all these ill-informed ministers happy.
>
> As mentioned in a previous note, the operators of the root servers are 
> independent (modulo "A" and "J" (through the Verisign contract with 
> the USG) and "E", "G", and "H" (operated by USG Departments), albeit 
> each of these operators deal with their root servers differently). How 
> root server operators distribute their instances is entirely their 
> decision.  To date, there has apparently been insufficient 
> justification for those root server operators to decide to distribute 
> their machines in a "geo-graphically equitable manner".
>
> With that said, there are at least two root server operators ("L" 
> (ICANN) and "F" (ISC)) who have publicly stated they are willing to 
> give a root server instance to anyone that asks. Perhaps the 
> ill-informed ministers could be informed of this so they could be happy?
>
>> I read that there is no central control over the 13 or at least 9 of 
>> these root servers. Is it really true?
>
> Yes. The diversity of architecture and lack of centralized control is 
> seen as a feature as it reduces the opportunities for "capture".
>
>> Is the 13 root server architecture not something that is aligned to 
>> what goes in and from the authoritative root server.
>
> Root server architecture is independent of how the root zone is 
> distributed.
>
>> If it is, why can these root servers not be reallocated in the way 
>> tlds have been reallocated. Can they be reallocated or cant they?
>
> In practical terms, the "reallocation of a root server" boils down to 
> transferring the root server's IP address and telling the new owner 
> the zone transfer password.
>
> Before the DNS became a political battleground, root server 
> "reallocation" occurred (extremely infrequently) when (a) the person 
> to whom Jon Postel "gave" the root server changed employers or (b) the 
> assets of the organization running the root server were acquired by 
> another company. Today, "reallocation" of a root server would either 
> require the existing root server operator voluntarily giving the root 
> server IP address to a different organization or that IP address would 
> have to be "taken" by eminent domain or somesuch.
>
>> I also read that the it is not about 13 physical root servers, but 13 
>> root server operators,
>
> Well, 12 operators (since Verisign operates two root servers).
>
>> so the number 13 is about the root server ownership points, and not 
>> physical location points.
>
> In the sense that there are 13 IP(v4) addresses that are "owned" by 12 
> organizations.  Geography is largely irrelevant.
>
>> Therefore what is needed is to reallocate the ownership points in a 
>> geo-politically equitious manner. As Siva suggests, probably one to 
>> an Indian Institute of Technology.
>
> Somewhat as an aside, my understanding is that efforts to provide 
> infrastructure (not root server infrastructure specifically albeit the 
> same folks do provide anycast instances for a root server operator) in 
> India were blocked by demands for bribes greater than the value of 
> hardware being shipped into the country (see 
> http://permalink.gmane.org/gmane.org.operators.nanog/100786).
>
>> Why this is not done, or cant be done are the real questions in the 
>> present debate. Any answers?
>
> Sure. You are assuming a top-down model that does not exist.  There is 
> no single entity that can dictate to the root server operators "you 
> will give your root server to IIT".  You and others that care about 
> this are free to make the case to (say) Verisign that it would be in 
> their corporate best interests for them to relocate administrative 
> control of one of their root servers to India, but it would be up to 
> Verisign (or perhaps more accurately, its shareholders) to make that 
> decision.
>
>> Is the real problem here that if root server allocation issue is 
>> opened up, countries would like to go country-wise on root servers 
>> (as the recent China's proposal for 'Autonomous Internet') which will 
>> skew the present non-nation wise Internet topology (other than its US 
>> centricity), which is an important feature of the Internet.
>
> No. Placement of root servers has no impact on Internet topology. 
> Really. Distributing root server instances can be helpful in reducing 
> root query latency and improving resiliency in the event of network 
> disruption. That's pretty much it. Opening up the "root server 
> allocation issue" is a red herring, particularly given pretty much 
> anyone can get a root server instance if they care and are willing to 
> abide by the restrictions inherent in operating a root server.
>
> Merging a subsequent note:
>
> On Sunday 05 August 2012 06:10 PM, parminder wrote:
>> ' administrative access will not be available' to the anycast 
>> operator to his own anycast server. 
>
> Yes.  However, if you ask anyone familiar with computer systems, you 
> will be told that if you have physical access to a machine, you can 
> gain control of that machine.  Obtaining such control would violate 
> the terms by which the machine was granted, but that's irrelevant.
>
>> This is a pretty centralised control, not at all the picture one got 
>> from all the technically well informed insiders who seem to suggest 
>> on this list that everything is open, uncontrolled and hunky-dory and 
>> kind of anyone can set up and operate root servers.
>
> I'm getting the impression that you read what you prefer to read, not 
> what is actually written.  No one (to my knowledge) has suggested 
> "everything is open, uncontrolled and hunky-dory".  Root service is 
> considered critical infrastructure and is treated as such, so anyone 
> asserting it is "open and uncontrolled" would be confused at best. 
>  Can you provide a reference to anyone making this suggestion?
>
> As for "hunky-dory", I suppose some folks would say the way the root 
> servers are operated is "hunky-dory".  I am not among them.
>
>> Was the African minister really so wrong, or even the Indian minister? 
>
> Yes. Really.
>
> Regards,
> -drc
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120807/7cf628ef/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list