On 05/12/2008, at 4:38 AM, David Conrad wrote:
John,
On Dec 3, 2008, at 9:33 PM, John Curran wrote:
As I read the draft, the IANA's role as a trust anchor is no
different
than any of the RIR's (i.e. each acting as their own trust anchor for
their own RPKI hierarchy):
Yes, that is my interpretation of the draft as well.
As written, the IANA might, at its discretion, decide to make use of
res certs, but that's not mandatory for this document to be useful.
I don't want to go too far afield on a meta-point, but in the Brave
New Internet in which we find ourselves, IANA does not do things at
its discretion. IANA implements decisions others make (presumably
via some community-based consensus) through IANA Consideration
sections or by specific direction of the IAB, IESG, etc. The
alternative would be "top down" decision making (oh, the horror) and
would require IANA staff to have a level of expertise in a wide
array of topic areas that is most likely not reasonable to assume.
With respect to the draft, if SIDR is indicating IANA needs to
maintain an RPKI trust anchor (regardless of what it is covering), I
believe an IANA considerations section needs to state IANA is
directed to do this. I understand that some folks are working on
appropriate wording.
WG CHair Hat Off
From time to time the IETF heads into areas where its role intersects
with the roles of other bodies, and its ability to direct the IANA to
do, or not do, certain things has some relationship with the roles of
these other bodies as well. In this case the draft's authors, namely
myself, George Michaelson and Rob Loomans, have been made aware of
some degree of intersection of interests between the RIRs and the IANA
in terms of the roles of various bodies in terms of the publication of
putative TA material that may be used by relying parties.
The draft deliberately does not prescribe any particular solution over
and above any other, but proposes a way in which the RIRs and IANA can
publish putative TA material in a manner that is useful to relying
parties, should they choose to uses this material as their nominated
Trust Anchors.
i.e. to state this clearly using wording comparable to David Conrad's
note, the draft does not provide any particular direction to IANA, and
while some folk may be off working on some appropriate wording to
suggest to add to the draft that does provide such direction, other
folk, including myself as a co-author of the document, are currently
of the view that the current wording is entirely appropriate for the
circumstance that we find ourselves in. No doubt the politics of the
formation of rough consensus gathering in the IETF will sort all this
out in the fullness of time.
My personal opinion follows:
The draft is not advocating that IANA does, or does not do any
particular action with respect to the publication of TA material. In
looking at the abundance of heat and absence of light that the topic
of IANA signing of the root zone of the DNS has managed to generate
over the years so far, and with the end still not yet in sight, and
with the various statements of vague equivocation being made by many
bodies, including that of the IAB (!), its all to easy to see that
this general topic of the assumption of a "root" authority is one that
is not simple, and that this topic when related to the address space
may well bring out many more interests and many more perspectives than
are evident in the current set of interested parties in the SIDR
discussion. It would've been a tragedy, and perhaps a fatal one, if
the DNSSEC standards had been contingent on the adoption of a single
nominated process for iANA to sign the root zone of the DNS using IANA-
generated keys. Obviously the DNSSEC documents would not have been
published as RFCs yet, and the DNSSEC specifications would still be
sitting in some strange half life as quasi-standards awaiting the
termination of a process that is both overly political and potentially
non-terminating! The signal that would give to DNS users as to the
viability of DNSSEC would be less than a wholesome endorsement.
I personally see no merit whatsoever in consigning the SIDR work into
a similar indeterminate twilight awaiting the termination of a
political process that really has no clear outcome once the matter
really gets the level of heat applied to it over the expression of
national political interests into the Internet's infrastructure. Once
the issue of authority over the address space is raised, then in the
same fashion as the DNS where the matter has headed off into the realm
of international politics, I personally suspect that we would see a
statement of overarching interest being made by the NTIA within the US
Government, citing some continuity of USG address management dating
back through to the ARPA programs, and I also suspect that we'd see
strong, perhaps vehement, statements of opposition coming from other
national interests who would take the view, with some rational
foundation, that one government has no right to hold such a privileged
position with respect to an international public network while all
other governments and treaty organizations are shut out of the process
completely. The alignment of interests that are vehemently opposed to
the USG exercising such a special role, and in particular given the
rather unique ability to undertake a revocation apply a new level of
political concern to the picture. It may well be that this particular
looming political imbroglio over the authority of the address space is
unavoidable, and that no matter what the IETF does or does not do, we
are going to have to ensure the political stoush. Or, just maybe, we
in the IETF can attempt to avoid the issue to some extent and insist
that beauty, or in this case the choice of Trust Anchors, is in the
eye of the beholder, or in this case is in the eye of relying parties.
Maybe its better for the IETF to avoid being prescriptive as to where
or how putative trust should be asserted as a part of the IETF's
technology standard, and allow the technology to progress and be
published as an Internet Standard without being stalled up on an issue
which is not readily tractable given the breadth and diversity of
interests. But some folk are perhaps more interested in politicizing
the IETF and its outcomes, and forcing the IETF to take a stance that
may well be interpreted as an outrageously partisan stance from a
broader international political perspective. I _personally_ would view
that development with some sorrow, as I suspect that we've seen too
much of the IETF being branded as the compliant lapdog of a single
government's interests for the past two decades, and as the IETF we've
strived to get beyond all that and concentrate on developing and
standardizing technology to the best of our collective abilities in
the same fashion as, or hopefully better than, any other international
standards organization. The way we've done that is to avoid taking
sides arbitrarily in political debates and attempting to look at
situations as objectively and as rationally as possible and perform a
scoped task that relates to the development of technology. A little
more of that form of rational process would, I believe, assist the
SIDR WG to make the appropriate call here as well.
Geoff
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
