Dan and John,
Thanks for the exchange last week. As chair of ICANN's Board of Directors and
an active participant in ICANN's current effort to take a fresh look at the
Whois architecture and operation, your notes catch my attention in multiple
ways. But first, for the benefit of under forty crowd, let me briefly
introduce myself. In the late 1960s I chaired the ARPANET's Network Working
Group, which eventually morphed into today's IETF. I created the RFC series
and I was one of the architects of the three facets of openness that are the
foundation of the Internet protocol process, viz open architecture, open
participation and open publication. In the late 1980s and early 1990s I served
as the first area director for security and later on the IAB. I also
co-chaired the POSIED Working Group that revised the standardization process,
moving the authority from the IAB to the IESG, and in the mid 2000s I served on
the ISOC board and participated in the formation and initial operation of t!
he IETF Administrative Support Activity (IASA) and I served on its IAOC. For
the past 11 years I've been active in ICANN, serving for several years as the
chair of the Security and Stability Advisory Committee and also on the board of
ICANN, and about two years ago I was elected chair of the ICANN board. And
despite having spent a great deal of time in management and political roles in
this environment, I remain fundamentally a technical person.
I want to share two thoughts, one about the role of the IETF, ICANN and other
organizations within the Internet ecosystem, and one about Whois.
The great strength of the IETF is it's a forum for technical people to come
together, work out the details of protocols, and publish consensus documents.
The IETF does not have any formal powers granted by legal authorities. IETF
standards are effective because they're accepted and they work, not because
they're imposed on anyone. IETF standards are respected around the world
because they embody the wisdom and experience of the technical community. No
one is obliged to use the protocols created within the IETF, but, of course, a
huge portion of the world does use these protocols.
ICANN was created in 1998 to operate the IANA function and to expand and
organize the marketplace in domain names. The IANA function is fundamentally a
clerical service. It records the assignment of unique identifiers that are
used throughout the Internet, and it does so in accordance with the values and
policies established by the community. The IANA service includes publication
of the IETF's protocol parameters, allocation of blocks of AS numbers, IPv6
address blocks, and, until recently, IPv4 blocks to RIRs, and administration of
the top level of the domain name hierarchy.
Like the IETF, ICANN is also an open organization. ICANN meetings are free,
and a veritable ocean of documents are published regularly, many in multiple
languages to increase availability.
ICANN is purposefully organized to include participation from a range of
communities, e.g. business, civil society, governments, and the technical
community. As I write this, I am at a retreat for the ICANN Board focusing on
strategic planning. One of the seats on the Board is allocated to a liaison
from the IETF, and thus I am actually sitting at the time I drafted this note
in between Thomas Narten and Jonne Soininen, the outgoing and incoming IETF
liaisons to the ICANN Board.
One of the large and often time-consuming activities within ICANN is the
development of policies that pertain to the domain name system. John Curran
wrote:
To be abundantly clear, you are hypothesizing a difference of opinion between
the
IETF/IESG and the ICANN/RIR communities, wherein the technical guidance of
the IETF
was considered during the ICANN/RIR decision process, but in the end the
outcome was
contrary to IETF expectations.
This would be an unfortunate (but not impossible) situation, as many folks in
the
combined community would likely have been involved during the process trying
to
figure out why there is such a significant difference in views and
facilitating
sharing of the beliefs and thought processes that underlie the situation.
I agree completely with John. It is indeed possible for ICANN to adopt
policies that are not perfectly aligned with IETF recommendations. Possible,
but not usual. Over here at ICANN we pay a LOT of attention to the IETF. We
depend heavily on the IETF's work and we never seek to duplicate or ignore it.
(I sometimes have to explain to my colleagues at ICANN who have not had the
benefit of the IETF experience that "let's send it over to the IETF" doesn't
work. The IETF isn't a standing army ready to do ours or anyone else's work.
Rather, I say, it's a place where the relevant people can get together to get
their work done. And, indeed, a number of ICANN people actively participate in
various IETF working groups.)
The roster of topics active within ICANN at any given time is fully documented
and publicized, and I invite anyone who is interested to participate. We
listen to everyone, and we publish tentative results, tentative policies, etc.
for everyone to critique.
Let me now turn to Whois. The Whois system's origins go back to the earliest
days of the Arpanet. The roles of technical point of contact and
administrative point of contact were usually the system administrator and his
administrative manager for the time-sharing system at the laboratory at that
site. Each time-sharing system served somewhere between a few dozen and a few
hundred users. The users were not listed, just the administrators for the
system. There weren't really any issues of accuracy, privacy or
accountability. Today, of course, these terms apply to the registrants and
supporting personnel for *each* domain name, and there are well over
100,000,000 domain names registered just within the generic top level domains.
The country code top level domains are roughly the same number, and their Whois
structures and policies are each controlled by the individual ccTLD operator
and their communities.
Last November, the ICANN Board accepted the recommendations of the Whois Review
Team, an expert group commissioned under the Affirmation of Commitments (AoC)
ICANN signed with the U.S. Department of Commerce in 2009. The terms of
reference included in the AoC continued the original model that the structure
of Whois remain the same and that access be free and available to everyone. A
number of us on the ICANN Board had been concerned for a long time that purpose
of the Whois system had evolved far away from its original purpose, and that it
was well past time to take a fresh look at the entire system. Accordingly, the
Board initiated an effort, in parallel with acceptance and implementation of
the Whois Review Team's recommendations, to start with a clean slate and think
through whether we might be better served by a revised system. An expert
working group was assembled and is currently working through these issues. Its
output will be a consideration of the issues and re!
commendations for further work. It is not yet clear whether the result of
this effort will lead to a large change, a small change, or no change at all.
What is clear is that the results of this working group will become fully
public, and any decisions will come through our usual policy development
process.
As I said above, I invite anyone who is interested to participate.
The IETF, ICANN, the RIRs, ISOC, W3C and other organizations have all arisen
within the ecosystem that accompanies the growth and prevalence of the
Internet. It is natural for there to be some tension, competition and rivalry
among our institutions, but we have all been part of the same grand enterprise,
we all share the same core values, and we all work toward the same goal of an
open, innovative, expanding Internet.
Steve Crocker,
Chair, ICANN Board of Directors
On May 17, 2013, at 2:13 PM, John Curran <jcurran(_at_)istaff(_dot_)org> wrote:
On May 15, 2013, at 7:50 PM, David Farmer <farmer(_at_)umn(_dot_)edu> wrote:
So lets play a little hypothetical here; What if an RIR or ICANN through a
global policy decided Whois Data no longer should be public for overriding
privacy reasons. My read of Section 5, is that would be proper path for
such a change, and long as the technical guidance of the IETF is considered
in the process. But then through RFC 2860 and Section 5, if the IETF
objected on technical or architectural grounds, and formally through the
IESG, then the IAB would essentially adjudicate the issue. And ICANN or the
RIR are obligated to accept the decision of the IAB. Do I have that right?
To be abundantly clear, you are hypothesizing a difference of opinion between
the
IETF/IESG and the ICANN/RIR communities, wherein the technical guidance of
the IETF
was considered during the ICANN/RIR decision process, but in the end the
outcome was
contrary to IETF expectations.
This would be an unfortunate (but not impossible) situation, as many folks in
the
combined community would likely have been involved during the process trying
to
figure out why there is such a significant difference in views and
facilitating
sharing of the beliefs and thought processes that underlie the situation.
(btw,
these types of efforts happen in more contexts than just the hypothetical one
you
suggest, and are a good reason to ask "Have you hugged your AD recently"? ;-)
To be clear, I'm not advocating Whois should or shouldn't remain public, or
that anything is wrong with the Section 5. This just seemed like a
plausible hypothetical to explore how the puzzle pieces work together to
make the Internet Numbers Registry System. Also, I just want to fully
understand what Section 5 really means.
Ultimately, your hypothetical situation could result in the breakdown of the
present
relationship between IETF and ICANN/RIR organizations (ref: RFC 2860, section
2), with
otherwise indeterminate consequences... i.e. "It would be bad." When the
various
Internet organizations are aligned in the coordination of Internet critical
resources
(DNS, IP addresses, protocol & parameter #'s), then the result is well
understood.
We lack experience with the alternative, and it is not clear whether chair
remains
upright when missing one or more legs.
FYI,
/John
p.s. Disclaimer: My views alone.