Special Report on Internet Governance Published - herewith the introduction with description of rootzone move scenarios and a possible solution to the DNS wars

Gordon Cook cook at NETAXS.COM
Fri Aug 1 01:55:11 EDT 1997


This is the introduction to the publication today of an anthology of COOK
Report coverage of the DNS, IP and general Internet governance crisis of
the past six months. Part I of what follows offers a new summary of events
at a high level and then concludes with Parts II and III which contain
entirely new material. Part II is a description of technical scenarios
that could flow from a decision by IANA to remove the root zone files from
NSI, and Part III offers a way of analyzing the DNS problems that could
result in rendering the IAHC process moot by eliminating gTLDs and placing
DNS under country codes and the laws of the respective countries in which
the registrants of the domains live.

Part I:  Internet Governance Has Not Matured at Same Pace as 
Infrastructure 

A year ago the DNS debate was beginning to turn into warfare.  The
International Internet Ad Hoc Committee on DNS was about to be launched.
The various other folk whom some were beginning to call the DNS "pirates"
had put their operations into high gear.  These developments carried on
through January of this year when IAHC finalized its plans and a coalition
of various interests emerged determined to derail IAHC by whatever means
necessary.

Once the White House became involved in February with the creation of the
InterAgency Task Force on DNS, things got very messy very fast.  The
National Science Foundation has been well aware for more than a year that
the parallel structure for the allocation of IP numbers in the Americas
had to be disconnected from Network Solutions handling of DNS before the
end of government involvement with the NSF - NSI Cooperative Agreement.
IP number allocation issues in the rest of the world were handled by
membership based organizations.  It seemed reasonable to NSF that the
Americas catch up to the rest of the world in this respect.

Through out the winter the NSF worked diligently towards this end only to
have the White House intercede and overturn all it plans on March 3.
Unfortunately the White House action meant that federal bureaucrats who,
more often than not, had only a limited knowledge of the Internet were now
making policy that would determine the fate of some key elements of
Internet governance.The formation of the American Registry for Internet
Numbers was an inadvertent casualty of the White House action.
Unfortunately it was only a couple of weeks before the "feds" decided that
they would "fix" IP as well as DNS. As a result the announcement of ARIN,
instead of happening on March 18, occurred only on June 24. 

In the meantime nothing was being done about the institutionalization of
the authority functions of the Internet Assigned Numbers Authority. From a
governance point of view IANA is the single most critical piece of
Internet Infrastructure. Unfortunately the federal agencies involved were
far more interested in pursuing their own agendas than in trying to
understand why those who really new the workings of the net have talked
for more than a year about the need to institutionalize the IANA. These
people saw the need to shift the burdens of sole control from the
shoulders of Jon Postel, who, as a single widely-trusted person was ill
equipped to deal with the economic and legal pressures of a commercialized
network that was in the midst of becoming a critical piece of
communications infrastructure for governments and global corporations.

Without understanding a complicated nexus of relationships, American
policy makers were refashioning the DNS "piston" of the Internet engine
with no awareness of its linkage to IP and the linkage of both to the
IANA. The situation is messy because, while the IANA was the implementor
of the IAHC process that threatens the livelihood of Network SolutionÕs
control of the .com top level domain name, IANA also depends on NSI to run
the key data bases that feed the DNS root servers and to fund the start up
expenses for ARIN. Operationally Network Solutions is subordinate to IANA,
which, at the same time, found itself loosing its operational funding and
becoming the subject of legal attacks.  To complicate things further IANA,
through the IAHC process, is firmly allied with ISOC and some believe with
ITU - an alliance that is generally unpopular within the commercial
Internet community and one of the major reasons why the majority of that
community is believed to favor the US government intervention. Although
Glen Schlarmann and Brian Kahin are the titular co chairs of the Federal
review effort, Ira Magaziner calls the ultimate shots from the White House
and on June 18th, having come up to speed on the issues interceded with
the Inter Agency DNS Task Force and ordered the formation of ARIN.
However, the forces at play now go well beyond ARIN.

The Rickety Foundation of Internet Governance

The foundation of Internet governance has become a very rickety pedestal
on which are balanced the conflicting interests of IANA, the Registries,
the US government, Network Solutions, IAHC, the ITU and others.
Regrettably Postel and the US government may be on that collision course
over the issue of putting new top level domains in the root servers.  Even
more regrettable is as the struggle over DNS continues, no one is
addressing immediate shortcomings in the IANA procedures. The Federal
Interagency Task Force has an IANA task force. While we have not been able
to ascertain what the IANA task force is doing, we have been told that
there is very close to a total dearth of sound technical knowledge at work

The continuing DNS disputes would seem to be intractable.  Certainly NSI
and IANA/IAHC have few common interests.  The US government has not yet
figured out a course of action.  Whatever the "feds" do, it will likely be
opposed to the interests of both IANA/IAHC and NSI. Some people believe
the U.S. government will simply try to buy time by extending the life of
the cooperative agreement so that it can at least continue to control NSI.
The problem is that such a course of action may not have any affect on
whether Jon Postel moves root to Europe.  It is very difficult for us to
see how the "feds" could do anything to prevent this from happening. If so
control of NSI will be worth very little.

Not fully certain of the range of tools at the command of the White House,
we concluded that one outcome might be that pressures would rapidly grow
on the feds to try to regulate the Internet.  Of course the idea that any
nation can regulate the international entity that is the Internet seems
quite strange for the issue of porous national borders seems far more real
for the Internet than for the telephony industry.

Regulation?

When we asked Tony Rutkowski whether he thought any of the current
pressures would lead to any regulatory attempt.  He replied that if we
meant by regulation, increased government involvement in the net, that
such increased involvement would likely come in the critical
infrastructures area.  There is a critical infrastructures group under the
White House that is looking at the reliability and robustness and security
of the Internet. In effect the NSTAC (National security Telecommunications
Advisory Committee)  is being extended to into the Internet area. NSTAC is
basically made up of representatives of all the telcos meeting under a
federal government aegis to deal with issues of robustness and security
and what happens in times of national emergency. The purpose is to focus
on what it takes to maintain the functions of the network under various
fault conditions. It often involves contingency planning.

He foresees the most likely denouement of the current governance issues as
being actions taken by the private sector companies to keep DNS working
and IP numbers allocated. The operators of the interconnected telephony
networks keep those functioning with very little government assistance of
any kind. He says that the role of government is to provide the parties
with an appellate route in case things go very wrong and with antitrust
protection - two very important considerations. [Editor: We are not sure
that we are comfortable with these ideas.]

Part II:  Can Anyone Besides IANA Control the Totality of the Internet's
DNS Machinery?

Few people would claim to know exactly what might happen in the event of a
decision to move management of the root zone or "dot" domain from Network
Solutions to some other location in this country or Europe. We want very
carefully to state that we are not advocating such a move.

We also want to outline the various components of the DNS root server
infrastructure and assess which people control them in an effort, not to
make such a move more or less likely, but to help those involved in making
the policy decisions become better aware of the range of results their
policies could trigger. Certainly, from what we have been able to
ascertain, the Federal Interagency Task Force is operating without any
adequate understanding of the operation and technical impact of its
decisions and therefore needs what help it can get.

The Root Zone Server(s)

Network Solutions runs A.ROOT-SERVERS.NET with an IP Address: 198.41.0.4
and J.ROOT-SERVERS.NET with the IP Address: 198.41.0.10. It also runs the
'dot' machine known as ROOT-SERVERS.NET (198.41.0.5). This is the machine
responsible for the root zone that is also known as "dot".  "Dot" is the
ultimate master index for DNS (meaning that all root machines take their
lead from it as to what the TLDs are and where the master zone file is for
each TLD). Currently IANA is the Administrative Contact for the machine
and Mark Kosters of Network Solutions the Technical Contact. According to
standard operating procedure, the technical contact is obligated to follow
the orders of the Administrative contact. In imagining an order to move
the root zone, what could be significant here is that such an order would
be detrimental to the interests of Network Solutions, the employer of Mark
Kosters, the Technical Contact. Nevertheless, we are told that IANA (Jon
Postel) has the ability to use the network to make software changes on
this machine regardless of what Mark Kosters does or doesn't do. Let's
assume then that IANA makes the move.

In such a case, in order for the root servers to be able to find the new
root zone, changes would have to be made at the top level of .net. Now
"dot" net takes its authority from the a.root-server at NSI. Mark Kosters
is the Technical and Administrative Contact for this machine. To make a
change in the location of the root zone take operational effect, Mark
would have to make appropriate changes to entries in the a.root-server. If
this did not happen the other .net root servers wouldn't know how to find
the location of the new root zone machine. 

At this point in our hypothetical scenario Kosters and his management
would have to make some major decisions. A changed root zone location
would ensure that IANA and IAHC could enter their seven new gTLDs into the
root servers with ease. All the root servers would presumably continue
pick up NSI's gTLDs, while NSI would have to voluntarily accept the loss
of one of its major assets.

Let's ask what could happen if NSI declined to make the changes in .net?
At that point IANA would either have to back down, or go to war against
NSI. If IANA did not back down, its only choice would be to go public and
explaining the situation in a post to the Internet, give the location
information for the new root zone and ask all DNS operators to update the
root.cache files on their machines immediately. We are talking well over a
million DNS machines for the Internet. Therefore this is not a small task.
We have however spoken to several people and all agree that a "herd"
mentality could be counted on that would result in the change of
root.cache files for the root servers immediately, for the major backbones
over night, for 90% of the net within 48 hours and for the remaining 10%
in the next two weeks.

NSI Unlikely to Resist

Such an action on NSI's part however would be regarded as "treason"
against the best interests of the Internet as a whole. It would confirm in
everyone's mind the mistrust that already exists - rendering NSI as a
rogue and outcast. It would likely justify, in the minds of many, NSI's
servers as a 'legitimate' objects for physical attacks by means of the
network. Because of the overwhelming importance of .com to the rest of the
commercial Internet, it is not likely that serious commercial service
providers would attempt to ever think of any boycott of .com. But such NSI
action would increase the pressure to find a way to divest NSI of control
of .com. Thus, although NSI would have to cooperate for a move of the root
zone to be easily brought about, the consequences of its failing to
cooperate would impact NSI so negatively that it is hard to imagine that
NSI would resist.

Resistance by the US government to a change of the root zone would be
equally problematic. A "whois" on root-servers.net shows four machines:
RS0.INTERNIC.NET (198.41.0.5), GW.HOME.VIX.COM (192.5.5.1), NS.RIPE.NET
(193.0.0.193) NS.ISI.EDU (128.9.128.127). These four machines keep uniform
copies of the root zone on them at all times. Moving root zone would mean,
we believe, moving the administration of the root zone files from NSI in
Virginia to one of the other three locations. NS.ISI.EDU is a machine at
IANA headquarters. GW.HOME.VIX.COM belongs to Vixie Enterprises which is
run by Paul Vixie, the author of the BIND software that implements DNS.
Vixie is an out-spokenly loyal follower of IANA.  NS.RIPE.NET is at RIPE
headquarters in Europe. Readers will remember that it was at the recent
RIPE meeting where RIPE and APNIC, in the absence of continued US funds
for IANA, pledged money to support IANA. Our conclusion from the questions
that we have asked is that IANA could move root zone administration to any
other these other machines, which are themselves not root server machines,
and in so doing further decentralize the DNS system - rendering changes
instituted by a single party far more difficult.

We can imagine the US government, by means of the National Science
Foundation, ordering NSI not to permit new gTLDs in the root servers. But
in such a case, if the administration of the root zone is no longer in
NSI's hands, such a move is rendered effectively moot. (Ironically the
June 97 order from NSF to NSI not to add new gTLDs, could become the
primary cause for a shift by IANA of root zone administration away from
NSI.)

Now it has also been suggested that the US government could forbid US root
server operators to point to a new root zone machine in Europe. Let's
suppose this happened. In the initial look ups, DNS queries to government
restricted root servers not finding, say a few months from now, a new IAHC
top level domain, would automatically bounce to the other root servers
until they wound up hitting a root server loyal to Postel's administration
and containing the new gTLD. Unless the US government tried to physically
cut of the United States from the rest of the world wide Internet -
something impossible to imagine - the survivability design for the
Internet has indeed created something that the US government can cajole
but not control. This is an outcome that we find to be exceptionally
welcome.

Part III: A Scenario for a Political Resolution of the DNS Crisis

In very recent discussions with a number of individuals we came upon some 
new ways of looking at the DNS problem. The DNS wars can be seen not so
much as wars over Domain Names but as wars over the power that comes from
control of the Internet. The IAHC process could be looked at as a way to
preserve power at a global level for the buggy whip makers - those
entities like WIPO and ITU whose interests are threatened by and
antithetical to the interests of the Internet. Telephone companies in the
case of the ITU, which for the last century have used the ITU to get into
bed with national governments creating the national PTTs whose monopolies
are only now going beginning to fall. Then there follow WIPO and INTA
representing intellectual property and trademark interests. The unfettered
functioning of the Internet will make it much harder to protect their
standard sources of income. Now if you ask what reason the IAHC has for
bringing these international regulatory bodies into play in the field of
Internet governance, it is the because existence of top level domain names
that transcend national boundaries. Get rid of top level domains including
.com by placing .com under.us and you take away the international aspect
of the crisis that allows ISOC, inadvertently or not, to bring the noses
of the ITU, INTA, and WIPO camels under the Internet tent.

Now what if we make another assumption that it takes time for communities
to coalesce and to understand their common interests? If you are going to
hold forth the North American Numbering Plan as the very model of industry
self-regulation, you must realize that it came from a telephone industry
that had roughly three quarters of a century to mature. On the other hand
we have the Internet where 98% of the users today were not users two years
ago. They don't think of themselves as members of a community yet and
indeed they don't yet begin to even grasp the issues. Right now the only
thing that is allowing the buggy whip makers to continue to exert their
power over the governance process is the existence of GLOBAL top level
domains. Ones that transcend national boundaries. Why not eliminate GLOBAL
top level domains and deprive the IAHC and IPOC - CORE process of its very
reason for existence?

Now we will note that the role of the ITU as the holder of MoU signatories
seems to us not to indicate an immediate threat of an ITU take over of the
Internet. However, some may say it will be the first step in a process
that will be hard to stop. On the other hand, WIPO and INTA's roles seem
more immediately insidious.   More top level domains will multiply and not
alleviate the intellectual property and trademark issues that already
threaten and indeed prevent the legitimate use of some business domains
under .com. The result will be more work for the lawyers not less and more
layers of legal underbrush, especially for small businesses to hack
through in getting or keeping a viable business address in cyberspace.

What happens then if we simply say that DNS is something to be worked out
by each country according to the laws of that country and quit pretending
that the Internet can do what the postal services cannot do and that is
have addresses with no relationship what-so-ever to geography. In other
words what happens if we institute a phase-out period for all global Top
Level Domains except country codes?

It could become possible for the US government to say this as it concludes
what it might call the Internet development period that the current
Federal Notice of Inquiry could be seen as summing up or bringing to an
end - depending on one's point of view. What if the predominant
prescription offered by the position papers submitted under the NOI was to
be to get rid of Top Level Domains and let DNS be handled on a country
by-country basis until such time in the future as the Internet has
coalesced into a community that can offer a cohesive and unified
alternative approach?

Perhaps we should not try to solve the problems of global Internet
governance in the short run. Perhaps we should localize them until there
is indeed a sufficiently mature global Internet community capable of
resolving its own problems. Otherwise the resolution to these problems may
be forced by global powers whose interests are, not only outside, but
also,  perhaps, antithetical to those of the Internet community. Also,
while we have sometimes found it difficult to understand the extreme
suspicion with which IAHC is greeted, this way of approaching the problem
- by rendering IAHC irrelevant to the process - may be the best way of
keeping peace within the various parts of the network. It would adopt a
course of action that looks more attractive than any of the alternatives.
Certainly, given the tensions that IAHC is exploiting under the current
approaches of the various players to the situation, IAHC would seem to be
presently in the drivers seat and looking nearly unstoppable. Changing the
most fundamental international basis of approaching DNS would seem to
leave the other players with a playing field that they could accept and by
avoiding the current collision course do the least harm to the stability
of the Internet.

While we don't believe this approach can solve the authority issue behind
the IANA, issues that are truly global unless the registries can coalesce
their own policy together in a coherent way, we do think that this
approach could defuse what is otherwise shaping up as a lose-lose scenario
for everyone involved.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Contents


Introduction						pp. 1 - 2, 76

Executive Summary					pp. 5 - 10

April:

Domain Name Service Under Stress 
Can IAHC Solution Work or Is NSI Unassailable?
Could Legal Action Challenge Authority of IANA?		pp. 11 - 16

May:

Clinton Administration Embraces DNS Tar 
Baby, Magaziner & OMB Responsible 
Action Derails Agreement with Network Solutions & NSF 
to End Co-operative Agreement on April 1 1997 
Ill Considered Move Halts Formation of ARIN IP Registry	pp. 17 - 21

Some Source Documents with Our 
Interpretations Added
Magaziner Interview, NSI Database Summary & 
Explanation, Rutkowski, Crocker & Dillon on IAHC, 
the Ambler Law Suit, Linda Sundro Makes Policy		pp. 21 - 27
June:

CIX, NSI & Rutkowski Favor Current U.S. 
Intervention Against IAHC DNS Plan
IANA Authority & ARIN Still Critical Unsolved Problem IAHC 
February 4 Plan Generates Intense Opposition Success of 
IAHC Plan Uncertain -- Critics Want it Killed Now 	pp. 28 - 30

NSF Will Not Renew NSI Cooperative Agreement		p. 30

CIX, Citing Failure of Process with IAHC, Cites 
Custodial Duty of US GovÕt to Maintain Stability
Calls for an IANA Authority Accepted by US Government
Asks for Separation IP Number & DNS Authority 
Wants to Phase out GLTDs within Five Years		pp. 31 -35


July - August:
ARIN Approved! Magaziner Breaks Log Jam 
Administration Makes Ninth Inning Move Helpful to Net  
Signs of Leadership Emerge from Sea of Hesitation
Government Wide NOI on DNS Expected Shortly 		pp. 36 - 45

Rudolph Geist, USIPA Lawyer: ARIN is Unneeded Monopoly - 
Action Threatened by Unknown ISP Association Lawyer 
Shows Lack of ISP Business Issues Awareness		pp. 46 - 48

IAHCÕs Seven New Top Level Domains Will Confuse 
Customers -- Donna Hoffman Finds the Domains: ÒDisaster 
Waiting to Happen From a Business PerspectiveÓ		p. 49

September:

Internet Governance Not Scaling Well IANA & IP 
Number Registry Policy Need Formalizing - NSF 
Tells NSI Not to Enter New Top Level Domains
NSI Operational Failures & Direction of US Government 
Policy Could Give Impetus to Move of DNS Operations to 
Europe as Opening of ARIN Delayed 			pp. 50 - 68

	Part I: Registry Policy, pp. 51 
	Part II:  IANA Authority, pp. 56
	Part III: Launching ARIN, pp. 62 
	Part IV: DNS, IANA and US Government 
	   on a Collision Course?, pp. 65 

Appendix - July Aug. Issue:

The NSF Inspector General's Plan to 
Administer and Tax the Internet World Wide
[Rejected on April 17, 1997 ]				pp. 69 - 75

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to Order:

Price per copy (GBC bound) is $175, if paid by check in advance to COOK
Network Consultants, or $225 if we must ship and invoice. Foreign shipping
is $25 extra. $10 extra for Canada. For US - price includes USPS Priority
Rate postage. Orders and Payment to COOK Network Consultants, 431 Greenway
Ave, Ewing, NJ 08618, USA.  


************************************************************************
The COOK Report on Internet               For subsc. pricing & more than
431 Greenway Ave, Ewing, NJ 08618 USA     ten megabytes of free material
(609) 882-2572 (phone & fax)              visit   http://cookreport.com/
Internet: cook at cookreport.com             On line speech of critics under
attack by Ewing NJ School Board, go to http://cookreport.com/sboard.shtml
************************************************************************





More information about the Naipr mailing list