IP: RE: ICANN's new role: It's about keeping people from being killed by terrorist plots hatched over the net says Mike Roberts

[David Farber <dave () farber net>]

At the risk of prolonging the harsh tone issue, Mike has to be a lot more 
careful of how he says things if he is not interested in seeing the 
divisive issues continued. The tone was just wrong irrelevant as to the 
intent. I am reminded of the VP who is credited with telling one of the 
ultra-hawks in DoD to keep his mouth shut. I believe someone should suggest 
to Mike that he tone down the rhetoric and be more statesman like. He would 
have more of an impact.

Dave

 At 12:24 AM 10/28/2001 -0400, vint cerf wrote:
> as usual you and I are more in synch than not.
>
> your message below makes it far more clear than the earlier one that
> there are all kinds of alternatives to DNS to associate handles with
> IP addresses - and we ought to be exploring the alternatives if they
> are more robust and/or useful than the DNS (which has been very
> useful and remarkably scalable).
>
> vint
>
> At 12:18 AM 10/28/2001 -0400, Bob Frankston wrote:
> >First, I accept your criticism and one can read the message as simply
> >saying that we need to stop all the harping about ICANN and make
> >progress.
> >
> >Phrases like "It's about keeping people from being killed by terrorist
> >plots hatched over the net" aren't at all temperate and are more in the
> >spirit of invoke fear rather than effective action. One needn't attack
> >the DNS to hatch a plot. In fact, one needn't use the DNS at all to
> >exchange messages. Stable IP addresses work fine and volatile ones can
> >be transmitted in a phone call.
> >
> >As I pointed out, the real problem is that we are over-dependent on the
> >DNS as a smart center. The question is whether ICANN is compounding the
> >problem by increasing this dependency. In my earlier letter I noted that
> >Google has found that people are using lookup more than the DNS to find
> >things already.
> >
> >There is a need for real debate on this issue. But I sympathize with
> >Mike in that the debate has been more about evil conspiracies than basic
> >issues. The very premise that the DNS is a vital center.
> >
> >To the extent that it is we do need to be concerned about security
> >though the attacks seem to be more of the form of stealing domain names
> >for commercial purposes.
> >
> >Rather than invoking the terrorist menace, it would be wise to separate
> >out the issues:
> >
> >* Protecting the current domain servers independent of other TLD
> >policies. While I don't know the current protocols for shared control of
> >the .COM (et al) servers I presume that there is a lot of complexity
> >associated with preserving the "marketplace" that provides rich rewards
> >to its members. Would the problem be simpler if the TLDs had no
> >semantics and if there the names were owned and never reused?
> >
> >* The whole issue of TLDs and names. Does this matter to the terrorists
> >beyond compounding the first issue? Well, there is a related issue for
> >those who think that one can control terrorism or Napster by controlling
> >the names.
> >
> >* The issue I am concerned about -- how do we return the role of the DNS
> >to simply a source of stable handles? Security is still an issue but
> >simple protocols should go a long way to reducing the concerns. It could
> >also help by reducing churn in the servers. Instead of putting a billion
> >names at the top or second level we could create as many tertiary
> >servers as needed without the burden of using just one dot.
> >
> >So I might be unfair in characterizing Mike as calling upon us to
> >militarize the servers (or maybe just nationalize them -- same thing at
> >this point) I do see the call for an end to the debate as endorsing a
> >fundamentally flawed, well not architecture as the DNS isn't bad, it is
> >a flawed perception of what the DNS is and how to use it. It is
> >certainly not about keeping terrorists from communicating.
> >
> >
> >
> >Bob Frankston
> >http://www.Frankston.com
> >
> >
> >-----Original Message-----
> >From: vint cerf [mailto:vinton.g.cerf () wcom com]
> >Sent: Saturday, October 27, 2001 22:20
> >To: Bob Frankston; farber () cis upenn edu; ip-sub-1 () majordomo pobox com
> >Cc: David Reed
> >Subject: RE: ICANN's new role: It's about keeping people from being
> >killed by terrorist plots hatched over the net says Mike Roberts
> >
> >Bob,
> >
> >your message and Mike Roberts' message seem to be talking past each
> >other.
> >
> >Mike is talking about the At Large Study Group, generally.
> >
> >That everyone with an operating responsibility for some part of the
> >Internet needs to take resilience, robustness and recovery seriously
> >seems self-evident. Perhaps more so as people look to Internet to be
> >an increasingly useful and reliable communication infrastructure.
> >
> >You and I are in agreement that expansion of the DNS top-level domains
> >is of uncertain value if the purpose is to turn DNS into some
> >poor-quality
> >index/directory of Internet content. Some people are apparently
> >convinced
> >either that DNS can/should be such a directory or that they can make a
> >lot of money because other people think that way.
> >
> >ICANN concluded to allow modest expansion to find out what the
> >consequences
> >would be (a bunch of lawsuits for starters!). I am glad we did not try
> >to
> >open up TLDs wholesale on the first go around.
> >
> >DNS itself can do little to prevent terrorist attacks. We can try to
> >make
> >all the parts of the Internet increasingly resilient and resistant to
> >various
> >forms of DOS - but the major vulnerabilities seems to be in the hosts.
> >We HAVE seen some bad problems with DNS in which responses to unasked
> >queries
> >have overwritten tables and allowed hijacking of DNS entries. I'm sure
> >the
> >catalog of problems merits attention.
> >
> >I did not see anything in Mike's remarks that led me to think he was
> >suggesting
> >that DNS can be a secure source of "meaning" - but why isn't it a useful
> >exercise
> >to try to minimize the opportunity for making deliberately falsified
> >bindings?
> >
> >vint
> >
> >
> >
> >At 09:15 PM 10/27/2001 -0400, Bob Frankston wrote:
> >>The use of the DNS as a source of meaning and authority is a direct
> >>violation of the fundamental design principle of the Internet -- that
> >>authority rests and the end points not in the center. The success of
> >the
> >>Internet is a direct result of this principle. Creating central
> >>dependencies and vulnerabilities, like this, weakens the security of
> >the
> >>net and stymies innovation.
> >>
> >>The DNS works well in as a housekeeping tool for tracking IP addresses
> >>and other information. Overloading it as a bad keyword system and an
> >>authoritative and secure source of meaning is dangerously misguided.


For archives see:
http://www.interesting-people.org/archives/interesting-people/