|
There is currently a discussion going on between Milton Mueller and Patrik Fältström over the deployment of DNSSEC on the root servers. I think the discussion exemplifies the difficult relation between those who develop standards and those who use them.
On the one hand, Milton points out that the way the signing of the root zone will be done will have a great influence on the subjective trust people and nation states will have towards the system. On the other hand, Patrik states that “DNSSEC is just digital signatures on records in this database”. Both are right, of course, but they do not speak the same language. It is just like saying that a spam e-mail which is RFC (2)822 compliant is a legitimate one. From a technical point of view, it certainly is. From a social point of view, it is still an annoyance.
There is this often expressed feeling in the engineering community that technological choices are politically neutral by design. Nothing is further away from truth, as has been demonstrated by people like Lawrence Lessig. The development of standards is done exclusively by companies. Notice, for example, that those attending IETF meetings do it on company time and budget. The actual users are absent. The logic that says that IETF meetings are open to all is flawed by the fact that an average IETF meeting will cost you around $1500 to attend. Hence, there is an economic barrier to the participation of individuals. Additionally, the influence you might have on a process is proportional to the consideration you get from your peers. Newcomers need quite some time to get accepted by the community, especially if they are not engineers.
Companies are driven by the market. If there is no potential market, there is no need to develop a new standard. A good example of this is the fact that you cannot yet send an e-mail to, say, brønshøj@københavn.dk or addresses in native Cyrillic, Arabic or Asian scripts. Pretty soon, the right hand side will be dealt with, thanks to Internationalized Domain Names (IDNs). But the use of non-ASCII character sets on the left hand side is still a not standardized. The EAI working group in the IETF has only been launched a few months ago. Why did it take so long? I guess that the need for this has only appeared in recent years. As long as the Internet was mainly used by the American / Western European world, being restricted to 7 bit ASCII was not much of an annoyance, if at all. Now that the user base has enlarged to include countries that do not use the Latin alphabet, it becomes a hot topic. However, it will take years before this can be implemented in the software we use every day. Notice, for example, that most operating systems today still require the user name to be in 7 bit ASCII.
Similar issues exist with RIRs, where again the actual IP address users are absent for the same set of reasons detailed above. However, which IPv6 prefix is going to be allocated by your ISP to your home network in a few years from now is an important one. Yet, those who are active in policy development at the RIR level are those very ISPs. The policy will be related to their commercial interest, which may—or may not—match the user’s interests.
End users are represented in ICANN. I am the first to admit that ALAC may be far from perfect, but it has the merit to exist and we can improve it. Isn’t it time for a similar concept for the IETF, the RIRs and all those bodies that have a crucial effect on our user experience while using the Internet? Being closer to user needs, with the filtering of the marketing department, may help prioritize the future developments.
Sponsored byWhoisXML API
Sponsored byRadix
Sponsored byCSC
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byVerisign
Patrick, Milton’s totally wrong dnssec in that, as Patrik points out, he simply doesn’t realize the trust model involved. Or prefers not to realize it.
Authentication and reputation are two entirely different things - and dnssec is like, to use a very crude example, checking that the movie name on your ticket matches the name that is up on the theater marquee, and matches the poster on the theater door. You get a dnssec signed zone, you know it is that zone.
The contents of the zone - or its reputation - have sweet damn all to do with dnssec signing of the zone.. any more than how good or bad the actual movie is has to whether the marquee and the poster assert that it is THAT movie and you’re not watching some other movie by mistake.
Similarly, the reputation of the signer, or the trust you place in the signer’s version of the zone, have little or nothing to do with the actual contents of the zone.
I saw Milton’s “panel” on “dns root zone management” at the IGF in Athens, and these very same arguments on dnssec got trotted out then, during intervals when Riaz Tayob, up on the panel, wasn’t quoting Mueller on this, and Mueller on that, like it was either gospel, or THE definitive last word on something or the other .. or, spending the rest of his talk bashing the Bush administration.
ps: The “participation issues” you raise are a bit specious, at least wrt the IETF, and to some extent, wrt RIRs.
If you argue that all end users are stakeholders and should be allowed to influence RIR policy - that is eminently possible.
Market forces, switching between ISPs etc etc - or those end users that actually know about IP address management and care enough about it can join RIR mailing lists and comment there, if they don’t have money to fly to RIR meetings.
BTW RIR meetings are open to anybody who cares to register and pay the entry fee. Remote participation is easy too - the meetings are audio/videocast, there’s a jabber chatroom running etc.
The very same with the IETF. If you think you are a stakeholder, and you can contribute meaningfully, participation in IETF WGs and mailing lists is wide open - you can participate by email, or join a jabber chatroom that someone or the other is running, if you don’t have funding or time to attend an IETF meeting.
A few important notes showing how far off-base this argument is.
- The straw man argument comparing the signature on the DNSSEC root with the From: address on an email message shows a deep lack of understanding of security. Anyone can who wants to verify a signature signed by the root can do so easily but you cannot easily verify the From: address on a message unless that message used another protocol such as DKIM. (Yes, the IETF has already standardized a solution for that problem.)
- The statement that There is this often expressed feeling in the engineering community that technological choices are politically neutral by design is not supported by facts. I cannot find many statements to that effect, and I certainly don’t here it often in the IETF.
- The statement The development of standards is done exclusively by companies is also untrue. There are many of us active in the IETF who are not affiliated with companies despite your attempt to make us invisible. Further, at a typical IETF meeting, there are multiple people from the same company who disagree with each other in the discussions. And further yet, much of the IETF standards work is done outside the IETF meetings. For example, I co-chair a WG which has done all its work on the mailing lists, never in the meeting. Some individuals are Working Group chairs, some are documentauthors, some just contribute to the debate.
- But the use of non-ASCII character sets on the left hand side is still a not standardized. Doing even a bit of research would help one would know that the IETF has been working on that for years; see http://www.ietf.org/html.charters/eai-charter.html. All are welcome to help, but be aware that there is a (reasonable) expectation that you will actually read the proposals and earlier discussion before stating an opinion.
- The last paragraph, comparing ICANN’s ALAC to the IETF, is particularly funny. ALAC has been shown to have absolutely no impact on ICANN’s process, whereas technically-minded individuals make significant contributions every day in the IETF.
Technical people interested in helping the Internet standards process should not be deterred by this article from finding out more about the IETF or other standards bodies that encourage indvidual participation (er, OK, there aren’t many other than the IETF that do that). All people who want to get more involved in how the Internet works should definitely look at joining ISOC (http://www.isoc.org), which has local chapters all over the world.
Oh, and Patrik Fältström’s name is spelled wrong in the article. Whoopsie.
Paul Hoffman said:
Thank you Paul, spelling corrected.
They are? Who exactly?
I am sure Milton Mueller considers himself an end user, for one :)
To be fair, ALAC does have quite a few clued people, that I respect, on it.
Paul Hoffman said:
Obviously, there is no RFC stating this. However, the usual ICANN/WSIS/IGF bashing I hear from several members of the technical community leads me to think that the political issues surrounding the standards development and implementation process are insufficiently taken into account.
I specifically linked to the EAI charter in my original post, so yes I did the research work and much welcome the what the EAI WG is doing. My remark was that we are far from seeing the specification being implemented. It is disappointing that such an issue of importance to non-English speakers is being only addressed now. How could we do to raise this sort of issue earlier ?
Regarding involvement, as I stated on the IETF list, there are potentially millions of capable people who do not get involved in the IETF work either because they do not feel inclined to do so, or cannot for various reasons.
Although I am concerned over the negative impact motorcars have on the environment, I do not get involved in designing cleaner motors. This does not mean the problem does not exist and should not be addressed.
Quite agree with you. As the founder of an ISOC chapter, one of my goals was to see how users could contribute useful input to the standards development process. My day-to-day experience is that it is, for the most part, a one way process in which chapters do the PR work to the local press and policy guys for the IETF. There is no formal process to send back information from the user community to the engineers community in an organized way.
So, why didn’t you say that instead of pretending that there is an “often-expressed feeling in the engineering community”? There is a huge difference between you having an opinion (technical people do not take political issues into account enough) and you saying that the technical community says they believe something which, in fact, they do not.
Do you not feel that there should be discussion of proposals before the specification is implemented? We have been actively discussing proposals for almost five years, and all of them have various problems. I don’t remember you being involved in the work that many people are doing, but I might have missed it.
And please don’t bring up the old canard of non-English speakers. This work has been being done by people all over the world with equal zeal and frustration.
So, help create a formal process. If you don’t feel like doing the work to help build the formal bridge, at least try to bring the results to the IETF informally, which is how a lot of work is started in the IETF. The IETF mailing list is open, and many ideas that start there organically become formal work items. Complaining about the absence of something you have not done any significant work on might not be the best way to get the results you want. Nothing in ISOC, the IETF, ICANN, and so on, happens without people willing to do the work.
1. There are only 3 face-to-face IETF meetings per year. While they can be productive and, yes, expensive to attend, that’s not where the real work gets done. The real work gets done on the open mailing lists, every day. In fact any agreement reached at a meeting must be confirmed on the working group’s mailing list. Anyone may participate. The IETF has many useful contributors who have never attended a meeting, do not belong to a “company” and well might not even have any obvious background in the topic. Their ideas stand or fall on their ability to attract support, not whether they come from an IETF insider.
2. The IETF has been adding internationalization to email since 1990. The current work has come so much later because it is difficult, not because it lacked user input.
3. Anyone who thinks that politics have been absent from the IETF’s recent internationalization efforts should read the record to discover how wrong they are.
4. The underpinning to successful Internet decision-making is garnering a broad base of support to a proposal. Any individual can come up with any wonderful or crazy idea they want. The existence of an idea means nothing. Getting support for it means everything. To that end, note that the proposal Mueller cites has garnered no support, while the views that Falstrom states represents the solid base of DNS technical AND operations communities.
5. It is always easy to criticize a process. It is always more difficult to do the hard work of developing a concrete proposal, with all its messy details, and convince a broad base of community participants to adopt it. Rather than criticize the absence of “users” from the IETF, please look for or provide concrete alternative specifications and a base of community participants willing to adopt them.
d/