Re: [icann-europe] Good Old Entropy

["Griffini Giorgio" <grunz@tin.it>]

I will comment the J.Morfin reply below:

> Dear Griffini,
> I certainly share your point of view about the alt.root, but probably not 
> about what is the alt.root. If you think yourself a pure technician, I 
> would like you to be a real pure one, i.e. forgetting all the politics 
> introduced by the IAB, etc...
> 

When anyone choose to support an opinion (s)he is following a politic choice.
We may question about on how much such 'politic' choice is toward public or 
private interest and what is appropriate to do and what not and into which 
context but I'm sure you agree this is a completetely different subject.

> What is the case? Internet is a consensus by communicating owners to use 
> the TCP/IP protocol set under an addressing plan (IP addresses plus CNAMEs) 
> simplified by the use of an aliasing system with an easy to memorize 
> semantic. Do you object to that? I guess not.
> 
Ok.

> Now who is the boss? In a consensus everyone is the boss: people vote a 
> consensus with their feet. I am the boss on my machine. I decide the 
> protocol, I decide who to call, I decide what I say, I decide who I filter 
> out/in, etc... and I decide about my name and what it means in terms of 
> aliasing - ie which IP, which CNAME will be reached. Do you object to that? 
> I guess not.
> 

Ok.

> The naming service asked for a more sophisticated support than Host.txt 
and 
> respecting my free naming decision rights. This system has not only been 
> devised, but it works and seem to be able to cope with many new 
> development. It is a hierarchical database distributed on basically three 
> layers instead of being on a single computer root-server, zone-server, 
> name-server.
> 
> Why distributed? Only for one and single reason: to respect my authority on 
> my name.
> 
I'm not questioning about the freedom/authority on choosing own names

> I have headed the International operations of Tymnet in the 80s. We 
> interfaced Italcable as well as KDD, MCI, TeleGlobe, BT, Telefonica and 
> France Telecom, etc... We had a DNS like system: the Supervisor, it would 
> have had no problem in supporting billions of DNs. But we did not allow the 
> users to modify the Network routing information so we could for many good 
> reasons (robustness, security, speed, network organization, accounting, 
> cost, etc... ) have it virtually centralized (several distributed machines 
> for the generation to come when I left) and mirrored on four to six real 
> time systems polling each others and taking over in a few minutes in case 
> of failure of the current master. Very impressive. Such a system was far 
> better than the DNS .... but it did not permitted ME, the user, to decide 
> about my naming privileges and to change it.
> 
I think also that that system didn't allow two users to use the same name... 

> Now, how does any hierarchical database work? It is a tree with a root. By 
> nature such a root permits to access everything in the database. We are 
> technical here, not religious. So it means that if I want to have the name 
> bush.clinton.core I should be able to put it the base. And the DNS is 
> perfectly doing its job: I can do it and associate it with 
> jefsey.bush.clinton.gore and griffini.bush.clinton.gore.
> 

Here is the point.
You are 'binding' what one can do on limits of the tools you are using.
And all proposed solutions about DNS just extend the 'domain' (in the 
mathematical sense) where these limits may be exercised.  
If you like to be found as 'interested.in.special.effects.<TLD>' and me too, 
then someone has to 'authoritatively' solve this issue and give just one of us 
such privilege. Please remember that this happen due a technical limit of the 
tool (uniqueness) not a choice of yours, mine or who is called to resolve the 
conflict. 

> Now what are the problems we purely technically face:
> 
> 1) the database is by nature inclusive (includes everything in it). But it 
> just reports real life and real life is not perfect. In real life people do 
> mistakes or have conflicts. When they enter them in the database, the 
> database accepts them - its job - but the programs using the database may 
> fail. This prevents me to trust the database: I need to check its data. I 
> can do it myself, or I can trust someone to do it for me. The person or the 
> group of persons I trust becomes - in my opinion - "authoritative" (this is 
> the meaning of the word: its knowledge makes authority, not to be confused 
> with my authority on my machine. The only authority on the net is mine, the 
> one of the users).
> 

This seems supporting what I'm saying then maybe I haven't got exactly 
what you mean .

> How do you become authoritative on a matter: in learning, working and 
> clearing conflicts. It means that an authoritative version of the DNS has 
> filtered out conflicts for me. So it is absurd to say in real world there 
> is a single authoritative root. There is a single root. There are several 
> possible authoritative versions of it. This is true for zone files and 
> local files as well. As you may recall the DNS is recursive: this concept 
> is fully supported in the Bind 9 views (you may decide to see only a 
> portion of the name space or have it different).  A "single authoritative 
> root" is possible only on an empty system or in a divine system, not in an 
> human system.
> 

Yes there is no chance for a single authoritative root until we (internet 
users/actors) abandon the idea to use the DNS as a search tool. 
But by downgrading DNS names just to an 'IP lookup' (as it should be)  this 
can be done. The world telephone system works well in reaching someone 
and we resort to directories to find some one and not to a 'database' of 
'unique' identifiers. 
But it seems we cannot live without keying in '<something>.com' for 
searching them each time and pretend we find exactly the guys we are 
searching for.
It is like call a phone operator of a company and ask to talk to a people by 
just giving the name (and not the family name). Once there are no conflicts 
there are no problem. The alt root approach just seems to still using the 
name but just add the dept. "I would like to talk to the Jim who works in 
Accounting and not the one who works at Reception"
Think about what is being instead really done in the real life  (like privately 
saving the extension when found and so on) and I think you' ll catch all other 
details....

> 2) the second problem we face is the desire of powers of some people or 
> their love for money. The DNS is important for them as they have understood 
> that in controlling by fashion, intellectual terrorism, mis-education, law, 
> etc... the nodes of the DNS tree they could control the system. The 
> Directory issue you talk about.
>

Yes... but holding a directory doesn't require involvement of 'listed' parties nor 
requires any one to resort to just one 'authoritative' party. I search in the 
directory I like/prefer and shoot. I can make a my own private directory. 
Isn't it a little bit more freedom-aware  tool ?
 
> Obviously the most interesting one is the initial node: the root level. For 
> historical reasons the USCANN received initially most of it and decided to 
> believe it was their property. It could have worked should have them said 
> "we own the inclusive root. Everyone welcome: here are the Root and TLD 
> Best Practices, let go".
> 
> There would be no problem today as there will be no problem when we will 
> have forgotten about them. But, Mike Roberts decided he wanted to make some 
> small money out of it and to protect the bigger VeriSign money (he wanted 
> actually protect the network stability, but did not see that he imperiled 
> it) . He preferred to set-up the USG Root as an alternative to the 
> inclusive root in being authoritative only on the zones the TLD Manager had 
> contracted with him according to a TLD e-legal model of Louis Touton 
> devised. In doing so he purposedly blocked innovation and business 
> development to the exclusive advantage of VeriSign. RT/BP have been written 
> by us and will develop in parallel until they take over.
> 
> The next interesting node is the TLD level. Protected by the USCANN and the 
> TLD "owners" (they call themselves the business owner" while Jon Postel 
> clearly spelled out it is a service to the people who chose that TLD label 
> to differentiate heir name). And you see them carnying a rewading business 
> over a non existing good such as the DN in cooperation with the money added 
> value brought by TM people and UDRP.
> 

All the mess against ICANN is being done just about DNS  and other 
'dirty/noisy' works which are (formally) under ICANN responsability go quietly 
unnoticed and unquestioned (like protocol numbers assignment, 
maintainance and so on). 
This is a clear mark that 'the business' is mostly driving the scene when 
many talks loud about TLDs (both sides ,of course)

> But the most interesting node is the user level as it is the User Level and 
> from there you can bypass the orthes. Don't ask yourself why the default 
> root address is not an a Windows init file. Do you think that a 
> c:\windows\dns.ini file would not have been simpler to implement?
> 
I answer the question with another question... what do you think about the 
fact they switched toward on what they call 'Active Directory' ? 

> 
> In such an environment, the is today a single alternative roots (plural), 
> there are several authoritative roots trying to be as much as possible 
> inclusive/or value added and discriminating among potentially colliding 
> TLDs on clear TLD recognition criteria.
> 
> The alternative discriminative root is by the USCANN which is the only Root 
> Administrator with Name.Space to refuse to enter into a technical dialog 
> over a common effort to make the root more inclusive and to bring added 
> value to the users they serve.
> 
> I do hope that the jeopartization of the DNS will cease soon. As apure 
> technician you know that this is just to copy my root file into the USCANN 
> controlled machines. It would take three minutes and would certainly not 
> change anything to any user, except to make them free and fully 
> authoritative again.
> 
Yes, maybe... but the whole result will still suffer of limits of DNS when 
applied to the real silly world. (uniqueness, IP claims on which names are 
being used etc.)
I was just thinking on what could happen in next future looking at what is 
currently happening now.  
Oh sure...I'm a visionary, I have to admit.

Best regards.
Giorgio Griffini


-- 
To unsubscribe, e-mail: icann-europe-unsubscribe@lists.fitug.de
For additional commands, e-mail: icann-europe-help@lists.fitug.de