Re: just a brief note about anycast

At 17:05 08/12/03, Eliot Lear wrote:
> Good documentation is also really important.  It turns out there is some 
> for F, at least.  See http://www.isc.org/tn/isc-tn-2003-1.html by Joe Abley.
No one denies the dedication of the root people. But this is the crux. 
"some documentation" ... for one machine.
Where are the published approved and certified procedures, agreements, 
insurance contracts, statistics, logger, budget, authorized people, 
clearances,  oaths, for every people, company, organization sharing into 
root management. Where is the law concerning the root management issues and 
impact. For example is a root failure legally considered as an act of God? 
Is tempering the root a special crime? Due to the possible impact on the 
life of people all over the planet, will it be judged by UN? Who is to 
investigate? Root means life and death nowadays.
Either we need the root system and it must match the basic surety rules for 
a critical infrastructure, or we just want to keep the fossil concept the 
way it was designed 20 years ago. Then UN/ITU or private industry or a new 
NGO or a new Gov technically and security certified type of operator is to 
find, propose, test, and deploy another solution. I suggest them to read 
carefully the very well crafted ICP-3 document. It correctly considers the 
end of the single authoritative root file concept. And documents the way to 
test new venues.
I am sorry to come again and again on this. I will do it until a special WG 
is created or IETF transfers the concern to ITU.
Because we must realize that - even brilliant and resilient - a 20 years 
old solution for an inter-university project designed for a single 
authority to keep control, and to provide a centralized (hierarchical) 
service, just cannot match today technical, legal and security 
requirements. The way business is transacted, government operates, and 
national defense is conducted have changed. These activities rely on a 
complex interdependent network of information technology infrastructures we 
may call "cyberspace" which includes Internet and different other 
technologies. We must accept that if the IAB/IETF do not takes it the same 
way as Govs, it will be removed from them. The world wants a new network 
approach, more equal, more secure, more stable, safer, more innovation 
oriented, respectfull of national digital independance and sovereignty and 
IS actually switching.
http://www.nytimes.com/2003/12/08/technology/08divide.html?th=&pagewanted=print&position

Today, every nations need and must be permited a strategy towards a 
national and global secure cyberspace IAB and IETF are to design and help 
the implementation. It will provide a framework for protecting this 
infrastructure that is essential to their economy, security, and way of 
life. In the past few years, threats in cyberspace have risen dramatically. 
The policy of governements is to protect against the debilitating 
disruption of the operation of information systems for critical 
infrastructures and, thereby, help to protect the people, economy, national 
security and societal relations of their nations. We all must act to reduce 
the vulnerabilities to these threats before they can be exploited - as it 
is so easy today with the DNS cf. the recent threads - to damage the cyber 
systems or polluting other portions of the DNS which support national 
critical infrastructures and ensure that such disruptions of cyberspace are 
infrequent, of minimal duration, manageable, and cause the least damage 
possible.
Securing cyberspace is a difficult strategic challenge that requires a 
coordinated and focused effort from the entire society?the  government, 
regional and local governments, the private sector, and the people. The 
cornerstone of a nation's cyberspace security strategy should be 
public-private partnership such as proclaimed by the WSIS. Only by acting 
together from every nation can we build a more secure future in DNS and 
cyberspace, our world of today. Also, the nations not sharing into the root 
management must find sovereign alternatives to protect themselves, their 
citizen and their economy from bad root management by the nation domining 
it, whatever the reason, and from their practical inability to quickly 
adapt in full and equal independance the portion of the root which may 
concern their immediate local situation after such actions as war, 
catastrophe, revolution, etc. and societal, cultural and legal rights. This 
is certainly a technical challenge since the DNS was not designed that way.
In the world critical root system area, Govs actions should include: 
forensics and attack attribution, protection of installations, indications 
and warnings, and protection against organized attacks or against the 
consequences of their international policy (political tensions, wars) and 
the acts of God. They should also support research and technology 
development that will enable the private sector to better secure the root 
and the DNS, not leaving the core responsiblity to "SiteFinder Inc." 
whatever the seriousness it puts into it.
Or more simply, may be kill the real time root servers concept and review 
the DNS as a non God centralized system? If there was nothing to protect 
because there would be nothing, we would risk far less from there.
Then?
jfc