IETF, ICANN and Whois (Was Re: Last Call: <draft-housley-rfc2050bis-01.txt> (The Internet Numbers Registry System) to Informational RFC)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dan and John,

Thanks for the exchange last week.  As chair of ICANN's Board of Directors and an active participant in ICANN's current effort to take a fresh look at the Whois architecture and operation, your notes catch my attention in multiple ways.  But first, for the benefit of under forty crowd, let me briefly introduce myself.  In the late 1960s I chaired the ARPANET's Network Working Group, which eventually morphed into today's IETF.  I created the RFC series and I was one of the architects of the three facets of openness that are the foundation of the Internet protocol process, viz open architecture, open participation and open publication.  In the late 1980s and early 1990s I served as the first area director for security and later on the IAB.  I also co-chaired the POSIED Working Group that revised the standardization process, moving the authority from the IAB to the IESG, and in the mid 2000s I served on the ISOC board and participated in the formation and initial operation of the IETF Administrative Support Activity (IASA) and I served on its IAOC.  For the past 11 years I've been active in ICANN, serving for several years as the chair of the Security and Stability Advisory Committee and also on the board of ICANN, and about two years ago I was elected chair of the ICANN board.  And despite having spent a great deal of time in management and political roles in this environment, I remain fundamentally a technical person.

I want to share two thoughts, one about the role of the IETF, ICANN and other organizations within the Internet ecosystem, and one about Whois.

The great strength of the IETF is it's a forum for technical people to come together, work out the details of protocols, and publish consensus documents.  The IETF does not have any formal powers granted by legal authorities.  IETF standards are effective because they're accepted and they work, not because they're imposed on anyone.  IETF standards are respected around the world because they embody the wisdom and experience of the technical community.  No one is obliged to use the protocols created within the IETF, but, of course, a huge portion of the world does use these protocols.

ICANN was created in 1998 to operate the IANA function and to expand and organize the marketplace in domain names.  The IANA function is fundamentally a clerical service.  It records the assignment of unique identifiers that are used throughout the Internet, and it does so in accordance with the values and policies established by the community.  The IANA service includes publication of the IETF's protocol parameters, allocation of blocks of AS numbers, IPv6 address blocks, and, until recently, IPv4 blocks to RIRs, and administration of the top level of the domain name hierarchy.

Like the IETF, ICANN is also an open organization.  ICANN meetings are free, and a veritable ocean of documents are published regularly, many in multiple languages to increase availability.

ICANN is purposefully organized to include participation from a range of communities, e.g. business, civil society, governments, and the technical community.  As I write this, I am at a retreat for the ICANN Board focusing on strategic planning.  One of the seats on the Board is allocated to a liaison from the IETF, and thus I am actually sitting at the time I drafted this note in between Thomas Narten and Jonne Soininen, the outgoing and incoming IETF liaisons to the ICANN Board.

One of the large and often time-consuming activities within ICANN is the development of policies that pertain to the domain name system.  John Curran wrote:

> To be abundantly clear, you are hypothesizing a difference of opinion between the 
> IETF/IESG and the ICANN/RIR communities, wherein the technical guidance of the IETF 
> was considered during the ICANN/RIR decision process, but in the end the outcome was 
> contrary to IETF expectations.
> 
> This would be an unfortunate (but not impossible) situation, as many folks in the 
> combined community would likely have been involved during the process trying to 
> figure out why there is such a significant difference in views and facilitating
> sharing of the beliefs and thought processes that underlie the situation.

I agree completely with John.  It is indeed possible for ICANN to adopt policies that are not perfectly aligned with IETF recommendations.  Possible, but not usual.  Over here at ICANN we pay a LOT of attention to the IETF.  We depend heavily on the IETF's work and we never seek to duplicate or ignore it.  (I sometimes have to explain to my colleagues at ICANN who have not had the benefit of the IETF experience that "let's send it over to the IETF" doesn't work.  The IETF isn't a standing army ready to do ours or anyone else's work.  Rather, I say, it's a place where the relevant people can get together to get their work done.  And, indeed, a number of ICANN people actively participate in various IETF working groups.)

The roster of topics active within ICANN at any given time is fully documented and publicized, and I invite anyone who is interested to participate.  We listen to everyone, and we publish tentative results, tentative policies, etc. for everyone to critique.

Let me now turn to Whois.  The Whois system's origins go back to the earliest days of the Arpanet.  The roles of technical point of contact and administrative point of contact were usually the system administrator and his administrative manager for the time-sharing system at the laboratory at that site.  Each time-sharing system served somewhere between a few dozen and a few hundred users.  The users were not listed, just the administrators for the system.  There weren't really any issues of accuracy, privacy or accountability.  Today, of course, these terms apply to the registrants and supporting personnel for *each* domain name, and there are well over 100,000,000 domain names registered just within the generic top level domains.  The country code top level domains are roughly the same number, and their Whois structures and policies are each controlled by the individual ccTLD operator and their communities.

Last November, the ICANN Board accepted the recommendations of the Whois Review Team, an expert group commissioned under the Affirmation of Commitments (AoC) ICANN signed with the U.S. Department of Commerce in 2009.  The terms of reference included in the AoC continued the original model that the structure of Whois remain the same and that access be free and available to everyone.  A number of us on the ICANN Board had been concerned for a long time that purpose of the Whois system had evolved far away from its original purpose, and that it was well past time to take a fresh look at the entire system.  Accordingly, the Board initiated an effort, in parallel with acceptance and implementation of the Whois Review Team's recommendations, to start with a clean slate and think through whether we might be better served by a revised system.  An expert working group was assembled and is currently working through these issues.  Its output will be a consideration of the issues and recommendations for further work.  It is not yet clear whether the result of this effort will lead to a large change, a small change, or no change at all.  What is clear is that the results of this working group will become fully public, and any decisions will come through our usual policy development process.

As I said above, I invite anyone who is interested to participate.

The IETF, ICANN, the RIRs, ISOC, W3C and other organizations have all arisen within the ecosystem that accompanies the growth and prevalence of the Internet.  It is natural for there to be some tension, competition and rivalry among our institutions, but we have all been part of the same grand enterprise, we all share the same core values, and we all work toward the same goal of an open, innovative, expanding Internet.

Steve Crocker,
Chair, ICANN Board of Directors







On May 17, 2013, at 2:13 PM, John Curran <jcurran@xxxxxxxxxx> wrote:

> On May 15, 2013, at 7:50 PM, David Farmer <farmer@xxxxxxx> wrote:
> 
>> So lets play a little hypothetical here;  What if an RIR or ICANN through a global policy decided Whois Data no longer should be public for overriding privacy reasons.  My read of Section 5, is that would be proper path for such a change, and long as the technical guidance of the IETF is considered in the process.  But then through RFC 2860 and Section 5, if the IETF objected on technical or architectural grounds, and formally through the IESG, then the IAB would essentially adjudicate the issue.  And ICANN or the RIR are obligated to accept the decision of the IAB.  Do I have that right?
> 
> To be abundantly clear, you are hypothesizing a difference of opinion between the 
> IETF/IESG and the ICANN/RIR communities, wherein the technical guidance of the IETF 
> was considered during the ICANN/RIR decision process, but in the end the outcome was 
> contrary to IETF expectations.
> 
> This would be an unfortunate (but not impossible) situation, as many folks in the 
> combined community would likely have been involved during the process trying to 
> figure out why there is such a significant difference in views and facilitating
> sharing of the beliefs and thought processes that underlie the situation.  (btw,
> these types of efforts happen in more contexts than just the hypothetical one you 
> suggest, and are a good reason to ask "Have you hugged your AD recently"? ;-)
> 
>> To be clear, I'm not advocating Whois should or shouldn't remain public, or that anything is wrong with the Section 5.  This just seemed like a plausible hypothetical to explore how the puzzle pieces work together to make the Internet Numbers Registry System.  Also, I just want to fully understand what Section 5 really means.
> 
> Ultimately, your hypothetical situation could result in the breakdown of the present
> relationship between IETF and ICANN/RIR organizations (ref: RFC 2860, section 2), with 
> otherwise indeterminate consequences...  i.e. "It would be bad."   When the various 
> Internet organizations are aligned in the coordination of Internet critical resources 
> (DNS, IP addresses, protocol & parameter #'s), then the result is well understood.  
> We lack experience with the alternative, and it is not clear whether chair remains 
> upright when missing one or more legs.
> 
> FYI,
> /John
> 
> p.s. Disclaimer:  My views alone.
> 






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]