[NA-Discuss] A contribution to a NARALO comment on the ICANN Draft 2011-2014 Strategic Plan

Eric Brunner-Williams ebw at abenaki.wabanaki.net
Sat Jan 8 17:36:33 UTC 2011


A contribution to the NARALO comment on the ICANN Draft 2011-2014 
Strategic Plan, organized as four sections, addressing the Plan Areas of:
	I. DNS stability and security,
	II Core operations including IANA,
	III. Consumer choice, competition and innovation, and
	IV. A health internet eco-system.

As ICANN is known to lack strategic purpose this comment attempts to 
remove what can't usefully be strategic. An afterward states the 
author's recommendations for the organization's current strategic plan 
elements.

I. DNS stability and security

This section contains four strategic objectives: (i) Maintain and 
drive DNS uptime, (ii) Increase security of the overall systems of 
unique identifiers, (iii) Increase international participation, and 
(iv) Coordinate DNS global risk management.

(i) The first strategic objective is unclear whether the 100% DNS 
uptime refers to the A-M rootservers, or to the 
{.arpa,.mil,.edu,.gov,.int, .com,.net,.org} authoritative gTLD servers 
which pre-exist ICANN, or to the authoritative gTLD servers created by 
ICANN, or to authoritative ccTLD servers, or to AS112, or to the 
recursive servers operated by content and access network operators, or 
... nor where any measurement of "uptime" might be conducted.

A strategic objective which is incomprehensible is usually the sign 
that the entity lacks internal clarity on the subject matter and is 
unable to prioritize and select achievable objectives.

The A-M rootservers are fine, there is no urgent issue there.
The {.arpa,.mil,.edu,.gov,.int, and .com,.net,.org} authoritative gTLD 
servers are fine too, though the .mil operations could be improved, 
and the .gov operator is scheduled to transition.
The {.biz,.info,.name,.pro and .aero,.coop,.museum} authoritative gTLD 
servers are acceptable, problems exist but not at the level of some 
strategic effort that has to put "change" before "stability".
The {.asia,.cat,.jobs,.mobi,.travel} authoritative gTLD servers are 
also acceptable, problems exist but not at the level of some strategic 
effort that has to put "change" before "stability".

That leaves the ccTLDs, for which no "strategic goal" is possible now 
that the botched attempt to force ccTLD operators to enter into 
contracts or be unable to update their entries in the IANA root zone 
is an unpleasant memory, AS112, and recursive resolvers widely known 
to be providing synthetic (monitized) returns for most broadband users 
in North America -- a situation that does call for a strategic object, 
following through on the Board's Sydney Resolution on NXDOMAIN 
Substitution (DNS Wildcard and Similar Technologies).

A strategic goal of reducing incorrect synthesized DNS responses by 
some measurable amount would be credible, and useful. Absent that, 
this is just a bag holding secondary objectives -- continuity and v6.

(ii) The second strategic objective errs significantly.

First, if 30 ccTLD operators in developing countries sign their zone, 
that is a poor predictor of whether when the key's for those signed 
zones expire that the 30 ccTLD operators in developing countries, who 
are generally technical assistance recipients through the Network 
Resource Startup Center, that key rollover will be conducted successfully.

Second, developing countries have autonomous agendas, and if ICANN is 
flirting with returning to the unhappy model of "enter into contracts 
or else" by placing the Marina del Rey agenda for zone signing ahead 
of the autonomous agendas of developing countries, there will be 
issues. ICANN pushed cost on ccTLD operators in developing countries 
by declining to pick up the rather small costs of their participation 
in the Conficker .C response. There was some real bitterness about 
John Crain's communicating, and the color of an ICANN endorsed urgent 
communication to burn local time and money preventing bad things from 
happening to North American and European end users through spam and/or 
maleware targeting by the .C enabled users of the Conficker platform.

Third, fixing .com comes a bazillion years ahead of fixing .name, 
which is larger than all 22 ccTLD operations where Arabic is the 
primary spoken language, or all of Africa, less South Africa, or ...

If this were a proposal to improve the performance of some system by 
working on code paths visited less than 1% of the time, the eager to 
optimize coders without a clue would be given other responsibilities.

The real item to work on here is the routing (not "resource") public 
key infrastructure, securing BGP and detecting AS Prepending attacks, 
which mercifully appear at present to be fatfinger events, not 
information operations by motivated and competent parties pursuing 
rational economic or other policy goals.

The buried lede is the most important and overlooked task, and this, 
not uptime, is what is important.

Fortunately, the RPKI infrastructure is being rolled-out in the ARIN 
region, and has been rolled-out in other regions.

(iii) The third strategic objective makes reference to the "DNS-CERT".

Please see my public comments archived in the stratplan-2010 at icann.org 
mailbox at:
http://forum.icann.org/lists/stratplan-2010/msg00027.html

The addition of the IDN version of the perenial WHOIS foodfight is a 
mistake. Whatever the value of adding UTF-8 or local encoded data into 
WHOIS output may be, it isn't DNS stability and security. This kind of 
junk detracts from the real issues.

(iv) The fourth strategic objective fails to mention the Conficker .C 
facts, so the most recent "global risk management" event of import is 
overlooked. This is unfortunate as there really is a lot to be learned 
from the response, even to a non-event, about cost, timeliness, and 
accounting.

Over all, there really is no reason why most of the ccTLD operators 
outside of North America and Europe should pay any attention to 
ICANN's DNS stability and security StratPlan component, and that is 
not in the public interest of North American internet users, who do 
not need ICANN to be ignoring development goals for false objectives 
and bandaids.

II. Core operations including IANA

This section contains four strategic objectives: (i) Continued 
flawless IANA operations, (ii) L-Root operational excellence, (iii) 
Efficiency and effectiveness of operations and (iv) Strengthen 
international operations and presences.

(i) The first object posits the utility of the EFQM model to IANA 
operations, and this simply doesn't jib with my experience consulting 
on the IANA function reporting project in 2007. Further, the SLAs to 
which the EFQM might, or might not be relevant to originate from the 
IETF for protocol assignments. While the epoch in which the IANA 
function was administratively restrained from timely responses to 
requests for zone file updates from ccTLD operators until those ccTLD 
operators entered into a contract is now an unhappy memory, this too 
is an unlikely source of SLA commitments which could benefit 
significantly by the application of the EFQM model.

If ICANN is to secure a renewal of the IANA contract, it is at least 
as likely that the merits of ICANN's renewal bid are the qualitative 
services necessary to manage a mixed signed-and-unsigned zones, and 
the qualitative services necessary to introduce RPKI, as the 
quantitative execution of a formal quality model indifferent to the 
current, and future services performed by the IANA function.

(ii) The second objective pursues a mission outside of ICANN's core 
purpose. Running the L-Root is about as peripheral to ICANN's purpose 
as being an ICANN Accredited Registrar is to AOL or France Telecom or 
British Telecom. It simply isn't important.

Next, the other root servers are run by Verisign-A, USC-ISI, Cogent, 
UMaryland, NASA, ISC, DISA, BRL, Autonomica, Verisign-J, RIPE NCC, and 
WIDE. How on earth is ICANN going to "lead by example" or "be 
recognized as a top-tier root zone manager"? What motivates ICANN to 
embark on a (probably futile) pecking order mission to provide clue to 
any of, let alone all of, the other root server operators?

A reasonable strategic objective would be to find a qualified operator 
for the L-Root that would meet some unmet policy goal such as 
geographic diversity and schedule the transition so that ICANN could 
get out of registry operations and focus on its core mission.

(iii) The third objective I still don't believe. What on earth does 
the IANA function have to do with the Policy Development Process the 
Names Council has adopted? The suggestion that the execution of the 
IANA functions services deliverables to the GNSO's PDP, pre- or 
post-reform, requires strategic attention indicates that either due to 
errors in wordsmithing, or leadership (of ICANN and the IANA) changes, 
that the relationship, never very significant, between the original 
DNSO, now GNSO, and the IANA, is not understood.

(iv) The fourth objective mentions, inter alia, engagement with the 
IETF and the root server operators. Please add the RPKI communities of 
each of the RIRs.

(v) The fifth objective is without quantifiers. What are the strategic 
goals for financial controls, capacity, etc.?

III. Consumer choice, competition and innovation

This section contains five strategic objectives: (i) More IDN TLDs, 
(ii) Increase Regional participation in the industry, (iii) Mitigate 
malicious conduct, (iv) Foster industry innovation, and (v) Promote 
fair opportunities.

(i) When CNNIC turned on its name server constellation the ground work 
for the .中国, .公司, .网络 and .政务 and .公益 IDNs was laid. That 
the ground work lagged behind elsewhere is water under the bridge. If 
the principle of "consumer choice" is to be meaningful, it is 
consumers who's choices inform policy makers, not producer choices. At 
present more than a million users use these IDNs. The strategic plan 
should place their interests ahead of the legacy operator interest in 
capturing lucrative markets.

It is impossible not to observe in passing that the strategic goal of 
"more languages and cultures" is subordinate to the strategic goal of 
a single application process, which as has been observed elsewhere, 
benefits “a group of participants that engage in ICANN's processes to 
a greater extent than Internet users generally”.

(ii) Continued financial support for the NSRC's IROC, AROC, SROC 
offerings is a reasonable goal.

(iii) The "malicious conduct" construct has, thus far, avoided mention 
of the causes for operational capability of actors that engage in 
conduct characterized as "malicious". It is primarily an individual 
morality construct, carefully omitting the business models which 
create the financial incentives as well as the technical means for 
"malicious conduct" on a global scale.

Signing zones as a consequence of the discovery that cache poisoning 
could be accomplished in seconds is a reasonable response to the 
discovery of a economic development in attack cost.

Ignoring the non-adoption of BCP-38 and other forms of industrial 
externalization of costs, to ccTLD operators in the Conficker .C case, 
is not a reasonable response to a long-standing problem.

Morality as policy is fine on TeeVee. It is a profoundly dull tool for 
network policy making.

(iv) No comment.

(v) Reference to the area of work undertaken by the Joint Applicant 
Support Working Group is gratifying.


IV. A health internet eco-system

This section contains four strategic objectives: (i) One unified, 
global internet, (ii) Building stakeholder diversity, (iii) Improve 
communications and (iv) Ongoing accountability and transparency.


(i) The first section contains the alarming possibility that the 
overwhelming contributions of volunteer time, paid staff, and expended 
resources committed to the new gTLD program since 2006 have only a 
"potential" to realize a single new community-based or public interest 
registry.

Leaving the merits of forming corporate vision and mission from a 
sample of semi-random responses to a social networking technology that 
amounts to little more than an IRC client (who's operator collects and 
monitizes personally identifiable information about its users), there 
are the implicit limitations of this "vision".

Nearly all of ICANN's contractual counter-parties to registry 
agreements are legally domiciled in the North American Region, and 
with the exception of name server constellations, are operationally 
contained in the North American Region.

The same is true of the approximately six hundred of its (wildly 
shell-registrar inflated) nine hundred counter-parties to registrar 
agreements, four of which alone account for 50% of all gTLD registration.

It is in the public interest that public policy is informed by data 
and both the failures, and the successes, of policy choices, can be 
discerned and outcomes understood in terms of causes and effects.

Legal barriers particular to the North American Region's legal culture 
prevent research access to operational network infrastructures for 
reasons of economics, ownership, and trust (EOT).

These must be reduced if policy making is to be informed by knowledge 
rather than by belief.

For reasons of operational necessity a constellation of name servers 
was activated by CNNIC in November, 2001. Since early 2008 this 
constellation of name servers has provided service to more users in 
Asia than the original constellation of name servers provides users in 
North America.

The Vision Statement should be amended to correct the impression that 
some more fundamental management problem exists than managing the 
sources of policy errors which have necessitated the existence of the 
CNNIC root server constellation, and the continued necessity for 
divergence between these two root systems.

It is not in the public interest for North American internet users to 
be unaware that errors of judgment have, and may further partition 
"the internet".

These two changes to the Vision Statement may be expressed as:

"Informed by data, divided only by necessity."

(ii) The second strategic objective contains a gratifying reference to 
ALAC, though the language reads "representing" rather than "elected 
by" when referring to a seat on the ICANN Board.

(iii) The third strategic objective seems under developed relative to 
the other three, and adding a technical and policy journal, similar to 
the work Ole Jacobson has been doing, initially for Dan Lynch's 
InterOp, and subsequently for cisco, in his Internet Protocol Journal, 
would be more useful than more web ephemera.

(iv) The fourth strategic objective references fact-based policy 
development and decision making.

Data as a necessary predicate condition to "ensure the stable and 
secure operation of the Internet's unique identifier systems", is 
absent. This is very unfortunate as in practical terms, for each year 
of the past decade, persons with nothing more than beliefs, which may 
as well be religious beliefs, have dominated ICANN's policy making.

The available data is not good. We are running out of addresses, and 
therefore must make a partially planned transition without widespread 
testbed experience of the new infrastructure. The routing system too 
is at the limits of its scalability. There are pervasive peer-to-peer 
overlay networks which are incongruent with economic models, and 
therefore the source of fundamental legal struggles over ownership and 
control. The security and stability of the naming, addressing and 
routing infrastructure is problematic, independent of anything ICANN 
is on record contemplating as its plan of record.

Absent operational data concerning unique endpoint identifiers, unique 
routing identifiers, and protocols, stable and secure operations are 
indistinguishable from instable and insecure operations.

The DNS remains a private resource, where access to profoundly 
important operational data necessary for basic research on the range 
of meaningful policy alternatives is at the whim of commercial 
entities acting under private law.

Afterward:

Having spent 2004-2009 primarily "off-the-grid", that is, responsible 
for power, connectivity and bandwidth while residing in rural venues 
in North America, improving access to the net, for the residents of 
California rural farmworker housing cooperatives, Prairie Provinces 
and High Plains States native reservations and reserves, and isolated 
populations such as Appalachicola as exemplars of an broad area of 
unmet need seems like a reasonable "increase residences served" 
strategic goal.

Having been in and out of the network and registry operator 
communities since the NIC was at SRI the mid-80s, getting behind and 
assisting the adoption of RPKI in the ARIN region also seems like a 
reasonable "improve resiliency" strategic goal.

Having recently reviewed the Final Report of the ACM K-12 Task Force 
Curriculum Committee, commissioning a model "What is the Internet" 
unit of curriculum for primary, non-STEM secondary, and tertiary 
classroom adoption also seems like a reasonable "informational" 
strategic goal.

Moving outside the self-similar comfort zone of corporate and suburban 
residential service and marketing profiles

Thank you for taking the time to read this lengthy comment on the 11 
page 2011 - 2014 Strategic Plan.

Eric Brunner-Williams
Unaffiliated NARALO Member Representative





More information about the NA-Discuss mailing list