[governance] "Oversight"
parminder
parminder at itforchange.net
Wed Jun 13 03:28:32 EDT 2012
David,
Let me respond to you in two parts. In the first, I will temporarily
agree with all of your tech/ operational arguments, and in the second,
through a separate email, make some comments on tech/operational issues,
and also seek some clarifications.
You suggest that US really cant do anything significant to the global
Internet traffic, such is the way in which the global Internet is
structured. So, if indeed the bearer of the oversight role (defined as
the functions done in this regard by the US) can do no such potential
interference or harm, why would anything change if instead of the US, an
international body, duly constituted under international law (that needs
to also be signed by the US as well), gets to exercise the oversight
role. Especially when the same international law would guarantee the
broad principles of the present model as well as lay out clear procedure
to exercise the oversight function, both of which do not exist in any
internationally guaranteed way at present. I have a feeling that I have
said this before, but havent got a response.
I suspect that you, or some others, would say that any such an
international body will soon get into some monkey business and cannot be
trusted. On the other hand, we, unhappy with US's unilateral control,
hold that the US, whether it has done so or not till now, is likely to
get into some monkey business with its oversight power.
Now, lets look at a comparative picture of the two alternatives. We know
that US has been planning what has been called the Internet Kill Switch
bill, has sought interference with DNS system to enforce IP, enforces
unilateral sanctions on other countries, and imposes sanctions on those
countries who do not impose sanctions on countries that US want them to
(it did so recently with regard to Iran), regularly sends killer drones
across international borders with huge collateral damage, has
systematically used extremely potent software viruses against foreign
targets............
On the other hand, an international body carefully constituted, will be
completely bound by its constitutional law, have US, EU (and other
'good' countries on board without whose consent nothing can be done),
have due procedures clearly and transparently laid out (let us agree to
not agree to anything less than that for such a body), have its minimal
role fully defined (which cannot be changed without US and other 'good'
countries agreeing), and so on....
One can take ones pick.
So, the point is, if you really think that, to quote, ' there actually
is no control, oversight or otherwise' why not accede to the little,
inconsequential demand of non US countries to be treated equally and
democratically, which kind of democratic impulse I think would be native
to most of us. Why not let them all together exercise this, as per your
argument, purely symbolic, non-control and non-oversight. Just to make
us feel happy and equal, even if the demand may be coming out of some
deep post-colonial socio-psychologies and has no material implication or
worth. Why not just indulge us a bit, when there seems to be no cost in
doing so.
I simply fail to understand why when such an international system is
suggested, some very evil and formidable demons appear all around us
(look at the the ITU or even CIRP discussions), and then they suddenly
completely disappear when a possible abuse of the US's oversight
position is being discussed.
parminder
On Tuesday 12 June 2012 11:54 PM, David Conrad wrote:
> Parminder,
>
> On Jun 12, 2012, at 7:53 AM, parminder wrote:
>
>> In any condition that US law and executive power considers special - whether IP enforcement or security/ warfare related, all US based root servers will be obliged to fall in line.
>>
> I'll admit some difficulty understanding the actions you argue the USG would be forcing root servers to comply with. Could you provide a concrete example of what you're concerned about?
>
>
>> Although David says DNSSEC does not change this situation at all, from his own description of the processes involved, I see that DNSSEC implementation greatly increases the various costs of non publishing of the authoritative root file as communicated from Verisign's server.
>>
> I'm sorry I'm not explaining things clearly enough. Let me try it this way, completely ignoring the role the root server operators may (or may not) play since you find that unconvincing:
>
> Assume the USG forces Verisign to remove .IN from the root zone. A query for<anything>.IN will then result in a "name error" response being returned to the querying resolver (typically operated by ISPs). With DNSSEC, some cryptographic data is also returned that allows the resolver to prove (in the mathematical sense) that the holder of the root zone signing key (Verisign) agrees that the "name error" should be returned. Without DNSSEC, you still get the "name error", the resolver just can't prove that's what the holder of the zone signing key intended.
>
> So, we now have a root zone(provably, if you bother to verify the DNSSEC data) without .IN in it. Let's say you run an ISP anywhere in the world. Now, _all_ of your customers that attempt to connect to any website in the .IN domain will get "name does not exist" in their web browsers, email programs, bittorrent clients, etc. Your customers are probably not going to assume it is because the USG removed the .IN domain, rather they're more likely going to assume you screwed up somehow and call you to scream at you. After a sufficient number of calls (which, depending on the scale of your ISP, will probably be from minutes to hours), you'll most likely fix the problem for your users by getting a copy of the root zone, reinserting the .IN data into that copy, and putting that root zone on your resolvers.
>
> Since you have fixed the problem in your resolvers, the fact that the root zone is DNSSEC-signed is completely irrelevant. DNSSEC only protects the resolver's cache from getting crap data inserted into it. Your customers, by using your resolvers, trust you to return accurate data. The _vast_ majority of those users will never see DNSSEC-related information since the resolver strips that information out when responding to client (e.g., web browser) requests. For those users that actually know enough to request DNSSEC information, they will undoubtedly know enough to solve the problem the same way you did.
>
> So, the end result of the action taken by the USG is to completely remove the USG from any role in administering the root zone while at the same time generating vast amounts of (both domestic and international) outrage and destabilizing the Internet. The USG would want to do this because?
>
>
>> Do you still think other countries can trust the US with oversight control over such a vital infrastructure as the Internet?
>>
> The part that I believe you're missing is that there actually is no control, oversight or otherwise. Because of the decentralized nature of Internet operations, the Internet only works because everyone (primarily ISPs) agrees that it should work (what Mitch Kapor termed "The Tinkerbelle Effect" at a meeting back in the early 90s). In my view, the role ICANN plays (or, perhaps more accurately, was intended to play) is to allow people to get together to agree on how a part of the Internet should work and my impression is that the USG merely tries to ensure ICANN follows its own policies and procedures to do this. Your assertions that the USG is going to go rogue and force bad things to be done to the root of the DNS ignores the fact that those bad things only have effect if everyone (primarily ISPs) all around the world agree that those bad things should occur. I am a bit skeptical this would occur.
>
> Regards,
> -drc
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120613/bd8acab8/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.igcaucus.org
To be removed from the list, visit:
http://www.igcaucus.org/unsubscribing
For all other list information and functions, see:
http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
http://www.igcaucus.org/
Translate this email: http://translate.google.com/translate_t
More information about the Governance
mailing list