ICANN/DNSO
DNSO Mailling lists archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [ga] Re: Redelegation issues


On 15:09 06/06/02, John Berryhill said:

> > afaik, those events had nothing to do with ICANN -- and it's a good
> > thing too, because staff would have caved in a second.
>
>Obeying the law is not "caving", and there is no reason why IANA should have
>continued providing service for .yu during the time that relevant sanctions
>were in place, and also during which time Milosevic's government was using
>gov.yu.

This comment - which is a little bit inaccurate about "IANA providing 
service" as they do not provide any other service than not to update .NZ 
street address - is of the utmost interest and the best demonstration of 
the reason why the root must be replicated.

1. John says that the IANA must obey the law. The US law. He is right. But 
we (non US people) do not want the US law to be applied, we want our 
interest to be protected, even against US ones.

2. The root server system is not totally under the US law. The three non US 
law dependent systems may be obliged to obey their local law creating havoc.

3. I fully agree with Roberto when he takes the example of nuclear bombs. 
And with his logic. But in addition to his points, we also have to consider 
that it will necessarily happen, and very soon, if the root is not 
replicated. I explain. Let assume the US are to land in Xu Islands. If 
press uncovers that a few GIs have been killed due to informations they got 
on the Internet that could have been prevented in black holing the Xu 
Islands ISPs or that thousands of US citizens were killed in a incident by 
terrorists who obeyed to e-mails exchanged with Xuist extremists that a 
simple reroute of the ".xu" would have prevented ...

I definitely think that the best protection is to have stable 
multi-replicated root systems. So no one is responsible. It works period. 
All the ccTLDs and gTLDs should have their secondaries scattered on 
different secondary root systems. When a root server system is infected or 
affected, is can then be turned down keeping the worldwide root server 
service clean. The solution is a multiple human root file generation with 
mutual verifications before loading. Permanent mutual cross checks between 
root server systems, and automatic disconnection of the reported faulty 
system and the of the reporting system. This calls for at least four root 
server systems to be in operations.

I note four things:

1. the load on each of these systems will be lower than on the present 
system. They can better accompany the growth of the Internet.

2. these systems should be built - as the one I operate - quickly for test 
and development. Even if my position turns to be wrong. Because if I am 
right, this is not something we can build, experience and validate in a few 
months.

3. They force a better International coordination and mutual concerted 
obligations, as such they are a protection for everyone against arbitrary 
policies and a peace factor.

4. stability, security, national sovereignty, law enforcement call for a 
non-real time root solution. This architecture is also an architecture 
freeing us from market monopolies like MS and VRSN. It is necessary the 
network architecture of the future (because it was the one which prevailed 
in 1982 :-) and we have progressively to adapt to the major changes it will 
introduce in the network economy and in the ICANN and ITU/T structure.


jfc














<<< Chronological Index >>>    <<< Thread Index >>>