[discuss] Options for root zone (was Re: Interesting article)

Ian Peter ian.peter at ianpeter.com
Fri Jan 17 19:47:50 UTC 2014


I think (and also taking into account Milton's comments) there are two 

1. a clear, accountable, consultative internal ICANN process for 
authorisation of changes
2. a secure, invoilable system to implement those changes

On (1) - Milton I share your concerns re GAC - but I think the reality might 
be that the path of least resistance towards changes from the current 
unilateral control situation here might be an agreed role for GAC as part of 
internal process of ICANN. Yes that needs to be negotiated carefully (and I 
believe without a veto right for GAC) but something in this direction might 
be acceptable to governments - and it is a hell of a lot easier than 
establishing some new international convention or super organisation or 
whatever. And one reason I like a simple internal procedure is that root 
zone changes are on the whole simple administrative procedures that do not 
warrant or need huge inter governmental agreements. For proponents of 
multistakeholderism - as long as we have a strong multistakeholder model for 
these authorisations within ICANN, there should be no controversy requiring 
special sessions of the United Nations or some unilateral oversight function 
or new decision making bodies or whatever.

On (2) I like Andrew's suggestion, and hope suggestions like this can be 
looked at thoroughly. I am sure there are other suggestions that could be 
looked at to add security to this part of the process. I think looking 
carefully at how we could improve this situation is an essential element of 
necessary reforms.

But again we are maybe jumping the gun and need to go back to clear 
requirements before figuring out the solutions...

Ian Peter

Ian Peter

-----Original Message----- 
From: Andrew Sullivan
Sent: Saturday, January 18, 2014 1:52 AM
To: discuss at 1net.org
Subject: Re: [discuss] Options for root zone (was Re: Interesting article)

On Thu, Jan 16, 2014 at 08:17:26PM -0500, Suzanne Woolf wrote:
> of oversight for the contents of the root zone is that the US
> government (or, to generalize, any government) *can't* act in the
> way described. This requirement has not been met to date.

Something along those lines became clear to me in an off-list
discussion with someone else (someone whose technical judgement I
respect a great deal), and it made me realise that we may be facing a
case where people are trying to solve a problem with the technology in
place rather than by stating the problem more generally.

The way Suzanne frames it above, this problem is not about multiple
roots.  It is about a root zone provisioning regime that allows all
and only the relevant players change control over what affects them.

We currently think of "the root zone" as a file (because we say "zone
file"), but we could as easily conceive of some other provisioning
system.  In that case, the provisioning system could be developed and
tested in the open before all the relevant parties (roughly, all the
operators of any zone actually in the root, plus whoever might be
interested in root zone operations generally).  I'm imagining here a
kind of rough consensus procedure, but something else might have to be
devised; anyway, that's procedural politics and above my pay grade.

Once the code for this system is up and working, the provisioning
system becomes a master database into which changes are submitted.
The relevant parties (I guess in most cases, the root zone maintainer
IANA functionary and the relevant zone operator) then each have to
signal their approval of a change (including deletion) for it to take
effect in the zone.   In order to cope with dangerous zones (I'm
thinking particularly not ccTLDs here) that are abusing their
position, we'd probably also need some sort of n of m provision under
which a zone could be pulled from the root over the objections of one
of the relevant parties.  N probably needs to be high :)

Root nameserver operators would fetch the data as they ever did,
except that probably the "master DNS server" they'd talk to would just
be this provisioning system (which presumably we'd teach to speak DNS
zone transfer).  Most (if not all) of this technology is already
pretty well-developed in the existing competitive registration market
for many TLDs, so this wouldn't be a major undertaking.

The point here is that this kind of approach removes the control by
the US, and it does it without any important effects on the basic DNS
technology.  It does _not_ do any of the other things that partisans
of "alternate roots" seem to want, but I've never been able to to be
clear enough about what those requirements would be in order to have
an idea of what you could do about it.

Best regards,


Andrew Sullivan
ajs at anvilwalrusden.com

discuss mailing list
discuss at 1net.org

More information about the discuss mailing list