ICANN's Recent Report on "Alternate Roots"
ICANN's Recent Report on "Alternate Roots":
ICANN's "Security and Stability Committee" (SSAC) just issued a report
on "alternate roots"
The best word I can think of to describe it is "dud".
Remember ICANN's ICP-3:
A Unique, Authoritative Root for the DNS from back in year 2001?
Remember how ICP-3 was filled with hysterical language about how competing
DNS roots would cause the internet sky to fall and and DNS caches be polluted?
The new report from the SSAC quietly distances itself from those
claims. This is the positive aspect of this new SSAC report.
The report, however, continues the unjustified and undefined claim that only
ICANN can publish a DNS that is "authoritative". And the report
continues ICANN's historical method of using subjective social and business
concerns as justifications for technical restrictions. For example, this
report makes the claim that only ICANN authorized top level domains can operate
with concern for customer needs and that only ICANN can act in conformity with
some never-defined notion of "public interest" (an odd claim given
ICANN's ejection of the public from virtually all aspects of ICANN's
decision-making machinery.)
In other words, ICANN's Security and Stability Committee, a committee of
technical worthies, has authored a report that addresses neither security nor
stability, and those matters that it does address are supported by
non-technical, conclusory assertions for which the members of the committee possess
no particular expertise or experience.
But the most important aspect of the new SSAC report is this:
The SSAC report does not raise any technical reason why as a technical matter
there can not safely coexist on the net several different DNS naming spaces -
which may or may not be consistent with one another - each dangling from a
different DNS root.
The report does say that two people each using a different root might
get different answers to the same DNS question. But that is a meaningless
observation - it is something we've all known for years: that different DNS
hierarchies may, but need not necessarily, yield different answers.
The discussion about competing roots has evolved so that we now ask whether
different DNS hierarchies are consistent or inconsistent with one another.
Inconsistency, like a tango, takes two. When two or more roots differ,
it is useless to engage in endless, and ultimately dogmatic and religious,
debates about which is "authoritative". It is far more useful to
ask whether each root serves the needs of the community that has voluntarily
chosen to use it.
One of the underlying assertions underlying ICANN's behavior towards
competing roots is the implicit belief on the part of ICANN is that ICANN has a
duty to suppress DNS heresy and create a single catholic
name space that everyone on the internet is required to use. In other
words, ICANN does not want communities to have a choice; it's either the ICANN
way or naught.
It is impossible to reconcile ICANN's Procrustean
stance vis-à-vis competing roots with the idea that every user of the internet
should have not only the ability but also the right to shape the way in which he
or she uses the internet. This idea of control at the edge is the
underlying conception of the end-to-end principle and of my own First
Law of the Internet.
Why should ICANN be allowed the power to deny to users of the internet the
ability and right to shape the landscape of names that they, and their children,
use on the internet?
The biggest hammer this document had to throw was that the authors couldn't
conceive why anybody would want to operate a system of root servers.
In other words the report says that because the authors do not have an
imagination then nobody else does - which is both absurd and false.
Not long ago I published a note entitled What Could You Do With Your Own Root Server.
That note considered the ways in which a root server operator could take
advantage of its position for profit or power. It is quite clear that a
single root server operator could obtain a significant revenue stream. It
is even more clear that an entire system of roots, if it can garner adequate
use, could also obtain significant revenue.
Consider, for example, a root system that takes a few cues from Google:
Consider a root system that uses data mining to generate a revenue stream and
that attracts query sources (users) by giving those users a taste of the
action. Suppose you were to receive a check from such a root system that
paid you $0.0001 for every DNS name that you (legitimately) resolve using this
root system rather than the ICANN/NTIA root.
Consider the opportunities for preferential or optimized name services.
Consider the opportunities for highly filtered views of the DNS
landscape. Not everyone considers universal connectivity to be a
boon. For instance Motorola recently found that it could create a
lucrative line of mobile
phones for orthodox Jews in Israel in which the ability to call or be called
by certain phone numbers can be restricted by the elders of the sects.
ICANN's SSAC seems to have no more foresight than the business professor who
gave the founder of FedEx a low grade because the professor thought the Federal
Express business model was silly.
Good thing the FedEx founder had the opportunity to test his idea.
However, in the land of ICANN no idea is permitted unless approved by the
ICANN powers.
Yet there are those who still refuse to see that ICANN's methods are nothing less
than highly intrusive and destructive regulation plunged into the body of the
internet up to the hilt.