At 03:39 PM 11/29/2003 -0800, Karl Auerbach wrote: >On Sat, 29 Nov 2003, vinton g. cerf wrote: > >> I strongly object to your characterization of ICANN as "abandoning" >> the operation of roots and IP address allocation. These matters have >> been the subject of discussion for some time. > >I can't seem to recall during my 2 1/2 years on ICANN's board that there >ever was any non-trivial discussion, even in the secrecy of the Board's >private e-mail list or phone calls, on the matters of IP address >allocation or operation of the DNS root servers. Because I was the person >who repeatedly tried to raise these issues, only to be repeatedly met with >silence, I am keenly aware of the absence of any substantive effort, much >less results, by ICANN in these areas. The fact that there were few board discussions does not mean that staff was not involved in these matters. Discussions with RIRs have been lengthy and have involved a number of board members. >So, based on my source of information, which is a primary source - my own >experience as a Director of ICANN, I must disagree that ICANN has actually >faced either the issue of DNS root server operations or of IP address >allocation. And ICANN's "enhanced architecture for root server security" >was so devoid of content as to be embarrassing - See my note at >http://www.cavebear.com/cbblog-archives/000007.html > >The DNS root server operators have not shown any willingness to let ICANN >impose requirements on the way they run their computers. Indeed, the >deployment of anycast-based root servers without even telling ICANN in >advance, much less asking for permission, is indicative of the distance >between the operations of the root servers and ICANN. Sorry, anycast has been out there for quite a while; I am surprised you didn't know that. We had discussions about anycast with the SECSAC and the RSSAC and confirmed that there were few risks. The GAC requested and received a briefing on this as well. >[I believe that the anycast change was a good one. However, there is no >way to deny that that change was made independently of ICANN.] Anycast may even have preceded the creation of ICANN - perhaps an IETF source or one of the root server operators can say when the first ANYCAST deployments were done. >Sure, ICANN prepares, or rather, Verisign prepares and ICANN someday hopes >to prepare, the root zone file that the DNS root servers download. But to >say that preparation of a small, relatively static, text file is the same >as overseeing the root servers is inaccurate. > >In addition, the root server operators have shown that they are very able >to coordinate among themselves without ICANN's assistance. > >> ICANN absolutely recognizes the critical role of the RIRs > >Again, recognizing the RIRs is an admission that ICANN has abandoned its >role as the forum in which public needs for IP addresses and technical >demands for space and controled growth of routing information are >discussed and balanced. Fortunately the RIRs have matured and are >themselves the IP address policy forums that ICANN was supposed to have >been. Moreover, the RIRs have shown that they are more than capable of >doing a quite good job of coordinating among themselves. The RIRs have agreed to use the ASO as the mechanism for conducting global policy discussions - you seem to think that unless ICANN is dictating everything it is doing nothing. Sorry, I don't buy it. >> There is still need for coordination of policy among these groups >> and the other interested constituents and that is the role that >> ICANN will play. > >Again, ICANN can not demonstrate that it has engaged, because it has not >engaged, in the "coordination" of IP address "policy". Sure, ICANN has >facilitated the creation of a couple of new RIRs. But again, there is >vast distance between that and ICANN being the vehicle for policy >formulation or oversight to ensure that those policies are in the interest >of the public and technically rational. > > >I have serious doubts that ICANN will be able to meet its obligations >under the most recent terms of the oft-amended Memorandum of Understanding >between ICANN and the Department of Commerce. I see no sign that the DNS >root server operators or the RIRs are going to allow themselves to become >dependencies of ICANN and to allow their decisions to be superseded by >decisions of ICANN's Board of Directors. they don't need to become "dependencies" for this process to work - you are setting up a strawman that I don't buy into, karl. What we are looking for is coordination of policy development in such a way that affected parties have an opportunity to raise issues. That's what the reform of the ICANN process was all about. I am not interested in having the decision of the Board of Directors supersede RIR or Root Server recommendations. I am interested in assuring that any policies developed have input from affected constituencies and that these are factored into the policies developed. vint cerf > --karl-- Vint Cerf SVP Technology Strategy MCI 22001 Loudoun County Parkway, F2-4115 Ashburn, VA 20147 703 886 1690 (v806 1690) 703 886 0047 fax vinton.g.cerf@xxxxxxx www.mci.com/cerfsup