[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[icann-eu] Re: [icann-europe] Good Old Entropy
- To: icann-europe@fitug.de
- Subject: [icann-eu] Re: [icann-europe] Good Old Entropy
- From: Jefsey Morfin <jefsey@wanadoo.fr>
- Date: Sat, 07 Jul 2001 15:22:01 +0200
- Comment: This message comes from the icann-europe mailing list.
- Delivered-To: icann-europe@angua.rince.de
- In-Reply-To: <20010706231354.HLUI20938.fep19-svc.tin.it@xc2>
- Sender: owner-icann-europe@fitug.de
Dear Griffini,
I certainly share your point of view about the alt.root, but probably not
about what is the alt.root. If you think yourself a pure technician, I
would like you to be a real pure one, i.e. forgetting all the politics
introduced by the IAB, etc...
What is the case? Internet is a consensus by communicating owners to use
the TCP/IP protocol set under an addressing plan (IP addresses plus CNAMEs)
simplified by the use of an aliasing system with an easy to memorize
semantic. Do you object to that? I guess not.
Now who is the boss? In a consensus everyone is the boss: people vote a
consensus with their feet. I am the boss on my machine. I decide the
protocol, I decide who to call, I decide what I say, I decide who I filter
out/in, etc... and I decide about my name and what it means in terms of
aliasing - ie which IP, which CNAME will be reached. Do you object to that?
I guess not.
The naming service asked for a more sophisticated support than Host.txt and
respecting my free naming decision rights. This system has not only been
devised, but it works and seem to be able to cope with many new
development. It is a hierarchical database distributed on basically three
layers instead of being on a single computer root-server, zone-server,
name-server.
Why distributed? Only for one and single reason: to respect my authority on
my name.
I have headed the International operations of Tymnet in the 80s. We
interfaced Italcable as well as KDD, MCI, TeleGlobe, BT, Telefonica and
France Telecom, etc... We had a DNS like system: the Supervisor, it would
have had no problem in supporting billions of DNs. But we did not allow the
users to modify the Network routing information so we could for many good
reasons (robustness, security, speed, network organization, accounting,
cost, etc... ) have it virtually centralized (several distributed machines
for the generation to come when I left) and mirrored on four to six real
time systems polling each others and taking over in a few minutes in case
of failure of the current master. Very impressive. Such a system was far
better than the DNS .... but it did not permitted ME, the user, to decide
about my naming privileges and to change it.
Now, how does any hierarchical database work? It is a tree with a root. By
nature such a root permits to access everything in the database. We are
technical here, not religious. So it means that if I want to have the name
bush.clinton.core I should be able to put it the base. And the DNS is
perfectly doing its job: I can do it and associate it with
jefsey.bush.clinton.gore and griffini.bush.clinton.gore.
Now what are the problems we purely technically face:
1) the database is by nature inclusive (includes everything in it). But it
just reports real life and real life is not perfect. In real life people do
mistakes or have conflicts. When they enter them in the database, the
database accepts them - its job - but the programs using the database may
fail. This prevents me to trust the database: I need to check its data. I
can do it myself, or I can trust someone to do it for me. The person or the
group of persons I trust becomes - in my opinion - "authoritative" (this is
the meaning of the word: its knowledge makes authority, not to be confused
with my authority on my machine. The only authority on the net is mine, the
one of the users).
How do you become authoritative on a matter: in learning, working and
clearing conflicts. It means that an authoritative version of the DNS has
filtered out conflicts for me. So it is absurd to say in real world there
is a single authoritative root. There is a single root. There are several
possible authoritative versions of it. This is true for zone files and
local files as well. As you may recall the DNS is recursive: this concept
is fully supported in the Bind 9 views (you may decide to see only a
portion of the name space or have it different). A "single authoritative
root" is possible only on an empty system or in a divine system, not in an
human system.
2) the second problem we face is the desire of powers of some people or
their love for money. The DNS is important for them as they have understood
that in controlling by fashion, intellectual terrorism, mis-education, law,
etc... the nodes of the DNS tree they could control the system. The
Directory issue you talk about.
Obviously the most interesting one is the initial node: the root level. For
historical reasons the USCANN received initially most of it and decided to
believe it was their property. It could have worked should have them said
"we own the inclusive root. Everyone welcome: here are the Root and TLD
Best Practices, let go".
There would be no problem today as there will be no problem when we will
have forgotten about them. But, Mike Roberts decided he wanted to make some
small money out of it and to protect the bigger VeriSign money (he wanted
actually protect the network stability, but did not see that he imperiled
it) . He preferred to set-up the USG Root as an alternative to the
inclusive root in being authoritative only on the zones the TLD Manager had
contracted with him according to a TLD e-legal model of Louis Touton
devised. In doing so he purposedly blocked innovation and business
development to the exclusive advantage of VeriSign. RT/BP have been written
by us and will develop in parallel until they take over.
The next interesting node is the TLD level. Protected by the USCANN and the
TLD "owners" (they call themselves the business owner" while Jon Postel
clearly spelled out it is a service to the people who chose that TLD label
to differentiate heir name). And you see them carnying a rewading business
over a non existing good such as the DN in cooperation with the money added
value brought by TM people and UDRP.
But the most interesting node is the user level as it is the User Level and
from there you can bypass the orthes. Don't ask yourself why the default
root address is not an a Windows init file. Do you think that a
c:\windows\dns.ini file would not have been simpler to implement?
In such an environment, the is today a single alternative roots (plural),
there are several authoritative roots trying to be as much as possible
inclusive/or value added and discriminating among potentially colliding
TLDs on clear TLD recognition criteria.
The alternative discriminative root is by the USCANN which is the only Root
Administrator with Name.Space to refuse to enter into a technical dialog
over a common effort to make the root more inclusive and to bring added
value to the users they serve.
I do hope that the jeopartization of the DNS will cease soon. As apure
technician you know that this is just to copy my root file into the USCANN
controlled machines. It would take three minutes and would certainly not
change anything to any user, except to make them free and fully
authoritative again.
Jefsey
On 01:09 07/07/01, Griffini Giorgio said:
>Hi all,
>The discussion which is currently being held about ICANN / DOC / ALT
>ROOTS changes nothing about dynamics on how we (the 'pure'
>technicians, with many excuses to real technicians) always would like to
>have the DNS problem solved (which is not the alt roots way).
>Would anyone like to be unable to reach anyone ? Or in other words... how
>many people would like being limited to see and reach just a limited (with
>limits as big as you like) subset of the whole ?
>The jeopardization of pseudo-root servers will simply and finally give way to
>the 'directory' era and this will finally close the technical abuse of DNS
>when
>used to reach the goal of 'visibility (in the marketing sense of the word) on
>the net'.
>Probably would be better to migrate in a more coordinate and planned way in
>order to not disrupt or confuse who use / will use the Internet in the
>next near
>future... but such delicate option will sound like to try to mix a glass
>of cool
>water into a glass of hot water and desire that temperature simply drop
>instantly into each cubic inch of the resulting 'bowl'...
>Ah... entropy... good old entropy...
>
>BTW, the next battle will be on who will control 'directories' so the toy
>for
>political/commercial plays will remain ... but almost, technically speaking,
>we'll get a result... the heavvy and hard way... probably...
>
>Sorry for the emphasis...
>
>Best regards
>Giorgio Griffini
>
>
>--
>To unsubscribe, e-mail: icann-europe-unsubscribe@lists.fitug.de
>For additional commands, e-mail: icann-europe-help@lists.fitug.de