IP: Four very useful notes between Bob Frankston and Vint Cerf re the message -- ICANN's new role: It's about keeping people from being killed by terrorist plots hatched over the net says Mike Roberts

[David Farber <dave () farber net>]

> From: "Bob Frankston" <rmf2g2 () bobf Frankston com>
> To: <farber () cis upenn edu>, <ip-sub-1 () majordomo pobox com>
> Cc: "David Reed" <dpreed () reed com>, "Vinton G. Cerf" <vcerf () MCI NET>
>
> [Dave, I don't want to harp on one point but the comments I sent on the
> DNS yesterday were relatively mild compared with the danger that Mike
> Roberts comments represent. We must put an end to pandering to naïve
> panic...]
>
> I used to think that ICANN was misguided and relatively harmless; it now
> seems very dangerous. The whole notion that the DNS is the vital source
> of magic names and authority is literally medieval. Making the DNS more
> secure is no more of a solution that the Maginot was for the French when
> they sought protection from Germany before World War II.
>
> I realize that the ICANN is not an evil conspiracy. It is just the
> result of a common and deep misunderstanding akin to the notion that
> words have fixed invariant meanings rather than being determined by
> usage. I realize that Mike Roberts is trying to do his best to help us.
> Unfortunately, given that ICANN is faced with an impossible meaning,
> many people do see conspiracy rather than just the failure of best
> efforts against an impossible mission.
>
> The use of the DNS as a source of meaning and authority is a direct
> violation of the fundamental design principle of the Internet -- that
> authority rests and the end points not in the center. The success of the
> Internet is a direct result of this principle. Creating central
> dependencies and vulnerabilities, like this, weakens the security of the
> net and stymies innovation.
>
> The DNS works well in as a housekeeping tool for tracking IP addresses
> and other information. Overloading it as a bad keyword system and an
> authoritative and secure source of meaning is dangerously misguided.
>
> Alas, this is just one more example of the price we pay for reacting
> blindly out of fear without understanding. I greatly fear those who try
> to do me good whether I like it or not.
>
> September 11th hysteria is a poor substitute for reason. By focusing on
> vulnerabilities we are failing to appreciate the resilience of a very
> large country in a very large world. It seems tiny and exposed on
> television and in blaring headlines. This makes it difficult to put
> tragedies in perspective and instead we leverage terrorism by become
> rigid. FDR was right in citing fear as the danger. We also should fear
> those who promise to eliminate risk rather than help us understand it.
>
> Is there any web site that gives perspective and assessment? I've been
> expecting the Anthrax attack to be domestic and we'll see whether it is.
> Have there been other "Bin Laden" attacks since Sept 11th? What is the
> current reality of WTC victims? Are the reports of Middle East
> support/protests supported by more than how well random video clips will
> play on TV?
>
> Bob Frankston
> http://www.Frankston.com
Date: Sat, 27 Oct 2001 22:20:22 -0400
From: vint cerf <vinton.g.cerf () wcom com>

Bob,

your message and Mike Roberts' message seem to be talking past each
other.

Mike is talking about the At Large Study Group, generally.

That everyone with an operating responsibility for some part of the
Internet needs to take resilience, robustness and recovery seriously
seems self-evident. Perhaps more so as people look to Internet to be
an increasingly useful and reliable communication infrastructure.
You and I are in agreement that expansion of the DNS top-level domains
is of uncertain value if the purpose is to turn DNS into some poor-quality
index/directory of Internet content. Some people are apparently convinced
either that DNS can/should be such a directory or that they can make a
lot of money because other people think that way.

ICANN concluded to allow modest expansion to find out what the consequences
would be (a bunch of lawsuits for starters!). I am glad we did not try to
open up TLDs wholesale on the first go around.

DNS itself can do little to prevent terrorist attacks. We can try to make
all the parts of the Internet increasingly resilient and resistant to various
forms of DOS - but the major vulnerabilities seems to be in the hosts.
We HAVE seen some bad problems with DNS in which responses to unasked queries
have overwritten tables and allowed hijacking of DNS entries. I'm sure the
catalog of problems merits attention.

I did not see anything in Mike's remarks that led me to think he was 
suggesting
that DNS can be a secure source of "meaning" - but why isn't it a useful 
exercise
to try to minimize the opportunity for making deliberately falsified bindings?
vint

From: "Bob Frankston" <BobRMF17 () Bobf Frankston com>
To: "'vint cerf'" <vinton.g.cerf () wcom com>,
"'Bob Frankston'" <rmf2g2 () Bobf Frankston com>, <farber () cis upenn edu>,
<ip-sub-1 () majordomo pobox com>
Cc: "'David Reed'" <dpreed () reed com>

First, I accept your criticism and one can read the message as simply
saying that we need to stop all the harping about ICANN and make
progress.

Phrases like "It's about keeping people from being killed by terrorist
plots hatched over the net" aren't at all temperate and are more in the
spirit of invoke fear rather than effective action. One needn't attack
the DNS to hatch a plot. In fact, one needn't use the DNS at all to
exchange messages. Stable IP addresses work fine and volatile ones can
be transmitted in a phone call.

As I pointed out, the real problem is that we are over-dependent on the
DNS as a smart center. The question is whether ICANN is compounding the
problem by increasing this dependency. In my earlier letter I noted that
Google has found that people are using lookup more than the DNS to find
things already.

There is a need for real debate on this issue. But I sympathize with
Mike in that the debate has been more about evil conspiracies than basic
issues. The very premise that the DNS is a vital center.

To the extent that it is we do need to be concerned about security
though the attacks seem to be more of the form of stealing domain names
for commercial purposes.

Rather than invoking the terrorist menace, it would be wise to separate
out the issues:

* Protecting the current domain servers independent of other TLD
policies. While I don't know the current protocols for shared control of
the .COM (et al) servers I presume that there is a lot of complexity
associated with preserving the "marketplace" that provides rich rewards
to its members. Would the problem be simpler if the TLDs had no
semantics and if there the names were owned and never reused?

* The whole issue of TLDs and names. Does this matter to the terrorists
beyond compounding the first issue? Well, there is a related issue for
those who think that one can control terrorism or Napster by controlling
the names.

* The issue I am concerned about -- how do we return the role of the DNS
to simply a source of stable handles? Security is still an issue but
simple protocols should go a long way to reducing the concerns. It could
also help by reducing churn in the servers. Instead of putting a billion
names at the top or second level we could create as many tertiary
servers as needed without the burden of using just one dot.

So I might be unfair in characterizing Mike as calling upon us to
militarize the servers (or maybe just nationalize them -- same thing at
this point) I do see the call for an end to the debate as endorsing a
fundamentally flawed, well not architecture as the DNS isn't bad, it is
a flawed perception of what the DNS is and how to use it. It is
certainly not about keeping terrorists from communicating.


Bob Frankston
http://www.Frankston.com

Date: Sun, 28 Oct 2001 00:24:37 -0400
From: vint cerf <vinton.g.cerf () wcom com>
as usual you and I are more in synch than not.

your message below makes it far more clear than the earlier one that
there are all kinds of alternatives to DNS to associate handles with
IP addresses - and we ought to be exploring the alternatives if they
are more robust and/or useful than the DNS (which has been very
useful and remarkably scalable).

vint


For archives see:
http://www.interesting-people.org/archives/interesting-people/