tlr writes "According to a Note to the ICANN community (which
is not included in my printed version of the text [this prefatory note appears to have been added to the original, unsigned, version after ICANN started getting questions and protests -mf]), the Discussion
Draft titled A Unique, Authoritative Root for the DNS
which was posted on the ICANN web site has been authored by ICANN's
new president and CEO, M. Stuart Lynn.
This draft is not a masterpiece."
From the abstract on, the draft contains ample speculations on the
insular motives alternative root advocates are suspected to
have - but little evidence for this allegation.
Lynn then claims that alternative roots' decisions to include
particular top level domains have not been subjected to
the same tests of community support and conformance with the public
trust - as what? As the TLDs which will be included with the
He concludes that ICANN should give no preference to those who
choose to work outside of (ICANN's) processes, and outside of
the policies engendered by this public trust.
In the first section of the actual text, Lynn talks about technical
needs for a single authoritative root. Among his various arguments,
point 2 is particularly interesting:
typing in a web site address at two different computers configured
to reference different roots can result in reaching different web
sites - a particularly disturbing possibility if, for exampple,
money is to change hands or privacy or security concerns are violated.
Of course, this argument is quite weak - after all, establishing the
identity of your correspondent is a problem which is created by
the very fact that DNS adds a layer of indirection between "I want
to talk to ABC bank", and "I'm contacting abc-bank.de". (This is an
actual case - there were two regional ABC banks established in the
late 19th century, indepedently of each other. They clashed in the
late 20th century over domain name questions. Ups.) If the use
of the wrong root server directs your money the wrong way you
certainly have other problems than the alternative roots.
Also quite interesting is argument number 5, cache poisoning. In
particular, Lynn writes:
Because the DNS assumes a single-root system, resource records are
not marked to distinguish them according to the root from which they
Keep this in mind: RRs don't carry information on the root from
which they come. Says Lynn, in this section.
Section two of Lynn's draft is titled The Public Trust in
Coordinated Assignment Functions. This section talks about the
need for a central ICANN, and about the process which finally lead
to the creation of the incarnation we are dealing with. What's not
mentioned is more interesting: On the one hand, the fact that even
ICANN depends on the consensus of users and system administrators
who decide not to use an alternative root - or just don't decide and
go with their software's default configuration. On the other hand
the strong network effects which will occur quite naturally in the
domain name market, and may indeed make ICANN's monopoly a natural
As a consequence of this, the White Paper and much of the process
which should be used with ICANN, seems to be used as a justification
for a single root - which is actually a circular argument. After
all, we probably wouldn't need this entire process in a world in
which reasonable competition to ICANN would be possible. Market
forces could be relied upon instead.
Section three of the draft finally talks about the new TLDs.
We find more references to the white paper, and about ICANN's
accountability. Note, in particular, the following sentence from
the White Paper which Lynn quotes:
As Internet names increasingly have commercial value, the decision
to add new top-level domains cannot be made on an ad hoc basis by
entities or individuals that are not formally accountable to the
That part about formal accountability to the community is, I
suppose, open for debate.
The usual proof of concept argument follows: Completely ignoring
existing - say - pseudo-gTLDs such as .TV, the first round of new TLDs is
described as a
proof of concept of the technical and business feasibility of
introducing more TLDs into the DNS.
Of course, no experience was gathered about adding more TLDs over
the past years, right?
The section concludes with praise for the SOs - which
represent the consensus views of the technical and the
user/business/other institutional communities, respectivel
(where's that individuals' constituency again?) - and to those who
participated in the TLD lottery in Marina del Rey:
They chose to work within the community-based ICANN process, even
though they knew that only a "limited number" of TLDs would be
selected - at least in the first round
After the white knights have been identified, the black ones can be
dealt with in section four, Outside the Process:
There are those who are choosing or have chosen not to work within
the ICANN process and within the ICANN policy framework. For their
own insular motives, they have launched various "alternative" root
Mr Lynn: There's something between black and white. How about .WEB
who are in the alternative roots and have applied for a place in the
Section five finally talks about experimentation. After
identifying a number of reasonable requirements for experimental
services, the use of the RR class tag is suggested in order to
distinguish alternative roots from the canonical root.
Then, Lynn claims this:
For resource records within the standard root-server
system, this class tag is set to "IN". [...] Those that have
deployed alternative roots have not used a different class
designation, however, choosing instead to have their resource
records masquerade as emanating from the standard root, and creating
the potential for disruption of other's (sic!) operations.
First, note that the interpretation of the IN class as "masquerading
as emanating from the standard root" contradicts Lynn's argument
from section two of the draft which we quoted above:
resource records are not marked to distinguish them
according to the root from which they emanate
Second, this interpretation contradicts the normal - and generally
accepted - use of class IN records within internal networks. Third,
using different classes just doesn't make any sense if you want to
try different name spaces: Among other things, the IN class is
hardcoded into some resolver libraries (I checked the OpenBSD libc source which
just skips over any non-IN entries when asked for an IP address -
I'm sure they aren't the only ones with this kind of behaviour).
Thus, using RR classes in order to distinguish roots would basically
mean that you may have to change a lot of software (not just
configuration files) just if you want to use a different root
server. This is, of course, not practical.
Let me summarize. The discussion draft tries to argue against
alternative roots. Bad enough, we find circular arguments, blantant
misinterpretations, and actually obvious contradictions within the
draft itself, apparently added for the sake of polemics and empty
rhetoric. Serious analysis is mostly missing, despite the
announcements made in the introductory note.
There are indeed arguments why alternative, uncoordinated roots may
be a bad idea, or may just not have a chance to take off due to
network effects. There are arguments why ICANN can be considered as
a natural monoply which is kind of controlled by the white paper
process. And there are arguments why certain "alternative root
TLDs" should be included with ICANN's root. All these arguments
should be put onto the table.
Instead, all we are getting is this draft, with the URL threatening
that it'll be presented in Stockholm. What a pity.
This discussion has been archived.
No new comments can be posted.
ICANN's Lynn on alternative roots
Log in/Create an Account
| 7 comments
The Fine Print:
The following comments are owned by whoever posted them.
We are not responsible for them in any way.
Many people, including 300baud and several anonymous, sent us links to and comments on this report. We are grateful to all of you. Notably, hofjes sent us the following:
Irony: ICANN's Discussion Draft About Unique A-Root and Why It Should Run Same
ICANN published its “Discussion Draft: A Unique, Authoritative Root for the DNS”. Its basic premise is (1) there should be only one A-Root; and (2) ICANN should operate that A-Root because it, unlike all alternative DNSes, operates for the public good, and is operated by the Internet community. Do the few people controlling ICANN really believe this?
I agree that there should be only one authoritative root. I have not seen a viable proposal for multiple A-roots, though I am open to suggestions.
However, I strongly disagree that ICANN operates the DNS for the public good, and I disagree even more that ICANN is run by the Internet community. To the contrary, ICANN is run by a few self-dealing individuals, and their actions are taken based on their personal beliefs - the ICANN policies are not based on any consensus.
The ICANN paper criticizes alternative roots as “substitut[ing] insular motives for the community-based processes” and having been created “to gain proprietary advantage” “with little regard for the public interest”. I believe the policies and goals of the Open Root Server Confederation and other alternative roots are much more reflective of the Internet community’s consensus, and of the public interest, than ICANN’s politically motivated policies and direction.
The ICANN paper is pure irony and hypocrisy. I hope the “discussion” it calls for comes to the same conclusion.
[ Reply to This | Parent
If control over the root was only about stability of the net and
predictability, then it would seem that a single authoritative root
would be unambiguously the best policy.
But if those who control the root manage it in a monpolistic manner,
create huge economic rents to those get who get the scarce TLD
franchises, and impose all sorts of policies on the entire internet
community, for example to reduce privacy and to enforce anti free speech
policies, and who knows what next, then the issue of alternative roots
becomes more interesting, and yes, also political, because the control
of the single root has become way too political.
[ Reply to This | Parent
> Instead, all we are getting is this draft, with the URL threatening that it'll be presented in Stockholm. What a pity.
near bottom of AGENDA FOR ICANN PUBLIC FORUM AND BOARD MEETING
The ICANN Public Forum will begin on Sunday, 3 June 2001. The agenda currently includes the following discussion items and reports:
16:15 - 17:00 -- Presentation of Discussion Draft on A Unique, Authoritative Root for the DNS
[ Reply to This | Parent
Here, in case you missed them, are Bret Fausett's comments in the ICANN Blog on the ICANN paper (reprinted with permission):|
"Discussion Draft" on Unique Root. Contrary to the idea that policy
pronouncements are made "bottom up" from the Supporting Organizations,
ICANN Staff posted a draft paper yesterday on "A
Unique, Authoritative Root." The paper claims to be a draft statement
of policy, but neither the paper itself nor the concerns it purports to
address originated with any Supporting Organization. It was not the product
of any working group or task force and has not been adopted by the ICANN
Board. Although titled a "Discussion Draft," ICANN provided no time on
the Public Forum agenda in Stockholm for discussion of the subject and
did not create a public forum for posting comments.
I agree. I expect to see an increasingly propagandistic tone to the ICANN home page as their PR person gets into the swing of the job--and as ICANN starts to feel more cornered. Indeed, last week's self-congratulatory press release on the VeriSign deal -- neither the text of which, nor even the key percentages negotiated at the last minute, has yet to grace ICANN's home page -- is a sign of the new trend.
More importantly, the
paper interrupts a DNSO process meant to examine the issue of
alternate roots and alternative naming systems. A General
Assembly group of the DNSO is now discussing these issues, and the
DNSO's Names Council will begin
a discussion on the subject with a presentation in Stockholm (Forsyth
paper). The ICANN paper states what the DNSO's conclusion should be.
This is not the kind of "bottom
up" policy development that is supposed
to characterize the ICANN process. In a later added preface, ICANN
President Stuart Lynn claims the draft as his own work and writes that
he felt it necessary to publish it because he found a "lack of completeness"
on the "documentation of the policy basis for ICANN's commitment to a unique,
authoritative root." Of course the documentation was incomplete -- ICANN
has never set an official policy on these issues. The DNSO's
Names Council took the first steps in a possible policy process last month
when it called for an informational presentation in Stockholm. But the
prominent display on the ICANN web site of one draft contribution from
ICANN's senior staff is inappropriate and, even in the best light, premature.
[ Reply to This | Parent
[ Reply to This | Parent
[Here, until we can fix the bug resulting in the broken link above, is the end of fnord's comment -- jon]|
in response to the question: What do you wish you had invented? Paul
replies: A directory system for the Internet that wouldn't be controlled
by the politicians, lawyers and bureaucrats. Amen. -g
[ Reply to This | Parent