Re: Revisiting - Re: Now: Next Generation Domains and DNS -- Was: Re: No More Central Authority: Not NSI/ICAN! Not ORSC!

["JFC (Jefsey) Morfin" <jefsey@jefsey.com>]

At 23:00 06/08/02, Fred Baker wrote:
>At 03:13 PM 8/6/2002 -0500, Stephen Sprunk wrote:
>>Perhaps having multiple roots *with identical information* would be 
>>stable and
>>workable, but that requirement inherently negates the motivation for having
>>multiple roots.
>
>from that perspective, we have multiple roots now - 13 of them - and call 
>it a "single root". The reason we can call it that is that they are 
>indistinguishable from one another from the perspective of the information 
>they deliver - ask any of them for example.com and they will invariably 
>point you to a .com server, and if you ask a .com server, it will point 
>you to the appropriate prefix for that name.

Dear Fred,
This is a very interesting comment. Actually what you call "root" in here 
is the master file.

1. the data of this master file must be collected
2. that master file must be generated
3. it must be loaded into the alpha server
4. it must stay uncorrupted in  the alpha server
5. the alpha server must stay in operations
6. it must be disseminated to the other root servers
7. it must stay uncorrupted in each server
8. the servers must stay in operation in a large number enough (nine right 
now?)
9. it must be responded to resolvers
a. connectivity and delays to the resolvers must be reasonable enough
b. the global demand load must be match by the root server system capacity
c. all this under any circumstances: incidents, war, terrorism, hacking, 
catastrophe, development, new technologies
d. in ways matching 189 local national laws, governmental emergency decisions
e. through the evolution I suggested towards DNS2 and DNS+ services
etc.

No process is fool/hacker/manager/politically/military etc. proof: some of 
the processes above are definitely not, or are at least subject to real 
world threads, loads, instabilities and states' sovereign decisions.

Multiple parallel asynchronous root servers clusters are the only response 
to that problem (at least three clusters and probably much more). Each 
cluster being managed asynchronously according to identical specifications, 
separately accessing possibly mirrored information sources and possibly, 
operating different technologies, each cluster monitoring the others for 
consistency. When a cluster reports an inconsistency the reported and the 
reporting clusters are to be frozen and investigated. Secure requests being 
obtained by multiple identical responses.

As ICANN ICP-3 suggests it, this calls for investigation, testing, 
development, validation and documentation. This is the target of the 
"dot-root" project we started one year ago. So far we have worked on the 
stability of the management of an experimental mini-root system, on the TLD 
data collection process and a generic TLD manager. We have also carried one 
year of active political lobbying to get support for that project. From the 
obtained interest/support we started organizing it (still mostly documented 
in French). I informed ICANN as it may affect their ERC thinking. The plan 
is to have the site in French, Spanish and English, an open mailing list 
and some prospective partners (we target 30) by early September. The target 
is to enter the EU R&D sponsoring cycle to have four initial projects 
sponsored: a request simulator, an e-learning system, a generic TLD manager 
and the data collection system.

All this is intended to be "done in a manner that does not threaten the 
stability of name resolution in the authoritative DNS. Responsible 
experimentation is essential to the vitality of the Internet." (ICP-3). We 
certainly aim at studying the possible "ultimate introduction of new 
architectures that may ultimately obviate the need for a unique, 
authoritative root'" (ICP-3). A draft memo on that can be found under 
http://dot-root.com/icp3.pdf .

I took advantage from your mail to introduce the project. But let me be 
clear, this is just a project open to all those who want to bring a machine 
and their competence in. At this stage we just try to gather machines, 
teams, basic objectives and competences. I do not know if this will go 
through, but from the intelligence we gathered, multiple roots will be more 
than probably under test operations by end of 2003. My hope is that it can 
also be through a project like dot-root and not only by Govs, even if we 
are certainly willing to participate into any mutual experimentation.

jfc