Re: Threat from Christopher Ambler

[John Charles Broomfield <jbroom@manta.outremer.com>]

> > > > People who continue to use the existing root servers are essentially
> > > > delegating their vote in this process to whoever operates that root.
> > > > (And I do trust IANA in that regard as long as IANA's choices are
> > > > freely made by Jon P. et al without the US Government coming in and
> > > > uttering too many "thou shalts".)
> > >
> > >   Here is yet another fundemental area and idea incorporated within the
> > > MoU that is in stark conflict with reason and good managment process.
> > > It is also an attitude which breeds the oppisite of which it professes.  That
> > > being more regulation, and seperation of powers.
> >
> > This is the crux of the matter 100%. Karl is completely right when he says
> > that people are delegating their vote to whomever operates the root.
> 
>   They currently have very few alternatives.  And the ones that are up and
> running, are gaining more and more users all the time.

Few alternatives, but one of them a VERY important one:
You are under NO obligation to DELEGATE your vote of the root. You can VERY
easily create with the current software your own list of where TLDs can be
found (which is after all the information which the root servers are
resolving for you when yo decide to delegate to them). This option is
currently called GRS (grass roots servers), but it's something that has
existed for ages, and (the good thing) nobody can stop you from doing it,
nor can anyone tell you which TLD you "have" to swallow.
Say IANA goes ahead and delegates ".web" to CORE and inserts it in the IANA
roots. It doesn't matter a bit. You make your own choice as to which one you
consider to be legitimate, either it's Chris Amblers, or it's IANAs...
Of course, the downside to GRS is that keeping your list current is a bit
tedious... Currently there are in the IANA roots just over 200 TLDs, give
them an average of one change per year (because fortunately they don't
change much, but one change a year seems ok-ish), and you're up to nearly
updating your GSR file every day. Scale up the TLD numbers a bit (say to
1000?) and you've got 3 updates per day to keep track of by yourself. But
some bright spark already has updated files available for you, and he keeps
them updated so you don't have to bother, so you can just set up an
automated task to go and get that file every X delay. Erm, hang on... isn't
that delegating your vote again to this other person? Isn't it the same
result as just pointing to a set of root servers maintained by this
person/entity? Well, yes...
In any case, if you're sick of ALL the different roots available out there
today, you CAN build your own, but it will mean tracking TLDs by yourself,
or maybe transferring an authoritative root zone, setting it up as your own
GRS file, and then just manually editing the TLDs which you don't like how
that particular operator is handling.

Apart from building your own, you can choose to delagate to some other root
server (eDNS and alternic can include their plug here), but they don't seem
to be gaining meaningful support (and I think even THEY would be
hard-pressed to say the contrary).

> In addition the fact
> that NSI, not the IANA operates the Roots to which you refer are arbitrarily
> restricting new gTLD's and other registries and registrars form providing
> registration service within the existing name space (.com, .net, ,org) is
> in stark conflict with the free enterprise system as well as fair trade, when
> that capability is now available to anyone to do.  These two reasons are the
> primary reasons why are "Delegating" their vote.  If you only have one
> candidate, of course you have to delegate your vote.  There is no other
> choice.  So I find this statement inconsistent at the least.

See above, but I am lost with your two reasons as to why people delegate
their vote (reason 1 is that they have no choice according to you, which I
dispute. What is reason 2 for them delegating their vote?).
Although I hate to come out in NSI's defence, I don't think they are
DIRECTLY restricting ANY TLDs. They're probably lobbying like crazy the USG
(and effectively one would argue), but I'd guess that it's still IANA
authoring the root.

> > The argument that some come up with is that as there are default files
> > pointing to the IANA roots shipped with most DNS software, and as most
> > people leave those default files in place, then those people are not really
> > making a choice and are having the IANA decisions unwillingly "thrust" upon
> > them.
> 
>   This is changing all the time, and will continue to do so slowly.  In any event,
> this is really not the users doing, rather it is their ISP.

The users certainly have the opportunity of setting up their own server too,
though I find it unlikely due to the lack of them knowing about it, so any
user who IS bothered about what happens, can make his own choice too.
They don't HAVE to use the DNS supplied by their ISP, they don't HAVE to use
an external DNS at all...
If they DO use they DNS supplied by their ISP, then they're delegating their
vote to their ISP (who in turn is generally delegating it to IANA).

> > I disagree vehemently with this type of argument. While it is true that most
> > end users (ie, the end customers of ISPs) probably don't know and never will
> > anything about how DNS operates, and it is also true that many Mom & Pop
> > ISPs don't know how to correctly configure their DNS, I feel that the
> > responsability lies precisely (at least at this time) with the ISP.
> 
>   FOr half of the responsibility this is true.  The IANA could have and should
> take a leadership position to inform these ISP's what alternatives they really have.
> That they are not doing truthfully.

Ah, so you seem to think that YOU know what's going on, but the ISPs don't
and IANA is pulling a quick one over them? You're really discrediting ISPs
in general if you think that they don't know how DNS works. (As always, I'll
grant that the smaller/newer ones have great holes in knowing how it works,
but from there to infer that IANA is giving them incorrect information which
they are swallowing is a long jump).
IANA doesn't go around informing people that it's running a root, likewise I
don't see why it should go around informing people that OTHERS are ALSO
running a root. It's the responsability of the alternatives to go around and
inform that they are there. As long as IANA is not hindering this effort, I
can't see the problem (and IANA is *NOT* stopping *ANYONE* from setting up
their own root server). I would guess that all of the larger ISPs have
already heard about the alternatives available. That they choose not to take
those alternatives is meaningful.

> > A *VERY* large % of users can be accounted for with the larger ISPs, and
> > the larger ISPs, I am *SURE* that they know how to configure their resolvers
> > correctly.
> 
>   They should indeed.  However they often choose not to do so.  This really
> a mystery to me.

You mean that it's a mystery as to why they point to IANA? (is that what you
call incorrect configuration?) Maybe they're happy with the way IANA works?
(just a wild guess with absolutely no foundation of course...).

> > It is these ISPs who have the capacity to "vote with their feet". If they
> > are using the IANA roots, it is NOT because they come default, but rather
> > because they are happy with them.
> 
>   This very well may be true, for now.  We have already seen that this is changing
> slowly.  I hope that this change continues.

Again maybe it's interesting to note how slow this change is. Again it could
be due to satisfaction with what they're currently getting from IANA...
And the extremely low % that choose to "undelegate" their vote from IANA
could be construed as the % which is unhappy with IANA.

> > The fact that a (noisy) bunch disagrees with those decisions should not be
> > allowed to overshadow the high legitimacy that IANA currently has.
> 
>   I would agree that the IANA is largely legitimate.  The exception in in matters
> dealing with the DNS system.

I think it's precisely in DNS, IP number assignment and port numbering where it's
more evident that IANA *IS* legitimate as it's there where there is daily
following of the way that IANA assigns. The fact that you can read this
message proves that. (sent to an address at a certain domain name -under
IANA assignments-, using protocols which connect on IANA assigned ports,
using machines which -mostly- interoperate based on names and IP addresses
ultimately assigned by IANA).

Yours, John Broomfield.