ICANN ICANN Email List Archives

[stratplan-draft-2011]


<<< Chronological Index >>>    <<< Thread Index >>>

Comments from the NARALO UMR

  • To: stratplan-draft-2011@xxxxxxxxx
  • Subject: Comments from the NARALO UMR
  • From: Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>
  • Date: Sun, 09 Jan 2011 21:42:22 -0500

Hi Kurt,

This is submitted as the NARALO UMR comment, though of course it is simply my reading the current StratPlan and commenting.

Eric Brunner-Williams
Unaffiliated NARALO Member Representative

Beginning of Text.

A contribution to the NARALO comment on the ICANN Draft 2011-2014 Strategic Plan, organized as four sections, addressing the Plan Areas of:
    I. DNS stability and security,
    II Core operations including IANA,
    III. Consumer choice, competition and innovation, and
    IV. A health internet eco-system.

As ICANN is known to lack strategic purpose this comment attempts to remove what can't usefully be strategic. An afterward my recommendations for the organization's current strategic plan elements.

I. DNS stability and security

This section contains four strategic objectives: (i) Maintain and drive DNS uptime, (ii) Increase security of the overall systems of unique identifiers, (iii) Increase international participation, and (iv) Coordinate DNS global risk management.

(i) The first strategic objective is unclear whether the 100% DNS uptime refers to the A-M rootservers, or to the {.arpa,.mil,.edu,.gov,.int, .com,.net,.org} authoritative gTLD servers which pre-exist ICANN, or to the authoritative gTLD servers created by ICANN, or to authoritative ccTLD servers, or to AS112, or to the recursive servers operated by content and access network operators, or ... nor where any measurement of "uptime" might be conducted.

A strategic objective which is incomprehensible is usually the sign that the entity lacks internal clarity on the subject matter and is unable to prioritize and select achievable objectives.

The A-M rootservers are fine, there is no urgent issue there.
The {.arpa,.mil,.edu,.gov,.int, and .com,.net,.org} authoritative gTLD servers are fine too, though the .mil operations could be improved, and the .gov operator is scheduled to transition. The {.biz,.info,.name,.pro and .aero,.coop,.museum} authoritative gTLD servers are acceptable, problems exist but not at the level of some strategic effort that has to put "change" before "stability". The {.asia,.cat,.jobs,.mobi,.travel} authoritative gTLD servers are also acceptable, problems exist but not at the level of some strategic effort that has to put "change" before "stability".

That leaves the ccTLDs, for which no "strategic goal" is possible now that the botched attempt to force ccTLD operators to enter into contracts or be unable to update their entries in the IANA root zone is an unpleasant memory, AS112, and recursive resolvers widely known to be providing synthetic (monitized) returns for most broadband users in North America -- a situation that does call for a strategic object, following through on the Board's Sydney Resolution on NXDOMAIN Substitution (DNS Wildcard and Similar Technologies).

A strategic goal of reducing incorrect synthesized DNS responses by some measurable amount would be credible, and useful. Absent that, this is just a bag holding secondary objectives -- continuity and v6.

(ii) The second strategic objective errs significantly.

First, if 30 ccTLD operators in developing countries sign their zone, that is a poor predictor of whether when the key's for those signed zones expire that the 30 ccTLD operators in developing countries, who are generally technical assistance recipients through the Network Resource Startup Center, that key rollover will be conducted successfully.

Second, developing countries have autonomous agendas, and if ICANN is flirting with returning to the unhappy model of "enter into contracts or else" by placing the Marina del Rey agenda for zone signing ahead of the autonomous agendas of developing countries, there will be issues. ICANN pushed cost on ccTLD operators in developing countries by declining to pick up the rather small costs of their participation in the Conficker .C response. There was some real bitterness about John Crain's communicating, and the color of an ICANN endorsed urgent communication to burn local time and money preventing bad things from happening to North American and European end users through spam and/or maleware targeting by the .C enabled users of the Conficker platform.

Third, fixing .com comes a bazillion years ahead of fixing .name, which is larger than all 22 ccTLD operations where Arabic is the primary spoken language, or all of Africa, less South Africa, or ...

If this were a proposal to improve the performance of some system by working on code paths visited less than 1% of the time, the eager to optimize coders without a clue would be given other responsibilities.

The real item to work on here is the routing (not "resource") public key infrastructure, securing BGP and detecting AS Prepending attacks, which mercifully appear at present to be fatfinger events, not information operations by motivated and competent parties pursuing rational economic or other policy goals.

The buried lede is the most important and overlooked task, and this, not uptime, is what is important.

Fortunately, the RPKI infrastructure is being rolled-out in the ARIN region, and has been rolled-out in other regions.

(iii) The third strategic objective makes reference to the "DNS-CERT".

Please see my public comments archived in the stratplan-2010@xxxxxxxxx mailbox at:
http://forum.icann.org/lists/stratplan-2010/msg00027.html

The addition of the IDN version of the perenial WHOIS foodfight is a mistake. Whatever the value of adding UTF-8 or local encoded data into WHOIS output may be, it isn't DNS stability and security. This kind of junk detracts from the real issues.

(iv) The fourth strategic objective fails to mention the Conficker .C facts, so the most recent "global risk management" event of import is overlooked. This is unfortunate as there really is a lot to be learned from the response, even to a non-event, about cost, timeliness, and accounting.

Over all, there really is no reason why most of the ccTLD operators outside of North America and Europe should pay any attention to ICANN's DNS stability and security StratPlan component, and that is not in the public interest of North American internet users, who do not need ICANN to be ignoring development goals for false objectives and bandaids.

II. Core operations including IANA

This section contains four strategic objectives: (i) Continued flawless IANA operations, (ii) L-Root operational excellence, (iii) Efficiency and effectiveness of operations and (iv) Strengthen international operations and presences.

(i) The first object posits the utility of the EFQM model to IANA operations, and this simply doesn't jib with my experience consulting on the IANA function reporting project in 2007. Further, the SLAs to which the EFQM might, or might not be relevant to originate from the IETF for protocol assignments. While the epoch in which the IANA function was administratively restrained from timely responses to requests for zone file updates from ccTLD operators until those ccTLD operators entered into a contract is now an unhappy memory, this too is an unlikely source of SLA commitments which could benefit significantly by the application of the EFQM model.

If ICANN is to secure a renewal of the IANA contract, it is at least as likely that the merits of ICANN's renewal bid are the qualitative services necessary to manage a mixed signed-and-unsigned zones, and the qualitative services necessary to introduce RPKI, as the quantitative execution of a formal quality model indifferent to the current, and future services performed by the IANA function.

(ii) The second objective pursues a mission outside of ICANN's core purpose. Running the L-Root is about as peripheral to ICANN's purpose as being an ICANN Accredited Registrar is to AOL or France Telecom or British Telecom. It simply isn't important.

Next, the other root servers are run by Verisign-A, USC-ISI, Cogent, UMaryland, NASA, ISC, DISA, BRL, Autonomica, Verisign-J, RIPE NCC, and WIDE. How on earth is ICANN going to "lead by example" or "be recognized as a top-tier root zone manager"? What motivates ICANN to embark on a (probably futile) pecking order mission to provide clue to any of, let alone all of, the other root server operators?

A reasonable strategic objective would be to find a qualified operator for the L-Root that would meet some unmet policy goal such as geographic diversity and schedule the transition so that ICANN could get out of registry operations and focus on its core mission.

(iii) The third objective I still don't believe. What on earth does the IANA function have to do with the Policy Development Process the Names Council has adopted? The suggestion that the execution of the IANA functions services deliverables to the GNSO's PDP, pre- or post-reform, requires strategic attention indicates that either due to errors in wordsmithing, or leadership (of ICANN and the IANA) changes, that the relationship, never very significant, between the original DNSO, now GNSO, and the IANA, is not understood.

(iv) The fourth objective mentions, inter alia, engagement with the IETF and the root server operators. Please add the RPKI communities of each of the RIRs.

(v) The fifth objective is without quantifiers. What are the strategic goals for financial controls, capacity, etc.?

III. Consumer choice, competition and innovation

This section contains five strategic objectives: (i) More IDN TLDs, (ii) Increase Regional participation in the industry, (iii) Mitigate malicious conduct, (iv) Foster industry innovation, and (v) Promote fair opportunities.

(i) When CNNIC turned on its name server constellation the ground work for the .中国, .公司, .网络 and .政务 and .公益 IDNs was laid. That the ground work lagged behind elsewhere is water under the bridge. If the principle of "consumer choice" is to be meaningful, it is consumers who's choices inform policy makers, not producer choices. At present more than a million users use these IDNs. The strategic plan should place their interests ahead of the legacy operator interest in capturing lucrative markets.

It is impossible not to observe in passing that the strategic goal of "more languages and cultures" is subordinate to the strategic goal of a single application process, which as has been observed elsewhere, benefits “a group of participants that engage in ICANN's processes to a greater extent than Internet users generally”.

(ii) Continued financial support for the NSRC's IROC, AROC, SROC offerings is a reasonable goal.

(iii) The "malicious conduct" construct has, thus far, avoided mention of the causes for operational capability of actors that engage in conduct characterized as "malicious". It is primarily an individual morality construct, carefully omitting the business models which create the financial incentives as well as the technical means for "malicious conduct" on a global scale.

Signing zones as a consequence of the discovery that cache poisoning could be accomplished in seconds is a reasonable response to the discovery of a economic development in attack cost.

Ignoring the non-adoption of BCP-38 and other forms of industrial externalization of costs, to ccTLD operators in the Conficker .C case, is not a reasonable response to a long-standing problem.

Morality as policy is fine on TeeVee. It is a profoundly dull tool for network policy making.

(iv) No comment.

(v) Reference to the area of work undertaken by the Joint Applicant Support Working Group is gratifying.


IV. A health internet eco-system

This section contains four strategic objectives: (i) One unified, global internet, (ii) Building stakeholder diversity, (iii) Improve communications and (iv) Ongoing accountability and transparency.


(i) The first section contains the alarming possibility that the overwhelming contributions of volunteer time, paid staff, and expended resources committed to the new gTLD program since 2006 have only a "potential" to realize a single new community-based or public interest registry.

Leaving the merits of forming corporate vision and mission from a sample of semi-random responses to a social networking technology that amounts to little more than an IRC client (who's operator collects and monitizes personally identifiable information about its users), there are the implicit limitations of this "vision".

Nearly all of ICANN's contractual counter-parties to registry agreements are legally domiciled in the North American Region, and with the exception of name server constellations, are operationally contained in the North American Region.

The same is true of the approximately six hundred of its (wildly shell-registrar inflated) nine hundred counter-parties to registrar agreements, four of which alone account for 50% of all gTLD registration.

It is in the public interest that public policy is informed by data and both the failures, and the successes, of policy choices, can be discerned and outcomes understood in terms of causes and effects.

Legal barriers particular to the North American Region's legal culture prevent research access to operational network infrastructures for reasons of economics, ownership, and trust (EOT).

These must be reduced if policy making is to be informed by knowledge rather than by belief.

For reasons of operational necessity a constellation of name servers was activated by CNNIC in November, 2001. Since early 2008 this constellation of name servers has provided service to more users in Asia than the original constellation of name servers provides users in North America.

The Vision Statement should be amended to correct the impression that some more fundamental management problem exists than managing the sources of policy errors which have necessitated the existence of the CNNIC root server constellation, and the continued necessity for divergence between these two root systems.

It is not in the public interest for North American internet users to be unaware that errors of judgment have, and may further partition "the internet".

These two changes to the Vision Statement may be expressed as:

"Informed by data, divided only by necessity."

(ii) The second strategic objective contains a gratifying reference to ALAC, though the language reads "representing" rather than "elected by" when referring to a seat on the ICANN Board.

(iii) The third strategic objective seems under developed relative to the other three, and adding a technical and policy journal, similar to the work Ole Jacobson has been doing, initially for Dan Lynch's InterOp, and subsequently for cisco, in his Internet Protocol Journal, would be more useful than more web ephemera.

(iv) The fourth strategic objective references fact-based policy development and decision making.

Data as a necessary predicate condition to "ensure the stable and secure operation of the Internet's unique identifier systems", is absent. This is very unfortunate as in practical terms, for each year of the past decade, persons with nothing more than beliefs, which may as well be religious beliefs, have dominated ICANN's policy making.

The available data is not good. We are running out of addresses, and therefore must make a partially planned transition without widespread testbed experience of the new infrastructure. The routing system too is at the limits of its scalability. There are pervasive peer-to-peer overlay networks which are incongruent with economic models, and therefore the source of fundamental legal struggles over ownership and control. The security and stability of the naming, addressing and routing infrastructure is problematic, independent of anything ICANN is on record contemplating as its plan of record.

Absent operational data concerning unique endpoint identifiers, unique routing identifiers, and protocols, stable and secure operations are indistinguishable from instable and insecure operations.

The DNS remains a private resource, where access to profoundly important operational data necessary for basic research on the range of meaningful policy alternatives is at the whim of commercial entities acting under private law.

Afterward:

Having spent 2004-2009 primarily "off-the-grid", that is, responsible for power, connectivity and bandwidth while residing in rural venues in North America, improving access to the net, for the residents of California rural farmworker housing cooperatives, Prairie Provinces and High Plains States native reservations and reserves, and isolated populations such as Appalachicola as exemplars of an broad area of unmet need seems like a reasonable "increase residences served" strategic goal.

Having been in and out of the network and registry operator communities since the NIC was at SRI the mid-80s, getting behind and assisting the adoption of RPKI in the ARIN region also seems like a reasonable "improve resiliency" strategic goal.

Having recently reviewed the Final Report of the ACM K-12 Task Force Curriculum Committee, commissioning a model "What is the Internet" unit of curriculum for primary, non-STEM secondary, and tertiary classroom adoption also seems like a reasonable "informational" strategic goal.

Steering outside the self-similar comfort zone of corporate and suburban residential service and marketing profiles is the better course.

End of Text.




<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy