[EURO-Discuss] Short bio for the election of the Euralo representatives to the ALAC

[JFC Morfin]

At 23:27 30/08/2008, Lutz Donnerhacke wrote:
>Because this point might be interesting in this election:
>I believe in a single root. Not a virtual one. A real single root.
>
>I *define an internet* as a transitive hull of computers connected using
>TCP/IP. And I *define the Internet* as an internet with contains the IANA
>operated DNS root servers.
>
>Please consider this very clear position in your vote.
>I'm a technical guy, I do not dream.

Dear Lutz,
I am afraid only non-technical guys are dogmatic: "The principle of 
constant change is perhaps the only principle of the Internet that 
should survive indefinitely." (RFC 1958).

As a result ICANN's position is extremely clear (ICP-3):

".. alternate roots are commonly operated by large organizations 
within their private networks without harmful effects, since care is 
taken to prevent the flow of the alternate resource records onto the 
public Internet."

"It should be noted that the original design of the DNS provides a 
facility for future extensions that accommodates the possibility of 
safely deploying multiple roots on the public Internet for 
experimental and other purposes. As noted in RFC 1034, the DNS 
includes a "class" tag on each resource record, which allows resource 
records of different classes to be distinguished even though they are 
commingled on the public Internet. For resource records within the 
authoritative root-server system, this class tag is set to "IN"; 
other values have been standardized for particular uses, including 
255 possible values designated for "private use" that are 
particularly suited to experimentation."

"As described in a recent proposal within the IETF,11 this "class" 
facility allows an alternate DNS namespace to be operated from 
different root servers in a manner that does not interfere with the 
stable operation of the existing authoritative root-server system. To 
take advantage of this facility, it should be noted, requires the use 
of client or applications software developed for the alternate 
namespace (presumably deployed after responsible testing), rather 
than the existing software that has been developed to interoperate 
with the authoritative root" ...

"In an ever-evolving Internet, ultimately there may be better 
architectures for getting the job done where the need for a single, 
authoritative root will not be an issue. But that is not the case 
today. And the transition to such an architecture, should it emerge, 
would require community-based approaches. In the interim, responsible 
experimentation should be encouraged, but it should not be done in a 
manner that affects those who do not consent after being informed of 
the character of the experiment."

"Experimentation has always been an essential component of the 
Internet's vitality. Working within the system does not preclude 
experimentation, including experimentation with alternate DNS roots. 
But these activities must be done responsibly, in a manner that does 
not disrupt the ongoing activities of others and that is managed 
according to experimental protocols."

"DNS experiments should be encouraged. Experiments, however, almost 
by definition have certain characteristics to avoid harm: (a) they 
are clearly labeled as experiments, (b) it is well understood that 
these experiments may end without establishing any prior claims on 
future directions, (c) they are appropriately coordinated within a 
community-based framework (such as the IETF), and (d) the 
experimenters commit to adapt to consensus-based standards when they 
emerge through the ICANN and other community-based processes. This is 
very different from launching commercial enterprises that lull users 
into a sense of permanence without any sense of the foregoing 
obligations or contingencies."


Most of the technical guys (such as the IETF) failed ICANN. With the 
current situation as a result. @larges carried the experiment. Tested 
the way virtual root should work, and the way it works today (I wrote 
a TLD Manager and Root Administrator Best Practices that was signed 
by several and discussed with Europe and Denic at that time). We do 
not intend to suffer from the lack of response of the IETF (I called 
upon three times in vain, asking to share in our ICANN conformant 
test-bed experimentation [dot-root project] that was reported at the 
time to Europe, ITU, Govs, etc. [in French]).


Today, I am sure many are ready to try to include DNSSEC in thier own 
system plans if you wish to help determine why it would be good, how, 
and how to test it. Specially the very young NSEC3. And how to adapt 
to the virtual root matrix.

However, I am sorry, I am a network architect and system designer, 
our members are @large Internet lead users. They are technically and 
politically aware. Our duty is to our fellow citizens and to our 
countries : we cannot back to 1983 when I was running the world 
"root" and interfaced the young Internet (RFC 920, Postel). Telling 
the ICANN BoD it is possible could be religious, but would not be 
telling the truth.

I will look carefully through your other mails. This is very 
ionformative and helpfull. Even if we may disagree on some points.
Thank you!
jfc