[gnso-rds-pdp-wg] [renamed] Key early questions
gca at icginc.com
Wed May 11 21:32:52 UTC 2016
Jim said that "If I’m unknown or inaccessible, and you don’t like my Internet behavior on your Internet infrastructure, then stop providing me service."
That's not the problem as I see it. The problem is when someone is using Internet resources to perpetrate abusive or criminal acts on other internet users. That abuse usually comes from another network. That's a reason why people need to know who the responsible parties are.
SSAC stated that it believes that law enforcement and security practitioners have a legitimate need to access the real identity of those responsible for a domain name. (See SAC055 "Blind Man and the Elephant" -- of which Jim was a co-author.) Trying to do that without a publication system (i.e. by calling up registries or registrars and asking "please") is impractical in the extreme.
Jim said he believes that "a great deal of trouble believing that an RDS is required to exist in order to ensure the operational stability of the Internet". FYI, on the numbers side, the RIRs seem to disagree. For example RIPE (existing under EU data protection laws) says it maintains an RDS for reasons that are both technical and legal, including:
"* Ensuring the uniqueness of Internet number resource usage through registration of information related to the resources and Registrants....
* Facilitating coordination between network operators (network problem resolution, outage notification etc.)....
* Providing information about the Registrant and Maintainer of Internet number resources when the resources are suspected of being used for unlawful activities, to parties who are authorised under the law to receive such information.
* Providing information to parties involved in disputes over Internet number resource registrations to parties who are authorised under the law to receive such information."
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of James Galvin
Sent: Wednesday, May 11, 2016 3:01 PM
To: gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] [renamed] Key early questions
While I have a great deal of sympathy for this point of view, I also have a great deal of trouble believing that an RDS is required to exist in order to ensure the operational stability of the Internet.
Logically, that argument presupposes that in order to connect to the Internet you are required both to identify yourself and to be accessible.
Well there are examples all over the place of how that is simply not true. Here’s three.
1. Enterprises routinely setup their infrastructures so that only known devices can connect to them. In addition, they also routinely fail to share that detailed level of contact information with the rest of the Internet. The enterprise contact information might itself be hidden behind a proxy or privacy service.
2. Access to the Internet is routinely provided to random unknown devices by all sorts of Internet cafes around the world. The Internet functions more or less just fine with these devices coming and going.
3. Nation states around the world are stating that contact information for Internet related elements may not be shared outside the nation state. The Internet functions just fine without this information being shared.
I am also deeply sympathetic to those who want to help, like when Comcast wanted to help nasa.gov to use Andrew’s example from a later message in this thread. However, just because Comcast wants to help is no reason to require an RDS. If NASA can’t be contacted then NASA loses. Comcast will have to deal with its customers some other way, which it ultimately did in this scenario and will likely do again when other circumstances require.
My point is simply, from a technical point of view, if I’m willing to accept your help then I’ll make myself known and accessible. If I don’t care then I won’t. If you want a clause in your terms of service to say that I have to identify myself and be accessible to the Internet in order to use your service that’s fine. I can choose a different service provider if I don’t want to abide by that service.
If I’m unknown or inaccessible, and you don’t like my Internet behavior on your Internet infrastructure, then stop providing me service.
The Internet of Things is coming, or may already be here depending on your point of view. Do you seriously think any other operational model is going to work?
On 10 May 2016, at 14:16, Andrew Sullivan wrote:
> I'm slightly concerned that we are forgetting in this discussion why
> we _need_ an RDS in the first place.
> On Tue, May 10, 2016 at 10:59:29AM -0400, Sam Lanfranco wrote:
>> ICANN has business interests in defining what data to collect,
>> accessible by whom and under what conditions. It also has business
>> interests, from within its remit, in the data relationship with its
>> contracted parties.
>> However, ICANN’s contracted parties reside within national
>> jurisdictions, and the relevant data is hosted within national
>> jurisdictions, so ICANN cannot unilaterally define what constitutes
>> legitimate data policy within its business interests.
> All of the above is something I agree with, but there's another
> important point. For good, sound, plain old technical reasons, it's
> important that operators be able to contact each other outside of the
> Internet, so that when stuff breaks it's at least logically possible
> that one could try to fix it.
> The key point is that this is not some peculiar business interest of
> ICANN, but instead a fundamental interest of anyone who uses the DNS
> (i.e. approximately anyone who uses the Internet). It's basic to why
> we have ICANN at all.
> None of this is an argument that _all_ the information in any
> particular RDS policy is what ought to be in the RDS. But at the same
> time, it seems to me that some views about RDS treat every data field
> as if it's a simple matter of political negotiation or something like
> that. They're not all that way. As an operator of actual technical
> infrastructure, I need to be able to contact someone who is causing
> problems on my network, and that ability to contact had better not
> depend on the Internet since the problem in question is likely to
> result from some sort of interoperation failure in the first place.
>> Some will brand this as the “fracturing of the Internet”. It is in
>> fact other jurisdictions taking responsibility for Internet
>> governance outside ICANN’s remit, but within their remit.
> I don't think that all of this is just about "Internet governance",
> any more than (say) port number allocations are a matter for Internet
> governance. Some of it is just a fundamental part of having an
> Internet at all. Remember, it's an inter-net because of the network
> of networks part. Interoperation is a fundamental part, not something
> you get to choose or not from a menu of available policy options.
> Best regards,
> Andrew Sullivan
> ajs at anvilwalrusden.com
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
More information about the gnso-rds-pdp-wg