[governance] "Oversight"

David Conrad drc at virtualized.org
Wed Jun 6 15:05:16 EDT 2012 

Parminder,

On Jun 6, 2012, at 2:56 AM, parminder wrote:
> That exactly is why technical standards development and CIR requires political oversight. How can, what you call as, the 'technical community' decide that such a matter of utmost importance to people and countries outside the US is simply 'political window dressing'. It is ridiculous.

I suspect you have a misunderstanding about how Internet technical standards are set. Internet standards are set by "the community" -- folks (usually, but not exclusively, network engineers and software developers) who are interested in addressing a particular issue they believe exist get together, come up with a protocol or two, implement those protocols, and deploy the result.  If others agree that it is an interesting problem and the proposed protocols actually solve it, they'll join in.  If not, the protocols and implementations will fade away due to lack of interest.  

If this matter actually is of "utmost importance to people and countries outside the US", then there will be a _huge_ community that will define the standards and various folks who implement the standards will fall over themselves to get product out to that community. I am merely stating that I suspect it is unlikely that this actually is of "utmost importance to people and countries outside the US", the vast, vast majority of which probably have a few other things to worry about (like _real_ critical resources like food, shelter, water, electricity, jobs, reliable telecoms, Internet capacity, free flow of information, etc) than whether or not there are five DNSSEC signing keys instead of one.

> And whose cost/benefit analysis is it?

The folks who would spend the time to revise the specification, implement those revisions, and buy and deploy the resulting products.

> This is a misuse of 'technical power' which really is no technical power, it is real economic, social and political power masquerading as technical power, hiding behind technical people and the so called 'technical community' in order to gain some legitimacy, or rather to avoid the blame of illegitimacy.

Err, no.  It is merely the reality of bottom-up processes.  The fact that folks who do the work and sell the products aren't interested in areas that may be of particular interest to you is something that I've learned to accept.

> And if it is just 'political window dressing' why was the US gov so interested in asserting that the current DNSSEC model is what it wants, and none of the possible alternatives.

I'm not entirely sure which alternatives you're mentioning, but if you're talking about the DNSSEC key management model, they didn't want to change the existing root zone management structures.

> And why does US gov want the IANA manager to contractually agree that US gov will decide on the chief security officer for this function... Does this look like matters that can be called 'political window dressing'.

My understanding is that as a USG contract, the USG has the right to approve/disapprove pretty much any hire they feel is key.  However, this is irrelevant.  My "political window dressing" comment was related to modifying the DNSSEC specifications to allow for a greater number of signing keys in order to address a concern that is already addressed with existing mechanisms, would require a very expensive redeployment of the DNS system as a whole, and does not (as far as I can tell) provide any significant additional _technical_ capabilities.

> Actors dont go wholesale rogue in the manner you picture it, neither is such a radical from-the-scratch response possible in the real world. [...] Actors go rogue in stages, carefully, for their rogue-ness to be sustainable.

I agree yet the hypotheticals posed to date have implied instantaneous rogue behaviors on the part of the USG.

> As US has been going rogue on IP related international domain seizures, (and attempting to formalise it through SOPA), as in the attempt at 'Internet Kill Switch' legislation, as evident with ACTA, with use of Stuxnet and flame, formalising un-disclosed security relationships with google, facebook, twitter etc, with software companies...... What is your criterion for declaring US gone rogue?

In the context of what I was commenting on, demanding the modification of the root zone outside of existing policies and processes to address domestic US concerns.

I get that you don't like the US. That's OK, I'd agree politicians do lots of boneheaded things although I don't think the US has a monopoly on boneheaded politicians.  Fortunately, the Internet is decentralized so the actions of one country are not fatal to the Internet as a whole and in those areas where centralization is useful for efficient operation, the important bit is to ensure that there is decentralized oversight. I gather that we disagree as to how far the important bit of decentralized oversight have been addressed to date. That's fine and a useful area for discussion. I personally believe it is critical to focus on real areas of concern and to do so with as many facts as possible, not on emotions, preconceived notions, and political rhetoric.  But that's probably just me...

Regards,
-drc


-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list