Archive for August, 2009

Confusion reigns in Washington over ICANN

Friday, August 7th, 2009

I am hearing an inordinate amount of mis-information and FUD around US govt control, ICANN, and the Internet.  I hope I am just missing some facet of the political optics here.  I just want to make sure we all get a reality check wrt ICANN, NTIA, VeriSign, Root operators without any of the spin that each one of these groups/entities puts on their respective roles in the Internet.  There are a number of thinly veiled charades going on here.

Root Operators – I love these guys but they are not irreplaceable – anyone can run a root server.  The data is public by definition. Doesn’t require extraordinary skill and nowadays there are many commercial and non-commercial companies that will run the systems for you with presence all over the world and an abundance of capacity.  And as far as the magic set of IP addresses assigned to each of them, I or my ISP are free to pick a totally different set of addresses and hence different root servers…and there are many alternatives.

VeriSign – Often makes the misstatement that they “route” Internet traffic. Let’s be clear, DNS is just a phonebook.  If you have the other guy’s number (IP address) via other means (e.g. use Google or just remember it), you don’t need the DNS.  Routing of data on the Internet doesn’t depend on the DNS.  That depends on the cooperation and self coordination of telecoms and ISPs often at meetings like NANOG, RIPE, etc…  Essentially VeriSign just runs a couple servers holding the root zone text file (~3000 lines).  The Root Operators pull from these servers and redistribute on theirs.  The idea that things go dark if they don’t do their job is false.  The Internet would probably not even notice.

NTIA – the idea that NTIA controls the Internet because it controls the IANA functions contract is sometimes heard.  Wrt DNS and the root, if it is anyone it is ISC (Internet Software Consortium) that “controls” it by virtue of being the de-facto standard DNS resolver software. By default most ISPs use the root server file (with IP addresses of the Root Operators above in it) distributed with the package.  ISC could change this to an alternate set of roots – not violating any rules – and no one would likely notice.  They could leave them as is or change them.  It is all a matter of choice.

ICANN – They manage the root through a public participatory process…uh…this is not completely right.  NTIA limits what they can say, discuss and do with the threat of taking away the IANA contract.  I know it means nothing in the end but perception might then make it harder for ICANN to then enforce the contract with VeriSign that pays them $40M/year – currently their main source of income  (from .com/.net. registrations VeriSign made ~ $1B according to SEC 10K filing).   So fear often prevails.  Gee, I wouldn’t risk it either if I were them. Not being allowed to publish all correspondence or have public consultations (often under the guise of privacy between contractor and contractee) only weakens transparency and trust in US and ICANN and the process.  I understand from this site that DNS security is one such example where public opinion was ignored and participation barred for no national security reason.  So although ICANN offers a public forum for discussion, a plain old trade organization on K street has more freedom and transparency.

IANA – Finally some meat here to make sure people don’t pick the same IP address, DNS name or other Internet parameter but it is only 10 people out of the 100 at ICANN.  But again, if US govt angers the international Internet community sufficiently, nothing stops these functions from moving elsewhere.  The IP address coordination goes to the NRO (Number Resource Organization) or ITU, the Internet parameters to the IETF (NTIA already caused some difficulty last year on this), and the DNS root to some organization under the UN umbrella we all know and like ;-).  There is no real way to hold numbers hostage.  Not even the IANA function contract.   Use of any one of these databases in the end is voluntary and is only as good as the Internet community trusts in the people, process and procedures behind it.

Maybe each of these groups is just saber rattling for relevance but I would hate to see what small but positive influence we (the US) have by being a watchful eye over DNS disappear and move elsewhere if some of these exaggerated views get legs and aggravate our international partners.   Wrt US govt’s role, a little transparency and less day-to-day operational involvement would go a long way.

In the end the choice is up to the consumer.  Neither ICANN nor US govt not root operators or VeriSign can control who the ISP or end-user picks to look up names for them (for DNS).  There are at least a dozen alternate roots and setting your own up is not so difficult.  The only thing keeping most of the world using the IANA root is a loose consensus that they are happy enough with the service and the desire to having a consistent root somewhere in the world.

As soon as we (the US) do something to dissuade that loose consensus from trusting us, any one of a number of entitles stand ready to offer up a less contentious, global Internet community trusted solution.   This is where, if we play our cards right, we can continue to exhibit leadership – not by command and control but with international cooperation and transparency.