Multiple Roots are "a good thing" - Karl Auerbach

For the Internet to work, at least with currently accepted DNS standards,
everyone has to use the same root servers. Otherwise things can rapidly
degenerate into chaos. The whole point of law and due process is that
a duly authorized somebody has to have the authority to insist that
everyone use the same root servers.

Sorry, Miles, it's not true. It's just ICANN FUD.

Andrew McLaughlin, ICANN's chief policy officer, has said that potential
problems exist for users with any of the several alternative root or domain
systems on the market. He argues:

"The Internet works because of common protocols. The DNS protocol depends for
its reliability and trustworthiness on the principle of authoritative
uniqueness, which requires the use of a single root."

He added "Anything else creates the potential for conflicts."

Read carefully, Andrew McLaughlin is saying there's a need for uniqueness as
otherwise the same name will resolve in different ways. He is arguing, like
you, that the *only* way to resolve the problem is with a unique (read "ICANN")
root.

Of course, ICANN's claim to be the one and only authority over the internet
allows them to get away with introducing a new dot BIZ knowing it is causing a
collision. But, in answer to your point, Karl Auerbach has described how
multiple roots work as follows:

"What I would say to the House Commerce Committee were I invited to testify"
by Karl Auerbach.

<snip>

2. Multiple Roots are "a good thing"

http://www.cavebear.com/cavebear/growl/issue_2.htm#multiple_roots

It wasn't that many years ago in the United States when there was one big,
monolithic telephone company.

It was taken as gospel by many that the stability of the telephone network
depended on there being one unified, monolithic telephone company.

We've seen through that. Today we have a flourishing competitive telephone
system filled with all kinds of commercial and technical offerings that were
inconceivable during the days of "Ma Bell".

We routinely use directory services in a multiplicity of forms -- telephone
books published by local telephone companies or entrepreneurs, 411 services in
various shapes and forms, web pages, or even on CD-ROMs (indeed a well known
Supreme Court case involved a telephone directory published on CD-ROM).

These telephone directories are not published by any unified authority, there is
no regulatory body sitting over them. And we as consumers are not damaged or
harmed by this. And the telephone system continues to work just fine.

Yet, on the Internet there are those who wail and gnash their teeth at the
thought that the Domain Name System, the Internet's "white pages" might have
multiple points of entry.

Indeed, the whole series of documents from NTIA -- including the Green and White
Papers -- and the existence of ICANN is founded on the notion that there is but
one root system for the Domain Name System.

I assert that those nay-sayers are wrong.

I assert that just like the telephone system can have multiple publishers of
telephone directory services, the Internet can have multiple roots to the Domain
Name System.

There is no doubt that as a purely technical matter, the Internet can have
multiple root systems for the DNS. It has had these for years.

The question is whether to recognize the value and use of multiple root systems
and not foreclose them.

Let's get a bit more specific.

When I say "multiple root systems", I mean a regime in which you, or I, or
anybody can set up a set of computers to serve as a suite of root servers for
the DNS.

In other words, you, or I, or anybody could establish a group of computers to
operate in parallel with, and not necessarily in administrative coordination
with, the legacy A-L.root-servers.net computers now operated by NSI, IANA, ICANN
and others.

From a technical point of view all that a root server group does is to give its

users a way to find the DNS servers that handle the various Top Level Domains
(TLDs). The root servers do not themselves answer queries about what names are
inside the various TLDs. Those questions are passed on to the TLD servers
themselves.

That is a subtle point and a point that is often lost when discussing the DNS.

It bears repeating -- all that a root server does is to answer queries about how
to find a server handling a TLD named in the query. In other words, a root
server only answers queries such as "Where do I find a server that contains the
list of names in .com?".

Now that we know that root servers and root server systems are nothing more than
the doorway through which one enters the Domain System, we can ask this
question:

What happens when we begin to think of the Domain Name System not as an
intrinsic core service of the Internet, but rather as an elective service that
can be offered by many providers and among which customers and user select based
on the packages offered by the providers?

I'll give you a preview of the answer: We end up with a stable Internet with no
loss of reachability. We get a system of competitive root operators who make
business decisions about what TLDs they want to incorporate into their
"inventory". We get rid of questions about "how many TLDs should be created?".
We don't need complicated ICANN-like quasi-governmental agencies overseeing the
DNS and the Internet. And we end up with a means for communities of users to
fine tune the view of the Internet Landscape that they want to allow into their
communities.

So, you should be asking yourselves, how does this Nirvana come about?

Imagine each operator of a root server system as a store. The shelves contain
the store's inventory. In this case the inventory consists of TLDs that the
root server system knows about.

Thus, a user of a root server system will perceive a Domain Name name space
composed of the TLDs in the store (the root server system) that that user has
elected to use.

Now, I should mention, that when I say "user has elected to use", I don't really
usually mean the end-user directly. In most cases, the end-user will have
delegated the choice to that user's ISP or to his or her organizational
information manager. Of course, the technically inclined, such as myself, will
tend to make the choice for ourselves.

How does a root server operator select the inventory of TLDs that it wishes to
offer? The answer is "whatever satisfies the needs and demands of the
operator's customer base."

If we look at this through the eyes of a businessman operating a root server
system, we realize that there are two elements that the customers will care
about: TLD coverage and value added services.

As a general rule, customers of a root server system will act much like
subscribers to a cable TV system -- they will want as many TLDs (or as many
channels) as they can get. This will drive the root server system operators to
include as many viable TLDs as they can into their inventory.

The net result of all the root system operators following this strategy will be
that they all attempt to trump one another by each including more TLDs. The end
of this is that all root server operators will incorporate all viable TLDs. The
benefit of this is that the domain names of all people and organizations who
have registrations in these TLDs will be essentially universally resolvable no
matter which root server system us being used.

I've used the phrase "viable TLDs" to describe those which are of a character
that most reasonable root system operators would feel that they could
incorporate that TLD into their inventory without undue risk of problems. It is
easiest to define "viable TLDs" by listing what kind of TLDs would be
non-viable. TLDs that are being contested are not very viable. Thus, if two or
more claimants were offering different versions of a TLD named ".foo", it would
be unlikely that any root system operator would add any version of ".foo" to the
inventory.

This tends to remove the issue of TLD ownership from the current ICANN
regulatory framework and place it where it belongs -- in the traditional give
and take world of business and open market economics.

Since all root server systems will tend to eventually incorporate all viable
TLDs into their inventory, value added services will tend to become the
differentiating factor between root server systems. One might well ask how a
root server system can offer value added services? It does seem an odd concept
at first, but then again, a few years ago, the notion of value added long
distance telephone services was an odd concept.

An example of a value added service would be that of filtration -- A root server
system operator may offer a service in which customers who use that root will be
able to have the responses cleaned of any answers that are sources of
pornographic material. This could be a valuable tool for communities that wish
to tailor their view of the Internet Landscape according to their own community
standards. And it is a mechanism which allows any member to opt out of the
community, and its restrictions, simply by selecting another root server
operator.

Yes, there are other ways to achieve the same kind of filtering, but who are we
to say which methods are the most viable? Indeed, we should be careful not to
dismiss, or worse to foreclose, an area of Internet entrepreneurship simply
because we don't see the immediate value.

I'd like to finish this discussion about multiple roots with a few observations.

Multiple root systems add to the stability of the internet by removing a
dependence on a single root system for the Domain Name System.

Multiple root systems eliminate the need to face questions such as "what new
gTLDs should be added" - multiple root systems permit the marketplace to provide
the answer.

Multiple root systems provide means for inventors and entrepreneurs to create
new ways of packaging DNS servers. And I've suggested one such extension that
could add a new means for individuals or communities to shield themselves from
the tidal wave of questionable material on the Internet.

So, why have multiple root systems not evolved?

One of the reasons is that the existing system has so far worked reasonably
well, so there has been little pressure. But there is a very strong secondary
reason -- those who have advocated or established a multiple root system have
been shunned by the technical community.

But the biggest reason why it hasn't happened is that ever since the NTIA
process started, the idea that there could be multiple roots has been swept
aside with an administrative flick of the wrist and an offhand repetition of the
stale legend: "oh that would never comport with network stability".

<snip>

On Monday, March 19, 2001 4:25 AM (AEST)

[ On Monday, March 19, 2001 at 03:38:54 (+1100), Patrick Corliss wrote: ]
> Subject: Multiple Roots are "a good thing" - Karl Auerbach
>
>
> > For the Internet to work, at least with currently accepted DNS standards,
> > everyone has to use the same root servers. Otherwise things can rapidly
> > degenerate into chaos. The whole point of law and due process is that
> > a duly authorized somebody has to have the authority to insist that
> > everyone use the same root servers.
>
> Sorry, Miles, it's not true. It's just ICANN FUD.

Obviously you haven't got a friggin clue about how the DNS works either
technically or politically.

Hi Greg

Interesting you should say that based on what I think is my second posting to
this list. And that posting quite fairly quoted both points of view. The
argument I'm favouring is that put by Karl Auerbach who is considered by many to
be a leading expert on the internet.

I see that your partnership specializes in networking and Unix system
administration. As you seem to be rather competent, perhaps you could tell me
more clearly why you think Karl Auerbach is mistaken in his arguments. They
seem rather well thought out to me.

Much of Karl's expertise seems rather similar to your own. It includes secure
operating systems and secure networks as well as Advanced Internet Architectures
with Cisco Systems.

You will find it described at http://www.cavebear.com/CaveBear/karl.html

Read what the man said: "Otherwise things can rapidly degenerate into
chaos."

They might. Then again they might not. Depends who's in charge.

> Andrew McLaughlin, ICANN's chief policy officer, has said that potential
> problems exist for users with any of the several alternative root or domain
> systems on the market. He argues:
>
> "The Internet works because of common protocols. The DNS protocol depends

for

> its reliability and trustworthiness on the principle of authoritative
> uniqueness, which requires the use of a single root."
>
> He added "Anything else creates the potential for conflicts."
>
> Read carefully, Andrew McLaughlin is saying there's a need for uniqueness as
> otherwise the same name will resolve in different ways. He is arguing, like
> you, that the *only* way to resolve the problem is with a unique (read

"ICANN")

> root.

Now look who's reading between the lines! He explicitly did not say
"ICANN roots". There's no need for ICANN to control the root servers,
and indeed they don't really do so now. All that matters is that there
can only be one true authoritative set of root servers for the public
DNS.

You're the one reading between the lines. I didn't say anything about
"control".

Andrew McLaughlin said a "unique root". Karl Auerbach said "multiple roots".

It is clear to me at least that they are inherently different architectures.

Regards
Patrick Corliss

> For the Internet to work, at least with currently accepted DNS standards,
> everyone has to use the same root servers. Otherwise things can rapidly
> degenerate into chaos. The whole point of law and due process is that
> a duly authorized somebody has to have the authority to insist that
> everyone use the same root servers.

Sorry, Miles, it's not true. It's just ICANN FUD.

I respectfully disagree, at least in part.

Read carefully, Andrew McLaughlin is saying there's a need for
uniqueness as otherwise the same name will resolve in different ways.
He is arguing, like you, that the *only* way to resolve the problem is
with a unique (read "ICANN") root.

I probably should have said, in the first place, that if there are
multiple roots, they need to be authoritative. One can envision a number
of ways for that to be implemented - most of which would seem to require a
human arbiter to settle disputes (if not ICANN, then some other body).

re. Karl Auerbach's comments:

"What I would say to the House Commerce Committee were I invited to testify"
by Karl Auerbach.

2. Multiple Roots are "a good thing"

We routinely use directory services in a multiplicity of forms -- telephone
books published by local telephone companies or entrepreneurs, 411 services in
various shapes and forms, web pages, or even on CD-ROMs (indeed a well known
Supreme Court case involved a telephone directory published on CD-ROM).

I would suggest that telephone books/directories are not an appropriate
analogy. Rather, DNS is a lot closer to the internal plumbing of the net -
more akin to Signalling System #7. I'd guess that for 95% or more of phone
calls, the caller already knows the numeric phone number in question -
while for the Internet, very few people give their email addresses as
mfidelman@207.226.172.79 or http://207.226.172.79. Telephone directories
are optional in most cases, DNS is not.

Yes, the Internet can function on
numeric IP addresses alone - but unlike the phone network, people don't
give out email addresses or URLs containing their numeric host addresses.

Regarding the rest of Karl's article, talking aout a completely open world
of multiple root servers. I am simply reminded of the days when we had
rapid additions to the range of area codes an local exchanges. I remember
numerous times when I could not make a call from a company's PBX - because
that PBX's software hadn't been updated, and didn't recognize the validity
of some new area code or exchange. I've also encountered this problem with
software not recognizing new zip codes.

At least with phone numbers and zip codes, we don't have the problem of
overlapping namespaces - there are clearly established legal and
regulatory authorities that manage the telephone numbering and postal code
namespaces.

I suggest that there are three very specific problems that need to be
addressed:

- propagation of new namespace information

- uniqueness of namespace information.

- avoiding namespace hijacking

As long as there is a single set of root nameservers, run by a single,
accountable organization, these are easy problems. As soon as one admits
of multiple root servers, the following problems have to be addressed:

- the operational problems of dealing with incomplete propogation of
information (particularly when dealing with the clueless: "what do you
mean you can't find my web site, I registered it with new.net")

- an official way to deal with conflicts between overlapping top level
domains (dealing with the trademark issues is bad enough, but where does
someone go to fight out ownership of "good.sex" when 100s of different
people register it with competing registrars) -- I'm not saying we can't
come up with an arbitration scheme and somebody with the clout to
enforce decisions, just that one will be needed. In the current system, as
with phone numbers and area codes, there simply is no way that the same
domain can be assigned to multiple people.

- a similarly offical mechanism for dealing with conflicts when different
registrars, above board or otherwise, provide different information for
the same domain

In other words, we need an authorized international body with the clout to
oversee the whole mess. But then, isn't that what ICANN is supposed to be?
(Or would you rather have the ITU oversee the Internet?)

Speaking as someone who hosts a whole bunch of web sites and web sites,
I see a world of profit-motivated, competing rootservers as creating an
incredible number of problems that I'd just as soon not have to deal with.

First off let me now blast you into oblivion for posting your response
to my *PRIVATE* message!!!!! That was a *REALLY* stupid thing to do.
You've now lost all the points you might have had in this game and gone
negative....

[ On Monday, March 19, 2001 at 05:36:57 (+1100), Patrick Corliss wrote: ]

Subject: Re: Multiple Roots are "a good thing" - Karl Auerbach

Interesting you should say that based on what I think is my second posting to
this list. And that posting quite fairly quoted both points of view. The
argument I'm favouring is that put by Karl Auerbach who is considered by many to
be a leading expert on the internet.

Well anyone justifying their claims by quoting Auerbach is obviously not
doing either the politically or technically astute thing.....

(quoting his entire proposal was also bad etiquette)

I see that your partnership specializes in networking and Unix system
administration. As you seem to be rather competent, perhaps you could tell me
more clearly why you think Karl Auerbach is mistaken in his arguments. They
seem rather well thought out to me.

Auerbach proposes a system of guaranteed political chaos. Perhaps in
the long run this would cause a real directory service to appear -- one
which could span the resulting DNS discontinuity -- but in the mean time
it will only cause more and more Internet-based ventures to fail as it
drives a wedge of complete confusion into every user's mind.

Furthermore since Auerbach's proposal breaks the design of the DNS
without proposing a replacement for the reliability mechanisms, it's
bound to fail technically too. (Though of course a vast number of
domains now operating on the internet fail to take into account the
design constraints of the DNS too, and though many of them really do
fail spectacularly sometimes they're still not properly fixed.)

Much of Karl's expertise seems rather similar to your own. It includes secure
operating systems and secure networks as well as Advanced Internet Architectures
with Cisco Systems.

I'm very well aware of his past. You should try reading a few threads
he participated in from ancient Usenet history (1980-1995) once Google
get it back online. You're welcome to read threads I participated in
too and make up your own mind, of course.

They might. Then again they might not. Depends who's in charge.

"Depends on who's in charge." Hmmm.... so what exactly then is the
difference between Auerbach's scheme and one where there's one root just
as the design calls for? At least if you adhere to the technical design
you won't run into technical problems as Auerbach's proposal is bound to
do.

Andrew McLaughlin said a "unique root". Karl Auerbach said "multiple roots".

It is clear to me at least that they are inherently different architectures.

Well of course. But "a unique root" need not be controlled by someone
or some group that you happen to disagree with.

The correct way to fight against a DNS root controlled by someone you
don't like is not to propose multiple DNS roots, but rather to campaign
for a democratic root. Auerbach's proposal is not technically sound and
is political suicide.

You really really really need to read (and understand) Paul Vixie's
Nov. 1995 paper "External Issues in DNS Scalability" proposing a
technically workable fix to the DNS politics (i.e. the one he sent a
link for to the NANOG list a wee while back).

[ On Sunday, March 18, 2001 at 14:23:26 (-0500), Miles Fidelman wrote: ]

Subject: Re: Multiple Roots are "a good thing" - Karl Auerbach

I would suggest that telephone books/directories are not an appropriate
analogy. Rather, DNS is a lot closer to the internal plumbing of the net -
more akin to Signalling System #7. I'd guess that for 95% or more of phone
calls, the caller already knows the numeric phone number in question -
while for the Internet, very few people give their email addresses as
mfidelman@207.226.172.79 or http://207.226.172.79. Telephone directories
are optional in most cases, DNS is not.

You are absolutely correct.

Telephone directories are most definitely *not* like the DNS. A domain
name is more like a telephone number itself, and as you say the IP
numbers are more like the underlying circuit routing glue in something
like SS#7. We really do not have a "telephone directory" for the
Internet (unless you count WHOIS/RWHOIS). A directory is something that
can be searched with approximate matches. Because the DNS is
"D"istributed, it is literally impossible search it that way (and if
there were multiple roots then all users would really be up the creek
without the proverbial paddle!).

Yes, the Internet can function on
numeric IP addresses alone

The Internet could sort of run on IP address numbers alone (but it
almost never has -- there was hosts.txt before DNS). However since IP
numbers can change (at a much greater frequency than telephone numbers
ever change) without the "content" changing, the indirection of DNS
names to IP numbers is a critical part of the longer-term consistency of
the net.

In the phone system analogy it would be like having the phone company
come along and randomise your entire number every month or so (not just
your "network" (aka local exchange) number). Since most people don't
actually move locations that often such a regular but random renumbering
that was not in the direct control of the user would cause general havoc
with telephone users.

In the real-world phone systems it might not be so easy to re-number and
re-route exchanges in the underlying signaling systems as it is to
renumber IP networks, but then again most analogies only go so far....

- but unlike the phone network, people don't
give out email addresses or URLs containing their numeric host addresses.

Well, some spammers do, but that's their fault!

In other words, we need an authorized international body with the clout to
oversee the whole mess. But then, isn't that what ICANN is supposed to be?
(Or would you rather have the ITU oversee the Internet?)

some days I'd rather have the UN do it...

Andrew McLaughlin, ICANN's chief policy officer, has said that potential

(...)

"The Internet works because of common protocols. The DNS protocol depends for
its reliability and trustworthiness on the principle of authoritative
uniqueness, which requires the use of a single root."

The DNS namespace is a lot like assigning shortwave radio frequencies, which
have a worldwide reach. We've seem some pretty spectacular bidding for 3G
UMTS frequencies.

It would be interesting to look for parallels, and see how international
radio frequencies are given out. Perhaps we can learn something.

I once read that the FCC assigns frequencies for use in Europe, or at least,
they claim they do. That looks a lot like ICANN to me!

Regards,

bert

> I would suggest that telephone books/directories are not an appropriate
> analogy. Rather, DNS is a lot closer to the internal plumbing of the net -
> more akin to Signalling System #7. I'd guess that for 95% or more of phone
> calls, the caller already knows the numeric phone number in question -
> while for the Internet, very few people give their email addresses as
> mfidelman@207.226.172.79 or http://207.226.172.79. Telephone directories
> are optional in most cases, DNS is not.

You are absolutely correct.

Telephone directories are most definitely *not* like the DNS.

I don't get this argument at all. A telephone white pages lookup takes a name [a-z + 0-9] and looks up a number [0-9]. DNS does exactly the same thing. The only difference is a hierarchical naming convention in DNS which specifies/delegates where the information is stored. The information could reside in the same place, or be distributed.

A directory is something that
can be searched with approximate matches. Because the DNS is
"D"istributed, it is literally impossible search it that way (and if
there were multiple roots then all users would really be up the creek
without the proverbial paddle!).

DNS can be searched up, down and sideways. It may change the normal query method or add additional transactions to a lookup, but it can be searched and indexed. The questions are "does the index scale" and "does it matter"?

Best Regards,

Simon Higgs

First off let me now blast you into oblivion for posting your response
to my *PRIVATE* message!!!!! That was a *REALLY* stupid thing to do.
You've now lost all the points you might have had in this game and gone
negative....

Hi Greg

Please let me apologise to you and other members of the list for posting my
reply publicly. This was unintended and accidental on my part. I don't know
how I made the error but I somehow thought that your post was onlist.

Fotunately there was nothing intensely private apart from your low opinion of my
abilities. I'd say that opinion has, if possible, sunk even lower now ;-).

You have also said about my posting of Karl Auerbach's work:

(quoting his entire proposal was also bad etiquette)

There are some strong views on these topics as you demonstrated with your
vigorous private message. I appreciate you are very competent but in other
cases these negative views are superficial and uninformed. Karl Auerbarch's
proposal is the only one that I have seen which explains an alternative
viewpoint impartially.

It may sound boorish given my mistake above but I am less concerned with
etiquette than I am with truth and justice. I don't believe that multiple roots
are necessarily a "bad thing" either technically or politically and I think this
will be proved in time.

Meanwhile that you for the references. I will discuss them with you later.

Anyway, I'm sorry it happpened.

Best regards
Patrick Corliss

Correction. That should say "thank you for the references".

Thank you, Greg.

Best wishes
Patrick Corliss

On Mon, Mar 19, 2001 at 03:38:54AM +1100, Patrick Corliss had this to say:
[snip]

We routinely use directory services in a multiplicity of forms -- telephone
books published by local telephone companies or entrepreneurs, 411 services in
various shapes and forms, web pages, or even on CD-ROMs (indeed a well known
Supreme Court case involved a telephone directory published on CD-ROM).

yes, and multiple directory services are a great thing. However, when I dial
+1.310.642.0351 it reaches the same number no matter where the call
originates, in what phone network, who my LD carrier is, who my local telco
is, or how many switches it passes through on the way.

Multiple equally valid 'root zones' will most certainly give rise to a situation
analogous to calling a phone number and having it ring at different destinations
depending on the point of origin.
[snip]

On Monday, March 19, 2001 6:35 PM (AEST)

(you can even live without DNS at all - use search engine instead... It's not
effective but possible yet).

Hi Alexei

Perhaps what you're talking about here is a "yellow pages" directory structure
that bypasses domain names and goes straight to IP addresses. If so, why not?

But there are other ways to communicate without domain names and this issue was
raised at the ICANN conference in Melbourne by Andrew Pam during the public
forum in the afternoon of Tuesday the 13th March. Unfortunately nobody,
particularly Vint Cerf, seemed to appreciate the importance of question that was
being raised.

Later I spoke to Andrew privately and he explained the workings of ICQ.

Which I understand is a method of communication that doesn't use the DNS.

Best regards
Patrick Corliss

> We routinely use directory services in a multiplicity of forms -- telephone
> books published by local telephone companies or entrepreneurs, 411 services in
> various shapes and forms, web pages, or even on CD-ROMs (indeed a well known
> Supreme Court case involved a telephone directory published on CD-ROM).

yes, and multiple directory services are a great thing. However, when I dial
+1.310.642.0351 it reaches the same number no matter where the call
originates, in what phone network, who my LD carrier is, who my local telco
is, or how many switches it passes through on the way.

But if you access, for example, www.bbc.co.uk there is no knowing which
of many machines you will reach, nor even what continent that machine
is on.

Multiple equally valid 'root zones' will most certainly give rise to a situation
analogous to calling a phone number and having it ring at different destinations
depending on the point of origin.

Yes. But we are already there and have been for a long time.

Because of the widespread use of NAT, proxy servers, round robin DNS,
local directors, and other such technology, a very large fraction of
IP traffic is already thoroughly "virtualized". Where transparent
proxy servers are involved, party A trying to access party B is
actually talking to machines owned by party C, which may be getting
the information from party D, with A, B, C, and D all being legally
distinct entities. The network operators keep all of this running
smoothly, although there are at least tens of thousands of such
schemes (NAT, [transparent] proxying, etc) in operation. Distibuting
the root of the DNS would be far less complex - and far less
vulnerable to spoofing and other such technical trickery.

I am not saying that it would be invulnerable, just less open than
the kaleidescope of trickery already in operation.

Later I spoke to Andrew privately and he explained the workings of ICQ.

Which I understand is a method of communication that doesn't use the DNS.

ICQ uses LDAP.

Alex

[ On Monday, March 19, 2001 at 17:11:32 (+1100), Patrick Corliss wrote: ]

Subject: Re: Multiple Roots are "a good thing" - Karl Auerbach

Please let me apologise to you and other members of the list for posting my
reply publicly. This was unintended and accidental on my part. I don't know
how I made the error but I somehow thought that your post was onlist.

Apology accepted. Just remember that I always set my reply-to address
as appropriate -- if your software works anywhere near close to properly
you'd not have been able to automatically make such a mistake.

Read carefully, Andrew McLaughlin is saying there's a need for uniqueness as
otherwise the same name will resolve in different ways. He is arguing, like
you, that the *only* way to resolve the problem is with a unique (read "ICANN")
root.

At the risk of being pedantic, he never actually says ICANN is the one and
only true unique root, thou shall have no other roots before me. You're
making an assumption there.

It wasn't that many years ago in the United States when there was one big,
monolithic telephone company.

Really? Even 30 years ago the phone company was a mixture of local
operators and AT&T.

It was taken as gospel by many that the stability of the telephone network
depended on there being one unified, monolithic telephone company.

We've seen through that. Today we have a flourishing competitive telephone
system filled with all kinds of commercial and technical offerings that were
inconceivable during the days of "Ma Bell".

I'm hard pressed to think of a CLEC that is "flourishing."

I assert that just like the telephone system can have multiple publishers of
telephone directory services, the Internet can have multiple roots to the Domain
Name System.

As a collective, we can't agree that
the sky is blue - how do you plan on us comming to a concensus on who
uses what TLD's? This isn't as cut and dried as a phone book... people
register domain names and expect that they are the only one with that
domain name, just as I assume when someone calls my cell phone number,
they are going to reach me, and not Uncle Billy's Country Store. I
expect when someone enters my host and domain that they're going to
end up at my host and domain, not where some local network admin
decides it should point to. Domain names are more permanant to users than
the IP addresses they resolve to.

In other words, you, or I, or anybody could establish a group of computers to
operate in parallel with, and not necessarily in administrative coordination
with, the legacy A-L.root-servers.net computers now operated by NSI, IANA, ICANN
and others.

We can all provide .xxx and have conflicts everywhere. That's a great
idea.

to find a server handling a TLD named in the query. In other words, a root
server only answers queries such as "Where do I find a server that contains the
list of names in .com?".

This brings us back to the orignal reason there's so much resistance to
the idea of multiple root zones... what happens when I point to server A
for .blah and you point to server B to server .blah.

What happens when we begin to think of the Domain Name System not as an
intrinsic core service of the Internet, but rather as an elective service that
can be offered by many providers and among which customers and user select based
on the packages offered by the providers?

Aha, the let's back DNS more like Usenet argument. I'll pass.

I'll give you a preview of the answer: We end up with a stable Internet with no
loss of reachability.

What do DNS and routing have in common?

Thus, a user of a root server system will perceive a Domain Name name space
composed of the TLDs in the store (the root server system) that that user has
elected to use.

With the average clue level of the internet user dropping like an acme
safe, I can hardly believe we're advocating makeing the system more
complicated for them to find where they want to go.

Now, I should mention, that when I say "user has elected to use", I don't really
usually mean the end-user directly. In most cases, the end-user will have
delegated the choice to that user's ISP or to his or her organizational
information manager. Of course, the technically inclined, such as myself, will
tend to make the choice for ourselves.

Of course, we're going to be barraged by phone calls "How come when I go
to foo.bar on AOL I get to website X, but when I go to foo.bar on your
service I go to website Y?" This is a great idea.

If we look at this through the eyes of a businessman operating a root server
system, we realize that there are two elements that the customers will care
about: TLD coverage and value added services.

The idea of considering DNS to be just another value-added service is
absurd.

The net result of all the root system operators following this strategy will be

chaos.

TLDs that are being contested are not very viable. Thus, if two or
more claimants were offering different versions of a TLD named ".foo", it would
be unlikely that any root system operator would add any version of ".foo" to the
inventory.

Hardly. I think we've seen enough poor practices and clueless marketing
folks think up just "great" ideas. Use our freeze-dried, oven-fresh, .foo
instead of UUnet's... it's terrific. Act now. Supplies are limited.
Hurry! Operators will be forced to carry one or the other due to customer
pressure. It's a lose-lose situation. You can offend all the customer
base by refusing to carry a contested TLD at all, or just the half that
wanted to go to Server X instead of Y.

This tends to remove the issue of TLD ownership from the current ICANN
regulatory framework and place it where it belongs -- in the traditional give
and take world of business and open market economics.

We can take the issue of NPA/NXX ownership from the current NANP
regulatory framework and place it where it belongs -- in the traditional
give and take world of business and open market economics.
Bah.

An example of a value added service would be that of filtration -- A root server

For an example of how this works in practice, examine the mess that is
Usenet.

standards. And it is a mechanism which allows any member to opt out of the
community, and its restrictions, simply by selecting another root server
operator.

Of course, it's difficult enough for many users to figure out how to send
an e-mail and/or assign a mail server to their POP client. We should be
putting more issues like this into their hands since we obviousally don't
spend enough on customer support yet. Or something like that.

Yes, there are other ways to achieve the same kind of filtering, but who are we
to say which methods are the most viable? Indeed, we should be careful not to
dismiss, or worse to foreclose, an area of Internet entrepreneurship simply
because we don't see the immediate value.

No, it has an immediate effect on the value of our companies. From a
provider point of view, it's going to seriousally increase suppport costs.
There's a direct negative effect.

One of the reasons is that the existing system has so far worked reasonably
well, so there has been little pressure. But there is a very strong secondary
reason -- those who have advocated or established a multiple root system have
been shunned by the technical community.

Rightly so.

There are a couple of usability issues that this argument conviently
overlooks. A telephone has a very simplistic interface and there are
people in the shallow end of the gene pool who still can't use them
correctly. Once you enter the number you want to dial, everything
associated with putting the call together is handled for you, and the call
is connected. A computer has the potential to be a much more complicated
interface, especially for someone who isn't all that computer-savvy. You
have to assign resolver addresses, assign mail servers and news servers,
have a username and password, etc. Everytime you switch ISPs, the set-up
is different... some do all the work for you, some expect you to do all
the work. I can understand where it would be confusing to some, therefore
I can't advocate making the system more difficult or confusing.

Further, the argument of DNS simply being a phone book is over-simplifying
the issue. DNS requires uniqueness because of the way that it's been
implemented. We use it in place of an IP address. The PSTN has
nothing like this. You can be damn sure that if someone was able to pick
up the phone and put in dever.call instead of dialing 11 digits, there
would be a procedure to make sure there weren't conflicts.

On my phone I get an error if I dial that.

I have to dial something else first to tell it that I'm looking for a
number that's not on my local phone network, but instead on the one
Bellsouth participates in.

On Mon, Mar 19, 2001 at 03:24:57PM -0500, Shawn McMahon had this to say:

On my phone I get an error if I dial that.

I have to dial something else first to tell it that I'm looking for a
number that's not on my local phone network, but instead on the one
Bellsouth participates in.

naturally, you have to include the right set of prefixes (correct TLD,
perhaps?). That example was picked with an eye towards brevity, not towards
accuracy for every case. In the US, that will work. Elsewhere, you may have to
dial +011 or whatever your local international prefix is.

My point holds true.

Why Dial 10-10-321?
  10-10-321 can save you money.... and so on

Call 1-800-COLLECT and save a buck or two!

10-10-220 - it's just 7 cents after 20 minutes (Newman's ads)

There's a whole slew of others, not to mention all the different pre-paid
calling cards, each with a different procedure for placing a call.

How is adding .new.net to the end of a domain name any different from
pre-pending 10-10-220 to a phone number? if you sign up with AT&T, the
10-10-220 becomes transparent, just as if you install the new.net plugin.

I don't see any end in sight to the 10-10-xxx services, or the calling card
companies, and there's no end to the spam - on and off line - about making
easy money in an all-cash business selling phone cards.

I don't think these outfits have customers leaving in droves. Long distance
is highly competitive, despite a boggling array of different ways to place a
call.

Shawn McMahon

How is adding .new.net to the end of a domain name any different from
pre-pending 10-10-220 to a phone number? if you sign up with AT&T, the
10-10-220 becomes transparent, just as if you install the new.net plugin.

The difference is that you use the prepending when YOU dial. People don't
have to do anything special to dial you. If they desire to dial
1+NPA+NXX+NNNN, they can. They don't have do do ANYTHING special as a
result of your choosing an alternate LD carrier.

You can't really think that this is the same as mucking up the root can
you?

I don't think these outfits have customers leaving in droves. Long distance
is highly competitive, despite a boggling array of different ways to place a
call.

Again. Different ways to PLACE a call. People calling you don't have to
guess which LD carrier you use to call you. Even to call you collect.

It's NOT the same and it's a bad analogy.

[ On Monday, March 19, 2001 at 16:36:28 (-0800), Mike Batchelor wrote: ]

Subject: RE: Multiple Roots are "a good thing" - Karl Auerbach

How is adding .new.net to the end of a domain name any different from
pre-pending 10-10-220 to a phone number? if you sign up with AT&T, the
10-10-220 becomes transparent, just as if you install the new.net plugin.

Ah ha! but that's an entirely different question than that of
considering multiple authoritative DNS "roots". Suddenly you elimiate
the technical problems entirely.

(not that long-distance provider "prefixes" have really done the
consumer any good -- most people just complain about the idiocity of it
all)