<WG co-chair hat on> Colleagues, we're on the brink of some major changes to the root server system. ICANN may well take some landmark decisions on this at their meeting at the end of the month. My personal opinion is there is a short (and closing) window for the WG to influence the decisions that may be taken in Seoul. Although yesterday's discussion on the root scaling studies at the WG raised a number of issues, I didn't get a sense that the WG was coalescing around a particular point of view. So here are my questions: [1] Do you think we should try to send some sort of statement to ICANN that could be fed into its decision-making machinery? Should this be done for the Seoul meeting? [2] If the answers to [1] are "yes" what sorts of things should be in that statement? [3] If the answers to [1] are no, is there anything that this WG should be doing about making some response to the scaling study reports? Please note too that some of the usual suspects amongst the WG members may be unable/unwilling to comment publicly because of potential conflicts of interest. <WG co-chair hat off>
On Fri, Oct 09, 2009 at 10:30:26AM +0100, Jim Reid <jim@rfc1035.com> wrote a message of 25 lines which said:
I didn't get a sense that the WG was coalescing around a particular point of view.
<Participant hat on> Indeed. As a matter of process, it is important to keep in mind that many people were not able to speak, for lack of time (we even shortened the coffee break) and queue occupancy by the usual suspects. I had, personally, many things to say. More on that later.
[1] Do you think we should try to send some sort of statement to ICANN that could be fed into its decision-making machinery?
No.
[3] If the answers to [1] are no, is there anything that this WG should be doing about making some response to the scaling study reports?
Congratulate the authors of reports where there was actual measurements and data? More hard data is always fine. In the second report, for instance, I learned a lot about the root (the vegetable).
On 9 Oct 2009, at 11:02, Stephane Bortzmeyer wrote:
Indeed. As a matter of process, it is important to keep in mind that many people were not able to speak, for lack of time (we even shortened the coffee break) and queue occupancy by the usual suspects.
Stephane, everyone at the WG yesterday had the opportunity to go to the microphone. Nobody was turned away or got cut off for lack of time, even though the sessions over-run. So I'm surprised by your complaint/observation. While I accept that others may have wanted to speak, it can hardly be considered a failure of process if they didn't take their turn to queue at the microphones.
On Fri, Oct 09, 2009 at 11:02:10AM +0100, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote a message of 29 lines which said:
I had, personally, many things to say. More on that later.
OK, apparently, I had less time than anticipated. Anyway, a few comments on the whole "root zone scaling studies" thing: * I liked a lot the OARC report <http://www.icann.org/en/announcements/announcement-17sep09-en.htm> because it is mostly made of hard facts and figures, actual measurements, not vague guesses "This thing could go wrong". * The terms set by ICANN (for instance <http://www.icann.org/en/committees/dns-root/root-scaling-study-tor-05may09-en.htm>) mixes up completely different things, such as: * IPv6 (already done, and working fine despite the FUD that delayed the entry of AAAA records in the root for a long time) * IDN (zero technical consequences for the root, off-topic for a "root zone scaling" report) * DNSSEC (real technical issues) * more TLD (may be a false problem or not, depending on the actual number. I was shocked at the DNS meeting to hear a participant making repeated references to one million TLD, a ridiculous number, that could never be reached, due to ICANN constraints <http://www.icann.org/en/topics/new-gtlds/comments-3-en.htm#files>). So, there is little a technical WG like the DNS WG could say about these reports. The question is so badly phrased that noone can really reply to it.
On 16 Oct 2009, at 11:11, Stephane Bortzmeyer wrote:
* more TLD (may be a false problem or not, depending on the actual number. I was shocked at the DNS meeting to hear a participant making repeated references to one million TLD, a ridiculous number, that could never be reached, due to ICANN constraints
Stephane, it's very unwise to make this claim. Yes, 1 million TLDs is ridiculous and very probably unattainable under the current ICANN system. However there was an ICANN paper that last year said "if .com can have ~100M delegations, so can the root". See http://www.icann.org/en/topics/dns-stability-draft-paper-06feb08.pdf . On p4 under "II Capacity of the Root Zone", it says "At a minimum, the DNS should be able to function at its current level with at least 60 million TLDs. This allows significant room for large-scale expansion without concerns about a negative effect on stability." I wonder who wrote that... Now us technical people realise those claims are beyond ridiculous. But when these are presented to non-technical people, the consequences are not pretty. I also stumbled across the comment below (from a French government official BTW) at http://syd.icann.org/files/meetings/sydney2009/transcript-root-zone-scaling-... "For, once again, people who are outside of the technical environment, one of the arguments that is often used to say you can have an unlimited number of TLDs is that, basically, it's not that different from the management of a very big registry like dot com that has 80 million domain names. Can you very briefly or point to something that can explain to a relatively layperson, the major difference between the two systems and in particular whether in terms of the rates of updates and the number of distribution of replication of the file, a dot com manager does, how applicable is the analogy or not? Because it's an analogy that we hear a lot in the policy environment." The mindset that ".com can be replicated in the root" is taking root (excuse the pun) in certain ICANN circles. If that view prevails, it's very likely ICANN will get railroaded into devising a TLD creation mechanism to accommodate millions of TLDs. The current proposals for new gTLDs point the way here. The gNSO effectively said "let there be thousands of gTLDs". ICANN management then pretty much said "The community has spoken. We will do what the process determined.". So if/ when the gNSO says "let's have millions of TLDs: we have an ICANN paper which says it's feasible and won't create instability", I would not bet against ICANN staff trying to devise a process to make that happen.
Jim, On Oct 16, 2009, at 4:06 AM, Jim Reid wrote:
Yes, 1 million TLDs is ridiculous and very probably unattainable under the current ICANN system. However there was an ICANN paper that last year said "if .com can have ~100M delegations, so can the root". See http://www.icann.org/en/topics/dns-stability-draft-paper-06feb08.pdf. On p4 under "II Capacity of the Root Zone", it says "At a minimum, the DNS should be able to function at its current level with at least 60 million TLDs. This allows significant room for large-scale expansion without concerns about a negative effect on stability." I wonder who wrote that...
The paper is not saying that because COM has tens of millions of names that the root MUST have tens of millions of names, rather it is stating that the root, like any other zone in the DNS, can scale to tens of millions albeit there would be operational impact. Two sentences above the quote you provided is the following: "Even if not all of these names are actually propagated to the zone, the size of the .COM zone indicates that it is technically possible to have a zone that has registrations numbering in the tens of millions."
Now us technical people realise those claims are beyond ridiculous.
Actually, no. It _is_ technically possible to have tens of millions of names in the root (or any other zone). Given the current system, it would be a stunningly bad _operational_ idea and would require changes to many aspects of root management (e.g., the provisioning side of root zone management would have to be completely replaced, root servers would have to be upgraded to hold 64GB RAM, bandwidth to far off root instances would have to be upgraded, etc.), but it really is _technically_ possible. In fact, the paper you reference specifically states: "The staff has made a distinction between technical instability (that causes direct adverse impact to the DNS) and operational impacts which may not be harmful to the Internet technically, but do impose operational challenges in the management and operation of the DNS."
The current proposals for new gTLDs point the way here. The gNSO effectively said "let there be thousands of gTLDs". ICANN management then pretty much said "The community has spoken. We will do what the process determined.".
Can you provide a reason (other than "because I don't like it") that ICANN shouldn't abide by the decision of the open, bottom-up policy development process of the GNSO?
So if/when the gNSO says "let's have millions of TLDs: we have an ICANN paper which says it's feasible and won't create instability", I would not bet against ICANN staff trying to devise a process to make that happen.
Two points: 1) many folks in the technical community refuse to get involved in ICANN policy deliberations because they believe it's that icky non-technical political stuff. Unfortunately, this can lead to a lack of technical input into those deliberations, resulting in decisions that can be skewed towards business or political considerations. If the technical community believes a certain outcome would be sub-optimal, I would strongly encourage members of that community to get more involved in policy discussions. 2) ICANN's Bylaws states: "Section 2. CORE VALUES In performing its mission, the following core values should guide the decisions and actions of ICANN: 1. Preserving and enhancing the operational stability, reliability, security, and global interoperability of the Internet. ..." Any action by ICANN management is constrained by ICANN Bylaws. The point of the root scaling study was to determine where growth of the root zone would have negative impact on "operational stability, reliability, security, and global interoperability". If the addition of millions of TLDs can be demonstrated to negatively impact operational stability, reliability , security, and/or global interoperability, ICANN staff would _not_ make it happen. Regards, -drc
On 16 Oct 2009, at 16:35, David Conrad wrote:
Now us technical people realise those claims are beyond ridiculous.
Actually, no. It _is_ technically possible to have tens of millions of names in the root (or any other zone). Given the current system, it would be a stunningly bad _operational_ idea and would require changes to many aspects of root management (e.g., the provisioning side of root zone management would have to be completely replaced, root servers would have to be upgraded to hold 64GB RAM, bandwidth to far off root instances would have to be upgraded, etc.), but it really is _technically_ possible.
David, you're playing with words. Your argment here is like saying it's technically possible to eliminate world hunger if we gave everyone on the planet enough food. Yes, I suppose anything is technically possible, given infinite amounts of money. And compliance with the laws of physics. But we both know full well that the resources needed to operate the DNS root with millions of TLDs are simply not available. Even if they were, there are plenty of other technical constraints which are not DNS operational considerations on making a root zone of that size. For example: the IANA/NTIA/Verisign three-way handshake or IANA managing communications with million of Sponsoring Organisations, even if these things were fully automated. Of course it's possible to have a zone with millions of delegations. These exist already. Nobody disputes that. At least I hope not. But the stuff you mention above goes nowhere near a complete description of the technical and operational revolution that would be needed to bring about a root with millions of TLDs.
Jim,
Now us technical people realise those claims are beyond ridiculous. Actually, no. It _is_ technically possible to have tens of millions of names in the root (or any other zone). David, you're playing with words.
You referenced a paper written by ICANN staff, implying that in that paper ICANN staff was saying "let's move COM to the root". All I was saying is that that was not what the paper said. I even pointed out that the paper makes a distinction between what is technically feasible and what is operationally feasible. Regards, -drc
On 16 Oct 2009, at 18:41, David Conrad wrote:
You referenced a paper written by ICANN staff, implying that in that paper ICANN staff was saying "let's move COM to the root".
I did no such thing David. In fact I asked who did write those sections because I didn't know. I still don't. The document's provenance is uncertain. Thanks for explaining that it was written by ICANN staff. This is not explained in the document itself. I do admit to saying the document lends credence to the "let's move .com to the root" concept.
On Oct 16, 2009, at 11:16 AM, Jim Reid wrote:
On 16 Oct 2009, at 18:41, David Conrad wrote:
You referenced a paper written by ICANN staff, implying that in that paper ICANN staff was saying "let's move COM to the root". I did no such thing David. In fact I asked who did write those sections because I didn't know. I still don't.
Sorry, I assumed you were being rhetorical. Yes, the document was written by staff. I thought that was fairly clear from the references to staff in the document. Apologies for the misinterpretation. Regards, -drc
On 16 Oct 2009, at 16:35, David Conrad wrote:
Can you provide a reason (other than "because I don't like it") that ICANN shouldn't abide by the decision of the open, bottom-up policy development process of the GNSO?
You answer that question yourself David. See 1) below.
Two points:
1) many folks in the technical community refuse to get involved in ICANN policy deliberations because they believe it's that icky non- technical political stuff. Unfortunately, this can lead to a lack of technical input into those deliberations, resulting in decisions that can be skewed towards business or political considerations. If the technical community believes a certain outcome would be sub- optimal, I would strongly encourage members of that community to get more involved in policy discussions.
What's the point in engaging in a policy discussion about new gTLDs now? That debate appears to be over. You seem to be implying that the decision about that has already been taken -- ie ICANN abiding by the decision the gNSO has reached. Or are you saying that if the technical community says to ICANN (how?) "we think it's a Bad Idea to have lots of new TLDs", ICANN will be receptive to those representations? I think it's not unreasonable to say that although the ICANN processes try to be open, they made/make it difficult for the technical community to participate in a meaningful way. BTW this was one of the reasons why RIPE's "sign the root" declaration in 2007 was sent as a letter to the ICANN CEO and Chairman. There was no obvious ICANN forum which could receive it or act on it. I've been to more ICANN meetings than I'd care to admit to and, apart from Suzanne's board postition, have trouble remembering any DNS operators or implementers who attended them. [Mind you, the copious amounts of beer needed to get through those weeks may have been a contributing factor.] The few technical people who do engage with ICANN on a regular basis usually have their hands tied in one way or another: say membership of an ICANN committee/task force or their employer has a vested interest in seeing new TLDs. Speaking personally, I knew there was no point in advancing a case for fewer new TLDs (not zero) at the gNSO because (a) I'd get shouted down; (b) the other side of the debate could string things out with a battle of attrition until I gave up or ran out of funding; (c) the day job wouldn't allow me to spend time on unproductive and resource- draining ICANN participation. If it was a choice between paying the mortgage and walking around ICANN meetings wearing a sign saying "kick me!", what would you do?
Jim, Not really sure this is relevant to DNS-WG, but... On Oct 16, 2009, at 9:43 AM, Jim Reid wrote:
What's the point in engaging in a policy discussion about new gTLDs now?
You're suggesting policies can never change once decided?
Or are you saying that if the technical community says to ICANN (how?) "we think it's a Bad Idea to have lots of new TLDs", ICANN will be receptive to those representations?
Of course they will, provided they are backed up with data instead of just unsubstantiated opinion. I know it is hard for some folks to believe, but ICANN staff really does take the "ensure security and stability" aspect of what ICANN does quite seriously.
I think it's not unreasonable to say that although the ICANN processes try to be open, they made/make it difficult for the technical community to participate in a meaningful way.
I won't bother trying to refute this as you appear to have your mind made up that ICANN wants to destroy the Internet. I will say that if you have any constructive suggestions on how to improve the ability for the technical community to provide input, I'd be interested in hearing them. Regards, -drc
On 16 Oct 2009, at 19:05, David Conrad wrote:
Not really sure this is relevant to DNS-WG, but...
You're probably right. At least we can agree on something. :-)
What's the point in engaging in a policy discussion about new gTLDs now?
You're suggesting policies can never change once decided?
No, of course not. However it's hard to believe that the policy can be changed now when there appears to be a fait accompli for adding lots of TLDs. Besides, what's the point of adopting a policy of "no more TLDs" after "too many" have already been added? I doubt that sort of policy u-turn could withstand a challenge in the courts or an anti- trust action on competition or restraint of trade grounds.
I know it is hard for some folks to believe, but ICANN staff really does take the "ensure security and stability" aspect of what ICANN does quite seriously.
A document from ICANN staff which in paraphrase says "it's possible to move .com to the root" (and will be taken out of context by others to advance those arguments) kind of contradicts what you just said David. I am sure you and your colleagues are sincere when you talk of taking security and stability very seriously. However the document we're discussing does raise reasonable doubts here. I have no problem with anyone producing this sort of text, *provided it's put in the proper context*: ie "with sufficient thrust pigs will fly". Saying it's technically possible to put .com in the root without properly explaining why this was impractical was/is irresponsible. Sorry. We have to agree to disagree here. You said on this thread "Given the current system, it would be a stunningly bad _operational_ idea" to move .com to the root. It's a pity that February 08 document didn't say something similar, perhaps in more diplomatic terms.
I won't bother trying to refute this as you appear to have your mind made up that ICANN wants to destroy the Internet.
Now you're being silly. I'm very disappointed that you resorted to an ad hominem attack to what were reasonable comments.
I will say that if you have any constructive suggestions on how to improve the ability for the technical community to provide input, I'd be interested in hearing them.
I'd be glad to do that and have already been thinking about this.
Jim, On Oct 16, 2009, at 11:50 AM, Jim Reid wrote:
What's the point in engaging in a policy discussion about new gTLDs now? You're suggesting policies can never change once decided? No, of course not. However it's hard to believe that the policy can be changed now when there appears to be a fait accompli for adding lots of TLDs.
"It ain't over until the fat lady sings". I suppose a lot depends on the definition of "lots of TLDs".
Besides, what's the point of adopting a policy of "no more TLDs" after "too many" have already been added? I doubt that sort of policy u-turn could withstand a challenge in the courts or an anti-trust action on competition or restraint of trade grounds.
The proposal out of the root scaling study that appears to have universal acceptance (although some may quibble about the definition) is that an "early warning system" should be deployed to ensure that any changes that could result in instability would be detected prior to instability being caused.
I know it is hard for some folks to believe, but ICANN staff really does take the "ensure security and stability" aspect of what ICANN does quite seriously.
A document from ICANN staff which in paraphrase says "it's possible to move .com to the root" (and will be taken out of context by others to advance those arguments) kind of contradicts what you just said David. [...] Sorry. We have to agree to disagree here.
Guess so.
You said on this thread "Given the current system, it would be a stunningly bad _operational_ idea" to move .com to the root. It's a pity that February 08 document didn't say something similar, perhaps in more diplomatic terms.
"Operational challenges are a limiting factor, ..." would seem pretty diplomatic to me. Regards, -drc
* Stephane Bortzmeyer:
* more TLD (may be a false problem or not, depending on the actual number. I was shocked at the DNS meeting to hear a participant making repeated references to one million TLD, a ridiculous number, that could never be reached, due to ICANN constraints
Similar comments must have been made about TLDs, and the hosts file before that (they were right for the host files), but I wasn't around back then.
So, there is little a technical WG like the DNS WG could say about these reports. The question is so badly phrased that noone can really reply to it.
That, in itself, would be a comment. "In our humble opinion, the report you commissioned is not adequate technical input for future policy discussions, and will likely lead to wrong conclusions" doesn't read very nice, but it's certainly a message the WG should send if it reaches consensus on it. (Disclaimer: I haven't read the report, and your list of conflated issues doesn't make me want to.) -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
Note thet ICAMM has established a forum area for comments on the report. <http://forum.icann.org/lists/rsst-report/> Be the first to write a comment! jaap
On Fri, Oct 09, 2009 at 10:30:26AM +0100, Jim Reid wrote:
<WG co-chair hat on> Colleagues, we're on the brink of some major changes to the root server system. ICANN may well take some landmark decisions on this at their meeting at the end of the month. My personal opinion is there is a short (and closing) window for the WG to influence the decisions that may be taken in Seoul. Although yesterday's discussion on the root scaling studies at the WG raised a number of issues, I didn't get a sense that the WG was coalescing around a particular point of view.
So here are my questions:
[1] Do you think we should try to send some sort of statement to ICANN that could be fed into its decision-making machinery? Should this be done for the Seoul meeting?
[2] If the answers to [1] are "yes" what sorts of things should be in that statement?
[3] If the answers to [1] are no, is there anything that this WG should be doing about making some response to the scaling study reports?
Please note too that some of the usual suspects amongst the WG members may be unable/unwilling to comment publicly because of potential conflicts of interest. <WG co-chair hat off>
perhaps it is worthwhile to try and note the differences btween the two reports/presentations. OARC did an empirical study - based on snapshots of a given state for -ONE- operators architectural design. RSST crafted their study more along the lines of a Risk Analysis Tool for the root system overall, not just a server instance. Both are useful/needed. The second study alluded to a problem that will be much more visible in the next nine months, the impact of a much larger response size on the ability of nodes to get a response to a priming query. While not a risk per se to the root system, the collateral damage to the rest of the Internet is real and should not be lightly dismissed by those who have been waiting patiently for many years to see the root zone signed. If the WG decided to do anything wrt sending a note to ICANN, it should include some text about the known risk and making the changes anyway. This is a clearly destabilizing event. --bill
participants (6)
-
bmanning@vacation.karoshi.com -
David Conrad -
Florian Weimer -
Jaap Akkerhuis -
Jim Reid -
Stephane Bortzmeyer