<<<
Chronological Index
>>> <<<
Thread Index
>>>
Comments from the NARALO UMR
- To: stratplan-draft-2011@xxxxxxxxx
- Subject: Comments from the NARALO UMR
- From: Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 09 Jan 2011 21:42:22 -0500
Hi Kurt,
This is submitted as the NARALO UMR comment, though of course it is
simply my reading the current StratPlan and commenting.
Eric Brunner-Williams
Unaffiliated NARALO Member Representative
Beginning of Text.
A contribution to the NARALO comment on the ICANN Draft 2011-2014
Strategic Plan, organized as four sections, addressing the Plan Areas of:
I. DNS stability and security,
II Core operations including IANA,
III. Consumer choice, competition and innovation, and
IV. A health internet eco-system.
As ICANN is known to lack strategic purpose this comment attempts to
remove what can't usefully be strategic. An afterward my
recommendations for the organization's current strategic plan elements.
I. DNS stability and security
This section contains four strategic objectives: (i) Maintain and
drive DNS uptime, (ii) Increase security of the overall systems of
unique identifiers, (iii) Increase international participation, and
(iv) Coordinate DNS global risk management.
(i) The first strategic objective is unclear whether the 100% DNS
uptime refers to the A-M rootservers, or to the
{.arpa,.mil,.edu,.gov,.int, .com,.net,.org} authoritative gTLD servers
which pre-exist ICANN, or to the authoritative gTLD servers created by
ICANN, or to authoritative ccTLD servers, or to AS112, or to the
recursive servers operated by content and access network operators, or
... nor where any measurement of "uptime" might be conducted.
A strategic objective which is incomprehensible is usually the sign
that the entity lacks internal clarity on the subject matter and is
unable to prioritize and select achievable objectives.
The A-M rootservers are fine, there is no urgent issue there.
The {.arpa,.mil,.edu,.gov,.int, and .com,.net,.org} authoritative gTLD
servers are fine too, though the .mil operations could be improved,
and the .gov operator is scheduled to transition.
The {.biz,.info,.name,.pro and .aero,.coop,.museum} authoritative gTLD
servers are acceptable, problems exist but not at the level of some
strategic effort that has to put "change" before "stability".
The {.asia,.cat,.jobs,.mobi,.travel} authoritative gTLD servers are
also acceptable, problems exist but not at the level of some strategic
effort that has to put "change" before "stability".
That leaves the ccTLDs, for which no "strategic goal" is possible now
that the botched attempt to force ccTLD operators to enter into
contracts or be unable to update their entries in the IANA root zone
is an unpleasant memory, AS112, and recursive resolvers widely known
to be providing synthetic (monitized) returns for most broadband users
in North America -- a situation that does call for a strategic object,
following through on the Board's Sydney Resolution on NXDOMAIN
Substitution (DNS Wildcard and Similar Technologies).
A strategic goal of reducing incorrect synthesized DNS responses by
some measurable amount would be credible, and useful. Absent that,
this is just a bag holding secondary objectives -- continuity and v6.
(ii) The second strategic objective errs significantly.
First, if 30 ccTLD operators in developing countries sign their zone,
that is a poor predictor of whether when the key's for those signed
zones expire that the 30 ccTLD operators in developing countries, who
are generally technical assistance recipients through the Network
Resource Startup Center, that key rollover will be conducted successfully.
Second, developing countries have autonomous agendas, and if ICANN is
flirting with returning to the unhappy model of "enter into contracts
or else" by placing the Marina del Rey agenda for zone signing ahead
of the autonomous agendas of developing countries, there will be
issues. ICANN pushed cost on ccTLD operators in developing countries
by declining to pick up the rather small costs of their participation
in the Conficker .C response. There was some real bitterness about
John Crain's communicating, and the color of an ICANN endorsed urgent
communication to burn local time and money preventing bad things from
happening to North American and European end users through spam and/or
maleware targeting by the .C enabled users of the Conficker platform.
Third, fixing .com comes a bazillion years ahead of fixing .name,
which is larger than all 22 ccTLD operations where Arabic is the
primary spoken language, or all of Africa, less South Africa, or ...
If this were a proposal to improve the performance of some system by
working on code paths visited less than 1% of the time, the eager to
optimize coders without a clue would be given other responsibilities.
The real item to work on here is the routing (not "resource") public
key infrastructure, securing BGP and detecting AS Prepending attacks,
which mercifully appear at present to be fatfinger events, not
information operations by motivated and competent parties pursuing
rational economic or other policy goals.
The buried lede is the most important and overlooked task, and this,
not uptime, is what is important.
Fortunately, the RPKI infrastructure is being rolled-out in the ARIN
region, and has been rolled-out in other regions.
(iii) The third strategic objective makes reference to the "DNS-CERT".
Please see my public comments archived in the stratplan-2010@xxxxxxxxx
mailbox at:
http://forum.icann.org/lists/stratplan-2010/msg00027.html
The addition of the IDN version of the perenial WHOIS foodfight is a
mistake. Whatever the value of adding UTF-8 or local encoded data into
WHOIS output may be, it isn't DNS stability and security. This kind of
junk detracts from the real issues.
(iv) The fourth strategic objective fails to mention the Conficker .C
facts, so the most recent "global risk management" event of import is
overlooked. This is unfortunate as there really is a lot to be learned
from the response, even to a non-event, about cost, timeliness, and
accounting.
Over all, there really is no reason why most of the ccTLD operators
outside of North America and Europe should pay any attention to
ICANN's DNS stability and security StratPlan component, and that is
not in the public interest of North American internet users, who do
not need ICANN to be ignoring development goals for false objectives
and bandaids.
II. Core operations including IANA
This section contains four strategic objectives: (i) Continued
flawless IANA operations, (ii) L-Root operational excellence, (iii)
Efficiency and effectiveness of operations and (iv) Strengthen
international operations and presences.
(i) The first object posits the utility of the EFQM model to IANA
operations, and this simply doesn't jib with my experience consulting
on the IANA function reporting project in 2007. Further, the SLAs to
which the EFQM might, or might not be relevant to originate from the
IETF for protocol assignments. While the epoch in which the IANA
function was administratively restrained from timely responses to
requests for zone file updates from ccTLD operators until those ccTLD
operators entered into a contract is now an unhappy memory, this too
is an unlikely source of SLA commitments which could benefit
significantly by the application of the EFQM model.
If ICANN is to secure a renewal of the IANA contract, it is at least
as likely that the merits of ICANN's renewal bid are the qualitative
services necessary to manage a mixed signed-and-unsigned zones, and
the qualitative services necessary to introduce RPKI, as the
quantitative execution of a formal quality model indifferent to the
current, and future services performed by the IANA function.
(ii) The second objective pursues a mission outside of ICANN's core
purpose. Running the L-Root is about as peripheral to ICANN's purpose
as being an ICANN Accredited Registrar is to AOL or France Telecom or
British Telecom. It simply isn't important.
Next, the other root servers are run by Verisign-A, USC-ISI, Cogent,
UMaryland, NASA, ISC, DISA, BRL, Autonomica, Verisign-J, RIPE NCC, and
WIDE. How on earth is ICANN going to "lead by example" or "be
recognized as a top-tier root zone manager"? What motivates ICANN to
embark on a (probably futile) pecking order mission to provide clue to
any of, let alone all of, the other root server operators?
A reasonable strategic objective would be to find a qualified operator
for the L-Root that would meet some unmet policy goal such as
geographic diversity and schedule the transition so that ICANN could
get out of registry operations and focus on its core mission.
(iii) The third objective I still don't believe. What on earth does
the IANA function have to do with the Policy Development Process the
Names Council has adopted? The suggestion that the execution of the
IANA functions services deliverables to the GNSO's PDP, pre- or
post-reform, requires strategic attention indicates that either due to
errors in wordsmithing, or leadership (of ICANN and the IANA) changes,
that the relationship, never very significant, between the original
DNSO, now GNSO, and the IANA, is not understood.
(iv) The fourth objective mentions, inter alia, engagement with the
IETF and the root server operators. Please add the RPKI communities of
each of the RIRs.
(v) The fifth objective is without quantifiers. What are the strategic
goals for financial controls, capacity, etc.?
III. Consumer choice, competition and innovation
This section contains five strategic objectives: (i) More IDN TLDs,
(ii) Increase Regional participation in the industry, (iii) Mitigate
malicious conduct, (iv) Foster industry innovation, and (v) Promote
fair opportunities.
(i) When CNNIC turned on its name server constellation the ground work
for the .中国, .公司, .网络 and .政务 and .公益 IDNs was laid. That
the ground work lagged behind elsewhere is water under the bridge. If
the principle of "consumer choice" is to be meaningful, it is
consumers who's choices inform policy makers, not producer choices. At
present more than a million users use these IDNs. The strategic plan
should place their interests ahead of the legacy operator interest in
capturing lucrative markets.
It is impossible not to observe in passing that the strategic goal of
"more languages and cultures" is subordinate to the strategic goal of
a single application process, which as has been observed elsewhere,
benefits “a group of participants that engage in ICANN's processes to
a greater extent than Internet users generally”.
(ii) Continued financial support for the NSRC's IROC, AROC, SROC
offerings is a reasonable goal.
(iii) The "malicious conduct" construct has, thus far, avoided mention
of the causes for operational capability of actors that engage in
conduct characterized as "malicious". It is primarily an individual
morality construct, carefully omitting the business models which
create the financial incentives as well as the technical means for
"malicious conduct" on a global scale.
Signing zones as a consequence of the discovery that cache poisoning
could be accomplished in seconds is a reasonable response to the
discovery of a economic development in attack cost.
Ignoring the non-adoption of BCP-38 and other forms of industrial
externalization of costs, to ccTLD operators in the Conficker .C case,
is not a reasonable response to a long-standing problem.
Morality as policy is fine on TeeVee. It is a profoundly dull tool for
network policy making.
(iv) No comment.
(v) Reference to the area of work undertaken by the Joint Applicant
Support Working Group is gratifying.
IV. A health internet eco-system
This section contains four strategic objectives: (i) One unified,
global internet, (ii) Building stakeholder diversity, (iii) Improve
communications and (iv) Ongoing accountability and transparency.
(i) The first section contains the alarming possibility that the
overwhelming contributions of volunteer time, paid staff, and expended
resources committed to the new gTLD program since 2006 have only a
"potential" to realize a single new community-based or public interest
registry.
Leaving the merits of forming corporate vision and mission from a
sample of semi-random responses to a social networking technology that
amounts to little more than an IRC client (who's operator collects and
monitizes personally identifiable information about its users), there
are the implicit limitations of this "vision".
Nearly all of ICANN's contractual counter-parties to registry
agreements are legally domiciled in the North American Region, and
with the exception of name server constellations, are operationally
contained in the North American Region.
The same is true of the approximately six hundred of its (wildly
shell-registrar inflated) nine hundred counter-parties to registrar
agreements, four of which alone account for 50% of all gTLD registration.
It is in the public interest that public policy is informed by data
and both the failures, and the successes, of policy choices, can be
discerned and outcomes understood in terms of causes and effects.
Legal barriers particular to the North American Region's legal culture
prevent research access to operational network infrastructures for
reasons of economics, ownership, and trust (EOT).
These must be reduced if policy making is to be informed by knowledge
rather than by belief.
For reasons of operational necessity a constellation of name servers
was activated by CNNIC in November, 2001. Since early 2008 this
constellation of name servers has provided service to more users in
Asia than the original constellation of name servers provides users in
North America.
The Vision Statement should be amended to correct the impression that
some more fundamental management problem exists than managing the
sources of policy errors which have necessitated the existence of the
CNNIC root server constellation, and the continued necessity for
divergence between these two root systems.
It is not in the public interest for North American internet users to
be unaware that errors of judgment have, and may further partition
"the internet".
These two changes to the Vision Statement may be expressed as:
"Informed by data, divided only by necessity."
(ii) The second strategic objective contains a gratifying reference to
ALAC, though the language reads "representing" rather than "elected
by" when referring to a seat on the ICANN Board.
(iii) The third strategic objective seems under developed relative to
the other three, and adding a technical and policy journal, similar to
the work Ole Jacobson has been doing, initially for Dan Lynch's
InterOp, and subsequently for cisco, in his Internet Protocol Journal,
would be more useful than more web ephemera.
(iv) The fourth strategic objective references fact-based policy
development and decision making.
Data as a necessary predicate condition to "ensure the stable and
secure operation of the Internet's unique identifier systems", is
absent. This is very unfortunate as in practical terms, for each year
of the past decade, persons with nothing more than beliefs, which may
as well be religious beliefs, have dominated ICANN's policy making.
The available data is not good. We are running out of addresses, and
therefore must make a partially planned transition without widespread
testbed experience of the new infrastructure. The routing system too
is at the limits of its scalability. There are pervasive peer-to-peer
overlay networks which are incongruent with economic models, and
therefore the source of fundamental legal struggles over ownership and
control. The security and stability of the naming, addressing and
routing infrastructure is problematic, independent of anything ICANN
is on record contemplating as its plan of record.
Absent operational data concerning unique endpoint identifiers, unique
routing identifiers, and protocols, stable and secure operations are
indistinguishable from instable and insecure operations.
The DNS remains a private resource, where access to profoundly
important operational data necessary for basic research on the range
of meaningful policy alternatives is at the whim of commercial
entities acting under private law.
Afterward:
Having spent 2004-2009 primarily "off-the-grid", that is, responsible
for power, connectivity and bandwidth while residing in rural venues
in North America, improving access to the net, for the residents of
California rural farmworker housing cooperatives, Prairie Provinces
and High Plains States native reservations and reserves, and isolated
populations such as Appalachicola as exemplars of an broad area of
unmet need seems like a reasonable "increase residences served"
strategic goal.
Having been in and out of the network and registry operator
communities since the NIC was at SRI the mid-80s, getting behind and
assisting the adoption of RPKI in the ARIN region also seems like a
reasonable "improve resiliency" strategic goal.
Having recently reviewed the Final Report of the ACM K-12 Task Force
Curriculum Committee, commissioning a model "What is the Internet"
unit of curriculum for primary, non-STEM secondary, and tertiary
classroom adoption also seems like a reasonable "informational"
strategic goal.
Steering outside the self-similar comfort zone of corporate and
suburban residential service and marketing profiles is the better course.
End of Text.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|