feedback on root zone scaling impact document
- To: root-zone-scaling-impact@xxxxxxxxx
- Subject: feedback on root zone scaling impact document
- From: k claffy <kc@xxxxxxxxx>
- Date: Sat, 6 Nov 2010 23:41:25 -0700
the document makes a number of assertions about empirical evidence,
and how was it used to understand the impact of these technologies,
without any supporting citations. icann should clarify which
assertions are based on informed estimation or other non-empirical
reasoning, and why that is the most informed, responsible policy
that can be pursued at this time. for assertions based on data,
icann should provide include or point to an annotated bibliography
especially to sources of data used to conclude that nothing bad or
significant happened. other problematic phrases are 'may have
resulted in a slight uptick', 'may have been an increase in
fragmented packets', 'no significant (if any) reports of negative
consequences' -- do we have no idea whether these things happened?
how will icann or others improve monitoring to be able to answer
these questions more definitively? can icann point to supporting
documents reporting e.g., how many IPv6 addresses were added in 2010,
and how does it compare to what is expected in 5,10,15 years?
the comments on DNS(SEC) query size increase beg the questions: how
often was a signed response requested? what fraction of requests were
they? what fraction of (byte) traffic were they, in both directions?
the comments on EDNS0 were inconsistent with the DITL2006-2009 data.
which root servers are being reported on? the DITL data shows that
although the query population is dominated by EDNS-capable queries,
most of those queries are actually pollution anyway, and the client
level shows quite the opposite -- closer to 30% support -- and dropped
precipitously at all observed roots since 2007. (slide 11-15 of
icann needs to acknowledge this issue and explain why they believe
it's not relevant to dnssec scaling.
re: "when the signed root was served from all the root servers,
those servers immediately started returning an aggregate of at least
50,000 DNSSEC-related resource records per second "
which servers are meant here? what data is this based on?
footnote 7: is a back-of-the-envelope calculation really the source
for the claim above about what the root servers immediately started
to do? where did the 8,000 come from?
"expected rate of new TLDs entering the root will be ..200 to 300"
200 is not a rate..
"all of the organizations involved in root management have indicated
that they will adjust their resources to meet demand." where are
RSSAC's and NTIA's commitment to this statement?
perhaps most importantly, "The primary consideration thus becomes
detecting the increased loads prior to them becoming an issue" --
what activities are being undertaken to address this outstanding
issue? or what is the board's plan for addressing it? the
last SSR workshop focused on this document, but the workshop
participants themselves believed the workshop failed to yield
answers to questions on how to measure the impact of root scaling:
"detect" is the wrong verb for something that hasn't happened yet.
if you mean "predict" then it's incumbent upon ICANN to have a
predictive model, or an uncontroversially conservative (openly
jsutified) "concern threshold" that would trigger a fresh inquiry.
i.e., is the 1000 TLDs per year considered uncontroversially
conservative by the wider community? is it something only the
rootops have been asked about? has anyone else been consulted
regarding possible problems with the widespread lack of negative
caching if the dictionary at the top level of DNS gets much richer