[governance] India's communications minister - root server misunderstanding (still...)

David Conrad drc at virtualized.org
Tue Aug 7 04:00:35 EDT 2012 

On Aug 6, 2012, at 11:23 PM, parminder <parminder at itforchange.net> wrote:
> Now, it is obvious that the decision to do the above was a political decision, including the choice of which all agencies should operation of root servers be distributed over. It was basically a US decision

As a point of historical information, it was actually a decision made (for good or ill) by Jon Postel.  He probably informed USG agencies (e.g., NSF or DARPA) of the later ones (probably after the fact) but knowing Jon, I do not believe the USG played a large role in any of the decisions.

> The logic of 'no single entity having the authority or control over operation of root server' does not stand close geo-political scrutiny, esp in today's world.

I suspect the root server operators would disagree with this statement (strongly), but I am not them so I will not comment. 

> Now, would you fault someone if he were to reason that the present strategy against 'capture' vis a vis the operation or the root/ DNS system of the Internet, while laudable in its initial intentions, is not quite  adequate, and is not in keeping with times.

I wouldn't, no. (the irony is great here for those that know my relationship with the root server operators :-))

> One can suggest that given the current situation of the Internet, the very same laudable intention of avoiding capture that informed the present root server system, when it was instituted,  requires us to change the system. Is it really all that illegitimate a political demand. What is your response to this question?

Illegitimate?  No. I've actually made similar arguments myself on numerous occasions, sometimes in colorful terminology I'm told.

However, you seem to be missing/ignoring a core concept: there is no central control of the root servers. I realize this is hard for folks inculcated with the ITU/monopoly PTT worldview to fully grasp (I've had the discussion about how the root system works with government official many times and invariably get "you're kidding" in response) but it is reality.

Given this, to whom will you make your demand, regardless of its legitimacy?

> No, this is not an aside. This is the only question that the Indian and African minister really brought to the table, something which triggered and underlies the present discussion.

Actually, I believe what triggered the underlying discussion is a simple desire for control and a simple lack of understanding of what they were demanding control of.  Your dressing up of this simple desire and lack of understanding in the political rhetoric of North/South conflict does not turn the pig's ear into a silk purse.  What I am primarily interested in is addressing the lack of understanding.  I have an undoubtedly naive hope that if people actually understand what it is they're after, it will moderate their desire to control it.

For example: I believe that if people actually understood the role of the root servers and the implications of gaining control over one, they'd realize it isn't "the droids they're looking for".  What I believe they _really_ want is control over the data the root servers serve. If that is not what they want then their desires should be addressed by getting an anycast root server instance (mirror).  

> This will require an examination of the following questions
> 
> (1) whether the number 13 can be breached, and more root server operators created, and/or

As I said in my previous message, I won't bother explaining why this isn't really an option as I doubt you'll listen.  However, to avoid your accusations that I'm withholding information for political purposes, I will note that extension mechanisms in the DNS protocol have been defined that allow for more than 13 addresses and that extension is now mandatory for all DNS servers (it is necessary to support IPv6).  Unfortunately, the existing Internet infrastructure (in particular, the cheap customer routers at the edge of the network and the myriad of broken firewall policies that think DNS messages larger than 512 bytes are attacks) has proven to be too brittle for that extension (known as EDNS0) to be relied upon for root service.  This will presumably change over time, but I'm not holding my breath.

> (2) the existing root server operations can be reallocated.

As mentioned in a previous note, this is also possible and has, in fact been done in the past.  All you need to do is convince one of the existing root server operators to give up their root server. Oh, and I imagine there will be a bit of a political food fight if the world finds out a root server is available. After all, <insert country here> obviously deserves a root server for <insert obvious reason here>! Should be quite interesting to watch (in the slow motion train wreck kind of way).

> This is the political demand from the South which cannot just be pooh poohed by describing its ministers as ill-informed or stupid. We seek full engagement of the civil society and other actors with this political demand. 

I don't recall calling anyone "stupid".

It seems to me that one of the fundamental impedance mismatches that is occurring is the implicit assumption that there is an overarching entity to which these sorts of political demands can be made and which will act upon those demands.  From an Internet technologist's point of view, this assumption is false: the Internet is composed of a multitude of privately operated autonomous networks and systems that agree amongst themselves on a set of parameters to ensure the networks interoperate.  There simply is no central authority.  The venues in which the operators of those networks and systems come to agreement on those parameters are places like ICANN, the IETF, and the RIRs, however those bodies aren't in control -- they merely implement the agreements (formal or informal) that are made in their respective venues.

I know this doesn't fit with how governments want to view the Internet.  So it goes.

Regards,
-drc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120807/7520ed45/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list