August 29, 2003

Response to Bret Fausett

In response to my previous item Bret Fausett commented (in an item on his blog) "I don't see why ICANN should be involved in the manner in which the root server operators deploy their servers."

From a technical perspective, my answer is that the ICANN that exists today is not competent to be more than marginally involved any technical matter.

However, we need to step back and look to the purpose for which ICANN was established: the "technical coordination" of the DNS and IP address allocation systems of the net to ensure the continued and reliable operation of those systems.

The operation of those technical systems has a great impact on the reliable operation and security of the net.  ICANN was to be a forum in which the raw technical concerns could be leavened with those (and presumably only those) policy issues that have a close and direct impact on the choice of technical approaches.

ICANN's CRADA (and its amendments) make it quite clear that ICANN is expected to be involved in technical matters pertaining to the operation and deployment of DNS root servers.  And ICANN's much vaunted, but effectively dead, security effort was also clearly tied to the technical matters of DNS root server deployment and operations.

Instead of doing what ICANN was constructed to do - be a limited body dealing with matters that have a high technical content and closely associated with DNS and IP address allocation systems - ICANN has silently repudiated that role and has undertaken to be focused solely on business and economic regulation, like a mini government.

The Department of Commerce has allowed ICANN to become a DoC endorsed means through which the DoC can push non-technical policy goals for which the DoC itself lacks legal authority.

And with the hearings scheduled in about a week in by a subcommittee of the US House of Representatives, it is clear that at least some Congress Critters™ consider ICANN to be a nice way to impose public policy, with the effect of a worldwide law by virtue of ICANN's hierarchy of contracts, without the need to actually pass legislation.

The operators of the DNS root servers, competent as they are, are operating in a public policy vacuum.  They are making decisions that affect us all in the absence of any institutional structures for the public interest to be raised and considered.  ICANN was to be that institutional structure.  The root server operators effectively gave ICANN the same salute that Mel Gibson and his army gave the English army in the movie Brave Heart.  ICANN retreated and in its withdrawal it abandoned its obligation to articulate and advance the public interest.

Posted by karl at 3:28 PM

What is ICANN's job, tell me again?

An item on NANOG (The North American Network Operator's Group)  just landed in my e-mail box.

Now, what is interesting about this item is that it announced the deployment of a new DNS root server.  This is a good thing and the folks who did it should be thanked.

However, this is not a trivial change in the Internet and it is most definitely related to the stability of DNS operation on the Internet.

Was ICANN involved in this?  There is no sign of it.

Did ICANN provide any funds for this out of its nearly $10,000,000 yearly budget?  Not that I can find.

Was ICANN even notified of this significant change?  There is no indication that ICANN knew this change was being considered much less that it was being put into effect.

So tell me again, what is ICANN's job?  Isn't ICANN supposed to have at least something to do with the technical stability of DNS?  Apparently not.

Posted by karl at 9:26 AM

August 19, 2003

Is the internet dying?

There are indications that the internet, at least the internet as we know it today, is dying.

I am always amazed, and appalled, when I fire up a packet monitor and watch the continuous flow of useless junk that arrives at at my demarcation routers' interfaces.

That background traffic has increased to the point where it makes noticeable lines on my MRTG graphs.  And I have little reason for optimism that this increase will cease.  Quite the contrary, I find more reason to be pessimistic and believe that this background noise will become a Niagara-like roar that drowns the usability of the internet.

Between viruses and spammers and just plain old bad code, the net is now subject to a heavy, and increasing, level of background packet radiation.  And the net has very long memory - I still get DNS queries sent to IP addresses that haven't hosted a DNS server - or even an active computer - in nearly a decade.  Search engines still come around sniffing for web sites that disappeared (along with the computer that hosted them, and the IP address on which that computer was found) long ago.

Sure, most of this stuff never makes it past the filters in my demarcation routers, much less past my inner firewalls.  But it does burn a lot of resources.  Not only do those useless packets burn bits on my access links, but they also waste bits, routing cycles, and buffers on every hop that those useless packets traverse.

It will not take long before the cumulative weight of this garbage traffic starts to poison the net.  Already it is quite common for individual IP addresses to be contaminated from prior use.  I am aware of people who are continuously bombarded by file access queries because a prior user of that address shared files from that address.  Entire blocks of IP addresses are also contaminated, perhaps permanently, because they once hosted spammers thus causing those address blocks to be entombed into the memories of an unknown number of anti-spam filters not merely at the end user level but also deep in the routing infrastructure of the net.  And a denial-of-service virus, once out on the net, can only be quiesced , not eliminated; such viruses remain virulent and ready to spring back to life.

The net does not have infinite resources - even if IPv6 is deployed the contamination of IP address space will merely be slowed, not stopped.

Better security measures, particularly on the sources of traffic, will help, but again, unless something radical happens, the contamination will merely be slowed, not stopped.

I believe that something radical will happen:  We may see the rapid end to the "end-to-end" principle on the internet.

We are already observing the balkanization of the net for political and commercial reasons.  Self-defense against the rising tide of the net's background packet radiation may be another compelling reason (or excuse) for net communities to isolate themselves and permit traffic to enter (and exit) only through a few well protected portals.

This balkanization my be given additional impetus by a desire to escape from the ill effects of poorly designed regulatory systems, such as ICANN.

So, between spam, anti-spam blacklists, rogue packets, never-forgetting search engines, viruses, old machines, bad regulatory bodies, and bad implementations, I fear that the open internet is going to die sooner than I would have expected.  In its place I expect to see a more fragmented network - one in which only "approved" end-to-end communications will be permitted.

The loss of open end-to-end communications will, in itself, be a great loss.

But of even more concern will be the fact that these portals, or gates, will require gatekeepers, which is merely a polite word for censors.  Our experience with ICANN has shown us how easily it is for focused and well financed interests to capture a gatekeeper.  In the present political climate in which government powers are conferred, without a counterbalancing obligation of accountability, onto private bodies, the loss will be much greater.


Update: This item has been translated into Japanese and may be found at: http://www.suzuki.sist.chukyo-u.ac.jp/dyingnet.html

Posted by karl at 3:17 AM

August 7, 2003

A question for those running for Governor of California

I pose the following question to those who have chosen to run for Governor of California:

Considering the financial crises in which the State of California finds itself, would you, as Governor, continue to provide tax exempt status to corporations that claim to be public benefit corporations while they bar the public from their processes, repudiate their accountability to the public, and blatently operate to limit consumer choice and artificially raise prices in order to benefit a small set of privileged business interests?

Posted by karl at 10:57 PM