ICANN's "Security and Stability Committee" (SSAC) just issued a report on "alternate roots" [Note: The URL to this report was changed by ICANN since the original publication of the report. Hopefully this new link will remain stable.]
The best word I can think of to describe it is "dud".
Remember ICANN's ICP-3: A Unique, Authoritative Root for the DNS from back in year 2001?
Remember how ICP-3 was filled with hysterical language about how competing DNS roots would cause the internet sky to fall and and DNS caches be polluted?
The new report from the SSAC quietly distances itself from those claims. This is the positive aspect of this new SSAC report.
The report, however, continues the unjustified and undefined claim that only ICANN can publish a DNS that is "authoritative". And the report continues ICANN's historical method of using subjective social and business concerns as justifications for technical restrictions. For example, this report makes the claim that only ICANN authorized top level domains can operate with concern for customer needs and that only ICANN can act in conformity with some never-defined notion of "public interest" (an odd claim given ICANN's ejection of the public from virtually all aspects of ICANN's decision-making machinery.)
In other words, ICANN's Security and Stability Committee, a committee of technical worthies, has authored a report that addresses neither security nor stability, and those matters that it does address are supported by non-technical, conclusory assertions for which the members of the committee possess no particular expertise or experience.
But the most important aspect of the new SSAC report is this:
The SSAC report does not raise any technical reason why as a technical matter there can not safely coexist on the net several different DNS naming spaces - which may or may not be consistent with one another - each dangling from a different DNS root.
The report does say that two people each using a different root might get different answers to the same DNS question. But that is a meaningless observation - it is something we've all known for years: that different DNS hierarchies may, but need not necessarily, yield different answers.
The discussion about competing roots has evolved so that we now ask whether different DNS hierarchies are consistent or inconsistent with one another.
Inconsistency, like a tango, takes two. When two or more roots differ, it is useless to engage in endless, and ultimately dogmatic and religious, debates about which is "authoritative". It is far more useful to ask whether each root serves the needs of the community that has voluntarily chosen to use it.
One of the underlying assertions underlying ICANN's behavior towards competing roots is the implicit belief on the part of ICANN is that ICANN has a duty to suppress DNS heresy and create a single catholic name space that everyone on the internet is required to use. In other words, ICANN does not want communities to have a choice; it's either the ICANN way or naught.
It is impossible to reconcile ICANN's Procrustean stance vis-à-vis competing roots with the idea that every user of the internet should have not only the ability but also the right to shape the way in which he or she uses the internet. This idea of control at the edge is the underlying conception of the end-to-end principle and of my own First Law of the Internet.
Why should ICANN be allowed the power to deny to users of the internet the ability and right to shape the landscape of names that they, and their children, use on the internet?
The biggest hammer this document had to throw was that the authors couldn't conceive why anybody would want to operate a system of root servers.
In other words the report says that because the authors do not have an imagination then nobody else does - which is both absurd and false.
Not long ago I published a note entitled What Could You Do With Your Own Root Server. That note considered the ways in which a root server operator could take advantage of its position for profit or power. It is quite clear that a single root server operator could obtain a significant revenue stream. It is even more clear that an entire system of roots, if it can garner adequate use, could also obtain significant revenue.
Consider, for example, a root system that takes a few cues from Google: Consider a root system that uses data mining to generate a revenue stream and that attracts query sources (users) by giving those users a taste of the action. Suppose you were to receive a check from such a root system that paid you $0.0001 for every DNS name that you (legitimately) resolve using this root system rather than the ICANN/NTIA root.
Consider the opportunities for preferential or optimized name services.
Consider the opportunities for highly filtered views of the DNS landscape. Not everyone considers universal connectivity to be a boon. For instance Motorola recently found that it could create a lucrative line of mobile phones for orthodox Jews in Israel in which the ability to call or be called by certain phone numbers can be restricted by the elders of the sects.
ICANN's SSAC seems to have no more foresight than the business professor who gave the founder of FedEx a low grade because the professor thought the Federal Express business model was silly.
Good thing the FedEx founder had the opportunity to test his idea.
However, in the land of ICANN no idea is permitted unless approved by the ICANN powers.
Yet there are those who still refuse to see that ICANN's methods are nothing less than highly intrusive and destructive regulation plunged into the body of the internet up to the hilt.
Posted by karl at April 8, 2006 10:52 PM