From touch at ISI.EDU Fri Nov 1 08:13:58 2002 From: touch at ISI.EDU (Joe Touch) Date: Fri, 01 Nov 2002 08:13:58 -0800 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) References: <3DC206C3.9000409@rkey.com> Message-ID: <3DC2A846.7090408@isi.edu> interenet-history at postel.org would be a fine place to discuss this further, as it is (by definition) about (albeit recent) Internet history ;-) Joe Craig Simon wrote: > I've got a lot of information on this which I'd be happy to share and > exchange, but I still need and want more details. I'm not sure the IETF > list is the best place to discuss this matter, however, and if anyone > can suggest an alternative site, I'd gladly participate there. > > Please be aware that I got it partly wrong in my 1998 paper that Michael > Froomkin cited regarding that incident. I apologize for a misstatement > which may have been widely propagated. To clarify, the server operators > who complied with the redirection request were pulling the root zone > from a separate machine at ISI -- DNSROOT.IANA.ORG -- not B. > > The research I've done on this is a central part of my Ph.D. > dissertation. Anyone who has been holding their breath waiting to read > it is long dead by now, but I am advancing. It's interesting stuff. > > I don't have any after-the-fact explanation from Jon Postel himself > regarding his motivation, but I disagree with the statement that his > goal was to "embarrass" the USG. > > Though it's fair to say that he was acting partly in reaction to > pressures from members of CORE, I think his primary rationale was a > deeply held conception of loyalty to the Internet community and its > processes. I argue that he put that sense of loyalty ahead of loyalty > to the officers of the US Government and their clearly stated wishes, as > expressed by Ira Magaziner. It took a plain threat of coercion from the > USG to make him bow and reverse the move. > > The problem of divided loyalty and authority in the Internet community > stretches back to RFC 1174, and was tested in the redirection incident. > > Also, while John Gilmore was evidently an important agent leading the > call for the redirection -- at that particular time -- Paul Vixie > evidently was not -- at that particular time. Vixie had urged such a > move in the past, when the atmosphere was not so charged, but his role > in the Jan 1998 episode seems to have been similar to that of the other > operators who complied with the request. They went along, even with > raised eyebrows, but they trusted Postel's judgment and acted with > loyalty to him and the processes he represented. > > Again, I'd be willing to engage this further, and I'd be thrilled to be > set straight if I've got any other flat facts wrong. Right now I'm most > interested in getting nitty gritty details about the negotiations > between CORE and Ira Magaziner in late 97 early 98, if anyone here can > help me with that. I'm even more interested in the September 1995 > discussion that ultimately allowed NSI to begin charging for names, but > Don Mitchell hasn't answered my emails. > > Craig Simon > > Michael Froomkin - U.Miami School of Law wrote: > >> http://www.law.miami.edu/~froomkin/articles/icann-body.htm#B170 >> >> tells the story as best I could reconstruct it. There are footnotes to >> the documents I could find. >> >> On Thu, 31 Oct 2002 lordb at nomad.tallship.net wrote: >> >> >>> I'm looking for sources of information on the hi-jacking of the usg root >>> servers by Postel, Gilmore and Vixie. >>> >>> Anyone remember this? It was on Jan 27 1998 when postel convenced a >>> number of the root operators to switch the primary from a root to f root >>> (paul vixie). This seems to have been done to embarrase the federal >>> government - Ira magaziner the presidential science advisor took a birdy >>> and treatened postel with a visit from the men in black. >>> >>> I can understand magaziners disposition at the time. The postel "test" >>> was a day prior to the Jan 28 release of the presidential green paper >>> and >>> left magaziner holding the eggs so to speak. >>> >>> thanks in advance for any links you may have in your archives. >>> >>> >>> >>> >>> >> >> > > > - > This message was passed through ietf_censored at carmen.ipv6.cselt.it, which > is a sublist of ietf at ietf.org. Not all messages are passed. > Decisions on what to pass are made solely by Raffaele D'Albenzio. From cls at rkey.com Sat Nov 2 12:00:01 2002 From: cls at rkey.com (Craig Simon) Date: Sat, 02 Nov 2002 15:00:01 -0500 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) References: <3DC206C3.9000409@rkey.com> <3DC2A846.7090408@isi.edu> Message-ID: <3DC42EC1.1080408@rkey.com> Hi, I'm already a member... Craig Joe Touch wrote: > interenet-history at postel.org would be a fine place to discuss this > further, as it is (by definition) about (albeit recent) Internet history > ;-) > > Joe From touch at ISI.EDU Thu Nov 7 13:18:30 2002 From: touch at ISI.EDU (Joe Touch) Date: Thu, 07 Nov 2002 13:18:30 -0800 Subject: [ih] testing - pls ignore Message-ID: <3DCAD8A6.3000308@isi.edu> From braden at ISI.EDU Fri Nov 8 08:57:51 2002 From: braden at ISI.EDU (Bob Braden) Date: Fri, 8 Nov 2002 16:57:51 GMT Subject: [ih] Forwarded with permission: History of RFC 154 (look it up!) Message-ID: <200211081657.QAA06321@gra.isi.edu> ---------- X-Sun-Data-Type: text X-Sun-Data-Description: text X-Sun-Data-Name: text X-Sun-Charset: us-ascii X-Sun-Content-Lines: 91 ----- Begin Included Message ----- >From steve at stevecrocker.com Tue Nov 5 21:17:32 2002 From: "Steve Crocker" To: "'Bob Braden'" Cc: Subject: RE: What the hell...? Date: Wed, 6 Nov 2002 00:17:13 -0500 MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-AntiVirus: scanned by AMaViS 0.2.1 Bob, You asked what I had in mind when I wrote RFC 154. I checked the preceding RFCs and it all came back to me. In RFC 107, I believe I was responsible for the following paragraph. The ALL, GVB, and RET command are modified to treat two quantities. Their formats are given under Control Command, below. The GVB command is further modified to make it possible to ask for none of the allocation to be returned. The new GVB command has four eight bit fields. The first two fields are the op code and the link, as before. The next two fields contain number fM and fB which control how much of message and a bit allocation are to be returned. Each of these numbers is interpreted as "the number of 128ths of the current allocation" to be returned if it is in the range of 0 to 128, and is to be interpreted as "all of the current allocation", if it is in the range 128 to 255. Note that 128 is included in both treatments. This was deliberate on my part, a subtle -- perhaps too subtle -- emphasis that the behavior crossing from below 128 to above 128 was continuous, i.e. the fraction 128/128 is the same as "all." The underlying idea was to create specifications which have some robustness at the edges wherever possible, and to make it clear that implementers had a choice in dealing with the boundary condition. The idea of robust specifications is motivated by the same consideration of the modern slogan "be conservative in what you send and liberal in what you receive." In retrospect, I would have done better to say all this in the original RFC and not slip this in implicitly. Jim White took issue with my wording, assuming it was unintended imprecision. Here's his RFC 132 in its entirety: TYPOGRAPHICAL ERROR IN RFC 107 ______________________________ On page 5 of RFC 107, at the end of the section titled 'V. Flow Control', the partial sentence: Each of these numbers is interpreted as "the number of 128ths of the current allocation" to be returned if it is in the range zero to 128... should read: ...if it is the range of zero to 127,... --- That is, return al[l] the appropriate allocation if and only if the high-order of the left-most bit of the corresponding fraction is 1. I then wrote RFC 154 in response. Feel free to share this note with whomever you wish. Steve P.S. Another mildly odd part of the RFC 107 text is that GVB 0 is specifically added. Since GVB 0 is a no-op, it's not clear why it's mentioned. I don't recall whether there was a particular motivation for this. I suppose it could function as a sort of "keep alive" function or perhaps it permitted the receiver to send GVB commands on a regular basis without needing to suppress them if nothing needed to be returned, but I'm making this up as I type this and not recalling any specific rationale from the time. ----- End Included Message ----- ---------- X-Sun-Data-Type: html X-Sun-Encoding-Info: quoted-printable X-Sun-Content-Length: 5399 X-Sun-Content-Lines: 122 Message

Bob,

You asked what I had in mind when I wrote RFC = 154.  I checked the preceding RFCs and it all came back to = me. =20 In RFC 107, I believe I = was=20 responsible for the following paragraph.

    The ALL, = GVB, and RET=20 command are modified to treat two quantities.
    Their formats are = given under=20 Control Command, below. The GVB command
    is further modified = to make it=20 possible to ask for none of the
    allocation to be returned.  The new = GVB command=20 has four eight bit
    fields.  The first two fields are the op code and the = link, as=20 before.
    The=20 next two fields contain number fM and fB which control how much=20 of
    message=20 and a bit allocation are to be returned.  Each of = these=20
    numbers is = interpreted as=20 "the number of 128ths of the current
    allocation" to be returned if it is in = the range of=20 0 to 128, and is
    to be interpreted as "all of the current allocation", if it = is in=20 the
    range=20 128 to 255.

Note that 128 is = included in both=20 treatments.  This was deliberate on my part, a subtle -- perhaps = too subtle=20 -- emphasis that the behavior crossing from below 128 to above 128 was=20 continuous, i.e. the fraction 128/128 is the same as = "all."

The underlying idea = was to create=20 specifications which have some robustness at the edges wherever = possible, and to make it clear that implementers had = a choice=20 in dealing with the boundary condition.   The idea of robust=20 specifications is motivated by the same consideration of the modern slogan "be conservative in what = you send=20 and liberal in what you receive."

In=20 retrospect, I would have done better to say all this in the original RFC = and not=20 slip this in implicitly.

Jim White took = issue with my=20 wording, assuming it was unintended imprecision.  Here's his RFC = 132 in its=20 entirety:

    TYPOGRAPHICAL ERROR IN RFC=20 107
    ______________________________

    On page 5 of RFC 107, at = the end=20 of the section titled 'V.
    Flow Control', the partial = sentence:

    Each=20 of these numbers is interpreted as "the number
    of 128ths of the = current=20 allocation" to be returned
    if it is in the range zero to=20 128...

    should read:

    ...if it is the range of zero to=20 127,...
    ---

    That is, return al[l] the appropriate allocation = if=20 and
    only if the high-order of the left-most bit of the=20 corresponding
    fraction is 1.

I then wrote RFC = 154 in=20 response.

Feel=20 free to share this note with whomever you wish.

Steve =

P.S. Another mildly = odd part of=20 the RFC 107 text is that GVB 0 is specifically added.  Since GVB 0 = is a=20 no-op, it's not clear why it's mentioned.  I don't recall whether = there was=20 a particular motivation for this.  I suppose it could function as a = sort of=20 "keep alive" function or perhaps it permitted the receiver to send GVB = commands=20 on a regular basis without needing to suppress them if nothing needed to = be=20 returned, but I'm making this up as I type this and not recalling any = specific=20 rationale from the time.

From michael at audities.net Fri Nov 8 16:59:20 2002 From: michael at audities.net (Michael Coxe) Date: Fri, 8 Nov 2002 16:59:20 -0800 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) Message-ID: <20021108165920.L566@audities.net> I remember a long discussion about this on net.internet.dns.policy. (googling).... Sure enough, it began Mar 6, 2000 with a question about non-A root servers vs. NSI. Russ Allbery, Richard Sexton and Postel's brother Tom are among the contributors. 35-post thread under the Subj hdr of "So...". Sexton also has some historical cruft @ www.dnso.com - michael From chris at cs.utexas.edu Sun Nov 10 15:35:35 2002 From: chris at cs.utexas.edu (Chris Edmondson-Yurkanan) Date: Sun, 10 Nov 2002 17:35:35 -0600 Subject: [ih] Forwarded with permission: RE Telnet's NVT and DRS Message-ID: <200211102335.gAANZZDA020391@neverland.cs.utexas.edu> --- Forwarded mail from "vinton g. cerf" I am not on that list (where is it?) Mike Padlipsky is a good source of early info on a lot of this stuff. I will try to find you a pointer to him if you don't have it. DRS never made it off the page and into programming as far as I know. John Heafner and Eric were early participants at RAND. I may have a copy of the DRS paper but sounds like it is already in hand. DEL and NIL were paper only but Steve Crocker may be able to shed some light. Bob Braden should be consulted. Steve, was Ray Tomlinson involved much in NVT? Bob K, NVT was a critical part of the 1972 demo but I think we must have made quite a bit of progress on it before that since remote, interactive access among the various ARPANET hosts was a very early target application. Vint At 08:06 PM 10/31/2002 -0600, Chris Edmondson-Yurkanan wrote: >Hi Vint, don't think that you are subscribed to the internet history mailing >list, so I thought that I'd forward this query to you. > > >#Hello, ># >#My name is Adriana Arrington and I am working with Chris >#Edmondson-Yurkanan in reseaching the technical history of Telnet for the >#THINK Protocols project. At this time, I am reading about the development >#of the Network Virtual Terminal (NVT). ># >#The first mention of the NVT was in RFC 137, as far as I can tell. How >#and when did it actually first appear as a solution to the heterogeneous >#terminal problem? How much of the NVT concept is based on the proposed but >#never used Decode-Encode Language (DEL) and Network Interface Language >#(NIL)? ># >#The Data Reconstruction Service (DRS) transforms data from one form to >#another instead of causing data to conform to a known standard, as in the >#case of the NVT. What happened to this manner of solving the incompatible >#data problem? Did Telnet, and specifically the NVT, solve this problem better? >#What ever happened to DRS? ># >#My main sources for NVT and these related topics have been the RFCs (of >#course), 1970 and 1972 SJCC papers and "An Experimental Service for >#Adaptable Data Reconfiguration" from the IEEE Transactions on >#Communications (June 1972). Are there any other sources for these topics >#(or any Telnet topic in genaral) that I should use? ># >#Thanks, >#Adriana Arrington ># >#mailto:aca at cs.utexas.edu >#mailto:a_arrington at mail.utexas.edu >#http://www.cs.utexas.edu/~aca ># ># > >-- >The University of Texas at Austin TAY 4.136; +1 512 471 9546 Fax: 471 8885 >Chris Edmondson-Yurkanan My email addresses are: chris at cs.utexas.edu >Computer Sciences Department or dragon at cs.utexas.edu >1 University Station C0500 URL: www.cs.utexas.edu/users/chris/ >Austin, TX 78712-1188 Fedex: please send to Taylor Hall 2.124 Vint Cerf SVP Architecture & Technology WorldCom 22001 Loudoun County Parkway, F2-4115 Ashburn, VA 20147 703 886 1690 (v806 1690) 703 886 0047 fax --- End of forwarded message from "vinton g. cerf" -- The University of Texas at Austin TAY 4.136; +1 512 471 9546 Fax: 471 8885 Chris Edmondson-Yurkanan My email addresses are: chris at cs.utexas.edu Computer Sciences Department or dragon at cs.utexas.edu 1 University Station C0500 URL: www.cs.utexas.edu/users/chris/ Austin, TX 78712-1188 Fedex: please send to Taylor Hall 2.124 From chris at cs.utexas.edu Sun Nov 10 15:43:12 2002 From: chris at cs.utexas.edu (Chris Edmondson-Yurkanan) Date: Sun, 10 Nov 2002 17:43:12 -0600 Subject: [ih] Forwarded with permission: Re: Telnet's NVT Message-ID: <200211102343.gAANhCxk020481@neverland.cs.utexas.edu> --- Forwarded mail from "Steve Crocker" I think there was, in fact, some preliminary implementation of NIL, but it wasn't completed and the effort was abandoned. I don't believe it played any part in subsequent developments, e.g. NVT. Jeff Rulifson and Bill Duvall were the key people behind NIL; they're still around and could be tracked down. Jeff was at Sun the last time I saw him. Steve > -----Original Message----- > From: vinton g. cerf [mailto:vinton.g.cerf at wcom.com] > Sent: Friday, November 01, 2002 12:12 PM > To: Chris Edmondson-Yurkanan > Cc: chris at cs.utexas.edu; aca at cs.utexas.edu; Braden at isi.edu; > Steve Crocker; kahn at cnri.reston.va.us > Subject: Re: from your DRS perspective? > > > I am not on that list (where is it?) > > Mike Padlipsky is a good source of early info on a lot of this stuff. > > I will try to find you a pointer to him if you don't have it. > > DRS never made it off the page and into programming as far as > I know. John Heafner and Eric were early > participants at RAND. > > I may have a copy of the DRS paper but sounds like it is > already in hand. > > DEL and NIL were paper only but Steve Crocker may be able to > shed some light. Bob Braden should be consulted. > > Steve, was Ray Tomlinson involved much in NVT? > > Bob K, NVT was a critical part of the 1972 demo but I think > we must have made quite a bit of progress on it before that > since remote, interactive access among the various ARPANET > hosts was a very early target application. > > Vint -- The University of Texas at Austin TAY 4.136; +1 512 471 9546 Fax: 471 8885 Chris Edmondson-Yurkanan My email addresses are: chris at cs.utexas.edu Computer Sciences Department or dragon at cs.utexas.edu 1 University Station C0500 URL: www.cs.utexas.edu/users/chris/ Austin, TX 78712-1188 Fedex: please send to Taylor Hall 2.124 From vinton.g.cerf at wcom.com Fri Nov 1 09:12:28 2002 From: vinton.g.cerf at wcom.com (vinton g. cerf) Date: Fri, 01 Nov 2002 12:12:28 -0500 Subject: [ih] Re: from your DRS perspective? In-Reply-To: <200211010206.gA126npd017695@neverland.cs.utexas.edu> Message-ID: <5.1.1.6.2.20021101120554.02500ba0@pop.wcomnet.com> I am not on that list (where is it?) Mike Padlipsky is a good source of early info on a lot of this stuff. I will try to find you a pointer to him if you don't have it. DRS never made it off the page and into programming as far as I know. John Heafner and Eric were early participants at RAND. I may have a copy of the DRS paper but sounds like it is already in hand. DEL and NIL were paper only but Steve Crocker may be able to shed some light. Bob Braden should be consulted. Steve, was Ray Tomlinson involved much in NVT? Bob K, NVT was a critical part of the 1972 demo but I think we must have made quite a bit of progress on it before that since remote, interactive access among the various ARPANET hosts was a very early target application. Vint At 08:06 PM 10/31/2002 -0600, Chris Edmondson-Yurkanan wrote: >Hi Vint, don't think that you are subscribed to the internet history mailing >list, so I thought that I'd forward this query to you. > >(PS Hope all is well with you. I think you would have enjoyed the new >Workshop on Hot Topics in Networking that we had at the beginning of the >week. http://www.acm.org/sigcomm/HotNets-I/) > >Thanks, Chris > >#Hello, ># >#My name is Adriana Arrington and I am working with Chris >#Edmondson-Yurkanan in reseaching the technical history of Telnet for the >#THINK Protocols project. At this time, I am reading about the development >#of the Network Virtual Terminal (NVT). ># >#The first mention of the NVT was in RFC 137, as far as I can tell. How >#and when did it actually first appear as a solution to the heterogeneous >#terminal problem? How much of the NVT concept is based on the proposed but >#never used Decode-Encode Language (DEL) and Network Interface Language >#(NIL)? ># >#The Data Reconstruction Service (DRS) transforms data from one form to >#another instead of causing data to conform to a known standard, as in the >#case of the NVT. What happened to this manner of solving the incompatible >#data problem? Did Telnet, and specifically the NVT, solve this problem better? >#What ever happened to DRS? ># >#My main sources for NVT and these related topics have been the RFCs (of >#course), 1970 and 1972 SJCC papers and "An Experimental Service for >#Adaptable Data Reconfiguration" from the IEEE Transactions on >#Communications (June 1972). Are there any other sources for these topics >#(or any Telnet topic in genaral) that I should use? ># >#Thanks, >#Adriana Arrington ># >#mailto:aca at cs.utexas.edu >#mailto:a_arrington at mail.utexas.edu >#http://www.cs.utexas.edu/~aca ># ># > >-- >The University of Texas at Austin TAY 4.136; +1 512 471 9546 Fax: 471 8885 >Chris Edmondson-Yurkanan My email addresses are: chris at cs.utexas.edu >Computer Sciences Department or dragon at cs.utexas.edu >1 University Station C0500 URL: www.cs.utexas.edu/users/chris/ >Austin, TX 78712-1188 Fedex: please send to Taylor Hall 2.124 Vint Cerf SVP Architecture & Technology WorldCom 22001 Loudoun County Parkway, F2-4115 Ashburn, VA 20147 703 886 1690 (v806 1690) 703 886 0047 fax From steve at stevecrocker.com Fri Nov 1 09:21:52 2002 From: steve at stevecrocker.com (Steve Crocker) Date: Fri, 1 Nov 2002 12:21:52 -0500 Subject: [ih] RE: from your DRS perspective? In-Reply-To: <5.1.1.6.2.20021101120554.02500ba0@pop.wcomnet.com> Message-ID: <002501c281cb$2b5eea20$0affa8c0@SCROCKER> I think there was, in fact, some preliminary implementation of NIL, but it wasn't completed and the effort was abandoned. I don't believe it played any part in subsequent developments, e.g. NVT. Jeff Rulifson and Bill Duvall were the key people behind NIL; they're still around and could be tracked down. Jeff was at Sun the last time I saw him. Steve > -----Original Message----- > From: vinton g. cerf [mailto:vinton.g.cerf at wcom.com] > Sent: Friday, November 01, 2002 12:12 PM > To: Chris Edmondson-Yurkanan > Cc: chris at cs.utexas.edu; aca at cs.utexas.edu; Braden at isi.edu; > Steve Crocker; kahn at cnri.reston.va.us > Subject: Re: from your DRS perspective? > > > I am not on that list (where is it?) > > Mike Padlipsky is a good source of early info on a lot of this stuff. > > I will try to find you a pointer to him if you don't have it. > > DRS never made it off the page and into programming as far as > I know. John Heafner and Eric were early > participants at RAND. > > I may have a copy of the DRS paper but sounds like it is > already in hand. > > DEL and NIL were paper only but Steve Crocker may be able to > shed some light. Bob Braden should be consulted. > > Steve, was Ray Tomlinson involved much in NVT? > > Bob K, NVT was a critical part of the 1972 demo but I think > we must have made quite a bit of progress on it before that > since remote, interactive access among the various ARPANET > hosts was a very early target application. > > Vint > > > > At 08:06 PM 10/31/2002 -0600, Chris Edmondson-Yurkanan wrote: > >Hi Vint, don't think that you are subscribed to the internet history > >mailing list, so I thought that I'd forward this query to you. > > > >(PS Hope all is well with you. I think you would have > enjoyed the new > >Workshop on Hot Topics in Networking that we had at the beginning of > >the week. http://www.acm.org/sigcomm/HotNets-I/) > > > >Thanks, Chris > > > >#Hello, > ># > >#My name is Adriana Arrington and I am working with Chris > >#Edmondson-Yurkanan in reseaching the technical history of > Telnet for > >the #THINK Protocols project. At this time, I am reading about the > >development #of the Network Virtual Terminal (NVT). # > >#The first mention of the NVT was in RFC 137, as far as I > can tell. How > >#and when did it actually first appear as a solution to the > heterogeneous > >#terminal problem? How much of the NVT concept is based on > the proposed but > >#never used Decode-Encode Language (DEL) and Network > Interface Language > >#(NIL)? > ># > >#The Data Reconstruction Service (DRS) transforms data from > one form to > >#another instead of causing data to conform to a known > standard, as in the > >#case of the NVT. What happened to this manner of solving > the incompatible > >#data problem? Did Telnet, and specifically the NVT, solve > this problem better? > >#What ever happened to DRS? > ># > >#My main sources for NVT and these related topics have been > the RFCs (of > >#course), 1970 and 1972 SJCC papers and "An Experimental Service for > >#Adaptable Data Reconfiguration" from the IEEE Transactions on > >#Communications (June 1972). Are there any other sources for > these topics > >#(or any Telnet topic in genaral) that I should use? > ># > >#Thanks, > >#Adriana Arrington > ># > >#mailto:aca at cs.utexas.edu > >#mailto:a_arrington at mail.utexas.edu > >#http://www.cs.utexas.edu/~aca > ># > ># > > > >-- > >The University of Texas at Austin TAY 4.136; +1 512 471 > 9546 Fax: 471 8885 > >Chris Edmondson-Yurkanan My email addresses are: > chris at cs.utexas.edu > >Computer Sciences Department or dragon at cs.utexas.edu > >1 University Station C0500 URL: > www.cs.utexas.edu/users/chris/ > >Austin, TX 78712-1188 > Fedex: please send to Taylor Hall 2.124 > > Vint Cerf > SVP Architecture & Technology > WorldCom > 22001 Loudoun County Parkway, F2-4115 > Ashburn, VA 20147 > 703 886 1690 (v806 1690) > 703 886 0047 fax > From dhc2 at dcrocker.net Tue Nov 12 09:10:41 2002 From: dhc2 at dcrocker.net (Dave Crocker) Date: Tue, 12 Nov 2002 09:10:41 -0800 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) In-Reply-To: <20021108165920.L566@audities.net> References: <20021108165920.L566@audities.net> Message-ID: <94129936849.20021112091041@tribalwise.com> Just to add this to the archive for this mailing list: Things were fragile back then. That included concern over the possibility that NSI would go rogue. NSI controlled the master root. The one that all others took their data from. Jon needed to test the ability to switch to a different master DNS root, to make sure that there were ways to "route around" this concern over NSI. That's all the test was. Jon was clear about the need for this, weeks before the test. All anyone needed to do was ask him, rather than engage in unfounded, inflammatory speculation. The other point that folks keep forgetting is that Jon had been issuing operation directives for the root servers since the inception of the DNS. How can one "take over" something that one has been responsible for over its entire existence? All of the storm and fury has been from people who have had nothing to do with the running of the DNS, but instead have focused strictly on the politics of it. (In fact, it was quite interesting to see that a year of federal inter-agency task force meetings -- including Magaziner's participation -- took place with most participants having almost no understanding of DNS technical basics. We had to arrange a tutorial for them.) d/ -- Dave Crocker TribalWise t +1.408.246.8253; f +1.408.850.1850 From randy at psg.com Tue Nov 12 10:36:46 2002 From: randy at psg.com (Randy Bush) Date: Tue, 12 Nov 2002 10:36:46 -0800 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) References: <20021108165920.L566@audities.net> <94129936849.20021112091041@tribalwise.com> Message-ID: > Things were fragile back then. That included concern over the possibility > that NSI would go rogue. NSI controlled the master root. The one that all > others took their data from. Jon needed to test the ability to switch to a > different master DNS root, to make sure that there were ways to "route > around" this concern over NSI. > > That's all the test was. Jon was clear about the need for this, weeks before > the test. All anyone needed to do was ask him, rather than engage in > unfounded, inflammatory speculation. > > The other point that folks keep forgetting is that Jon had been issuing > operation directives for the root servers since the inception of the DNS. > How can one "take over" something that one has been responsible for over its > entire existence? > > All of the storm and fury has been from people who have had nothing to do > with the running of the DNS, but instead have focused strictly on the > politics of it. (In fact, it was quite interesting to see that a year of > federal inter-agency task force meetings -- including Magaziner's > participation -- took place with most participants having almost no > understanding of DNS technical basics. We had to arrange a tutorial for > them.) > > > d/ > -- > Dave Crocker > TribalWise > t +1.408.246.8253; f +1.408.850.1850 > From craig at aland.bbn.com Tue Nov 12 13:56:27 2002 From: craig at aland.bbn.com (Craig Partridge) Date: Tue, 12 Nov 2002 16:56:27 -0500 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) In-Reply-To: Your message of "Tue, 12 Nov 2002 14:42:14 EST." <3DD15996.2020209@rkey.com> Message-ID: <200211122156.gACLuRRI061133@aland.bbn.com> In message <3DD15996.2020209 at rkey.com>, Craig Simon writes: >Also, to respond directly to Dave Crocker's note: If the directive was >justified on the basis that NSI was on the verge of "going rogue," then >why even bother to call the directive a test? I'm aware of the very >longstanding worry in some circles that NSI might do such a thing, but >it would be useful to see any documentation that might have prompted the >perception that -- just as the Green Paper was being released -- >*URGENT* action was necessary, either to pre-empt NSI, or to be ready >"just in case." It is my recollection (and I confess to not tracking these events closely) that Jon did a "test" which was, in large part, intended to demonstrate where the power to site root nameservers actually sat. And so yes, it was a test, and yes it had a point, and because there was some political aspect to it, yes the timing was urgent. Craig From touch at ISI.EDU Tue Nov 12 14:11:18 2002 From: touch at ISI.EDU (Joe Touch) Date: Tue, 12 Nov 2002 14:11:18 -0800 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) References: <200211122156.gACLuRRI061133@aland.bbn.com> Message-ID: <3DD17C86.8030006@isi.edu> Craig Partridge wrote: > In message <3DD15996.2020209 at rkey.com>, Craig Simon writes: > > >>Also, to respond directly to Dave Crocker's note: If the directive was >>justified on the basis that NSI was on the verge of "going rogue," then >>why even bother to call the directive a test? I'm aware of the very >>longstanding worry in some circles that NSI might do such a thing, but >>it would be useful to see any documentation that might have prompted the >>perception that -- just as the Green Paper was being released -- >>*URGENT* action was necessary, either to pre-empt NSI, or to be ready >>"just in case." > > > It is my recollection (and I confess to not tracking these events closely) > that Jon did a "test" which was, in large part, intended to demonstrate > where the power to site root nameservers actually sat. And so yes, it > was a test, and yes it had a point, and because there was some political > aspect to it, yes the timing was urgent. > > Craig FWIW, my recollection of a conversation with Jon on the subject was that the test was intended to focus on the technical challenge - or, more to the point, the lack thereof - of moving the master root. That included, as Craig observes, where the power was located, as well as how much coordination was required and on what timescale it could be achieved. Joe From randy at psg.com Tue Nov 12 14:55:09 2002 From: randy at psg.com (Randy Bush) Date: Tue, 12 Nov 2002 14:55:09 -0800 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) References: <3DD15996.2020209@rkey.com> <200211122156.gACLuRRI061133@aland.bbn.com> Message-ID: > that Jon did a "test" which was, in large part, intended to demonstrate > where the power to site root nameservers actually sat. as such it was very 'successful'. it proved to the folk in dc and the big companies that the engineers could not be trusted. the result was that the power to site root servers and to control their content now sits in washington dc and marinara del roi. randy From dhc2 at dcrocker.net Tue Nov 12 15:03:23 2002 From: dhc2 at dcrocker.net (Dave Crocker) Date: Tue, 12 Nov 2002 15:03:23 -0800 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) In-Reply-To: <3DD15996.2020209@rkey.com> References: <3DD15996.2020209@rkey.com> Message-ID: <194151098508.20021112150323@tribalwise.com> Craig, Tuesday, November 12, 2002, 11:42:14 AM, you wrote: Craig> original message he sent out initiating the so-called "test." The note ... Craig> However, the directive initiating the action (apparently there was an Craig> earlier email which included the same text, but without a PGP signature) Craig> does not refer to a test. Let me get this straight. You are offering a basic analysis that hinges on the absence of the word 'test' from one of 3 message? No doubt I misunderstand you. Craig> One can argue the case that there were some technical and administrative Craig> aspects of testing going on, but to stress that what occurred was really Craig> a technically-oriented test is to obscure the fundamentally political Craig> nature of Jon's action. 1. I did not claim there was no political component to the test. What I said was that he was not demonstrating his power to the US government as has been claimed. 2. What I said was that there was considerable concern that NSI might choose to go rogue. I do not mean the sequence of events that actually has transpired. There is much to criticize in NSI's performance around that time, but they did not openly run counter to the administrative authority of the root. So what I was referring to was a fear that they might actually declare their independence of the long-established authority that had been dictating the contents of the root. 3. As is typical in the politically oriented public discussions about the DNS, the operations issues are casually dismissed. Folks need to stop doing that. Operations is about details and the operations issues that Jon was testing were not nearly as trivial as some folks wish to believe. Large scale operations requires large scale attention to the details. The rule with operations is that all change is disruptive and it usually has unexpected, negative consequences lurking in unseen places. So operations folks for mission critical services worry a lot about even the simplest of procedures. Craig> Furthermore, I have a taped interview in which Ira Magaziner says that Craig> during their famous phone conversation, Jon Postel proposed the idea of Craig> using the word "test" as a face saving gesture. Ira was extremely upset. As with most others, he was having so much fun with the politics he neither cared about nor understood the operations issues. I was particularly intrigued to discover that after more than a year of deliberation, the Inter-agency task force, over which he had assumed authority and which was about to issue its findings, lacked very basic knowledge about DNS technology. I had to form a quick panel of experts to try to get them up to speed. The discussion there was fascinating. Craig> Yes, the message to the press refers also refers to a "transition" as a Craig> justification of the test, but in my judgment, the language is highly Craig> finessed. That is because you are looking for finesse. Don't. Jon did not try to be that clever. He really was a pretty straight-forward guy. Craig> The statement hints that the "verification" was performed in Craig> support of the government's desires, but it certainly was not. You are confusing Magaziner's expectations with the government's desires. Jon was not the only one concerned about NSI's possible behaviors. Craig> Also, to respond directly to Dave Crocker's note: If the directive was Craig> justified on the basis that NSI was on the verge of "going rogue," then Craig> why even bother to call the directive a test? Perhaps because that's what it was? Craig> Without such documentation, it's hard to uphold the position that Jon's Craig> primary motivation was a defensive move against possible action by NSI. You are right. We should ignore direct reports from anyone he talked with. Unless he wrote it down, it can't possibly be true. Craig> And, for what it's worth, his statement to the press makes no mention of Craig> that worry. gosh. what a surprise. fear that the DNS registry monopoly might go rogue with a mission critical service did not get cited in a public release that would be sure to piss off that monopoly. wow. really difficult to understand why they were reticent. Craig> It is fair to assume that the USG's agents would have been rather tough Craig> on NSI if it had added any "rogue" zones to the root. Craig, you were spending a lot of time talking with people back then, but you seem to have completely missed the difficulties that were rampant. Legalities were claimed to be disputable. Physical power of the monopoly was excessive. Direct effects of disruptive service would have been disastrous. Yet you want to cite vague possibilities of post-hoc retribution as being an adequate deterrent? Sorry, but that's just a tad naive. d/ -- Dave Crocker TribalWise t +1.408.246.8253; f +1.408.850.1850 From dhc2 at dcrocker.net Tue Nov 12 15:25:24 2002 From: dhc2 at dcrocker.net (Dave Crocker) Date: Tue, 12 Nov 2002 15:25:24 -0800 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) In-Reply-To: References: <3DD15996.2020209@rkey.com> <200211122156.gACLuRRI061133@aland.bbn.com> Message-ID: <168152419006.20021112152524@tribalwise.com> Randy, Tuesday, November 12, 2002, 2:55:09 PM, you wrote: Randy> as such it was very 'successful'. it proved to the folk in dc and the Randy> big companies that the engineers could not be trusted. the result was Randy> that the power to site root servers and to control their content now Randy> sits in washington dc and marinara del roi. Those folk were already completely dismissive about technies. Openly, regularly, and insultingly. It demonstrated that those folk in dc were clueless about operations. Rather than learn from that they felt the need to play more power games. Given their aggressive ignorance of the pragmatics, something like this was inevitable. d/ -- Dave Crocker TribalWise t +1.408.246.8253; f +1.408.850.1850 From randy at psg.com Tue Nov 12 15:29:04 2002 From: randy at psg.com (Randy Bush) Date: Tue, 12 Nov 2002 15:29:04 -0800 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) References: <3DD15996.2020209@rkey.com> <200211122156.gACLuRRI061133@aland.bbn.com> <168152419006.20021112152524@tribalwise.com> Message-ID: > It demonstrated that those folk in dc were clueless about > operations. Rather than learn from that they felt the need to > play more power games. Given their aggressive ignorance of the > pragmatics, something like this was inevitable. actually not. although core's bumbling naivete might have lead folk to that conclusion. amazingly enough, the dns/root/... issues were getting good support in dc against the at&t/dec/ibm big corporate alliance. the engineers were actually somewhat ahead. it all collapsed in two days. randy From dhc2 at dcrocker.net Tue Nov 12 16:56:45 2002 From: dhc2 at dcrocker.net (Dave Crocker) Date: Tue, 12 Nov 2002 16:56:45 -0800 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) In-Reply-To: References: <3DD15996.2020209@rkey.com> <200211122156.gACLuRRI061133@aland.bbn.com> <168152419006.20021112152524@tribalwise.com> Message-ID: <3157900609.20021112165645@tribalwise.com> Randy, Tuesday, November 12, 2002, 3:29:04 PM, you wrote: Randy> although core's bumbling naivete might have lead Randy> folk to that conclusion. Core? Core was almost entirely focused on their organizing and technical work at that time. They had almost no presence in the political processes, at that point. Perhaps you mean the POC? If so, indeed naivete was a problem. We kept working with the government folks and actually believed the encouragement they offered. Magaziner blew us off somewhere around mid-97. Randy> amazingly enough, the dns/root/... issues were getting good support Randy> in dc against the at&t/dec/ibm big corporate alliance. the Randy> engineers were actually somewhat ahead. it all collapsed in two Randy> days. We were getting good support from folks other than Magaziner. Magaziner was openly dismissive of techies. In fact he had already discarded the IANA work, roughly six months earlier and he almost explicitly cited the AT&T and IBM folks. The test was shortly after the IETF was in DC and we held a tutorial for the government folks. d/ -- Dave Crocker TribalWise t +1.408.246.8253; f +1.408.850.1850 From touch at ISI.EDU Wed Nov 13 13:25:06 2002 From: touch at ISI.EDU (Joe Touch) Date: Wed, 13 Nov 2002 13:25:06 -0800 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) References: <3DD15996.2020209@rkey.com> <194151098508.20021112150323@tribalwise.com> <3DD28371.6050301@rkey.com> Message-ID: <3DD2C332.50306@isi.edu> Craig Simon wrote: ... > Craig Partridge and Joe Touch add plausible and useful clarifications as > to what the technical aspect of the test was about -- the power to > re-site the root and the relative ease of doing so. I would like to know > if the conversation that Joe Touch recounted happened before or after > the incident. After. Jon was never coy, at least in my interaction with him, so I have no reason to doubt his direct assertion on the matter. I won't comment on his internal motivations; he was not fond of words spoken on his behalf when he was here, and I'll continue to respect that. > In an interview with me in August 2000, Bill Manning described some > test-like activities that occurred during the redirection incident, but > he didn't actually mention the point about testing the ease of re-siting > the root, nor the rationale for the timing. I do recall that when I saw > Bill at the IETF meeting around March/April 1998, he was wearing a > T-Shirt with a picture of the cowardly lion from the Wizard of Oz, with > the caption, "If I only had the noive." Choose your own inference. FWIW, Bill wears many interesting shirts. Anyone who takes them at face value is in for a bit of a ride, IMO. ;-) Joe From dhc2 at dcrocker.net Wed Nov 13 13:41:43 2002 From: dhc2 at dcrocker.net (Dave Crocker) Date: Wed, 13 Nov 2002 13:41:43 -0800 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) In-Reply-To: <3DD2C332.50306@isi.edu> References: <3DD15996.2020209@rkey.com> <194151098508.20021112150323@tribalwise.com> <3DD28371.6050301@rkey.com> <3DD2C332.50306@isi.edu> Message-ID: <14311962961.20021113134143@tribalwise.com> Joe, Wednesday, November 13, 2002, 1:25:06 PM, you wrote: Joe> Craig Simon wrote: >> I do recall that when I saw >> Bill at the IETF meeting around March/April 1998, he was wearing a >> T-Shirt with a picture of the cowardly lion from the Wizard of Oz, with >> the caption, "If I only had the noive." Choose your own inference. Joe> FWIW, Bill wears many interesting shirts. Anyone who takes them at face Joe> value is in for a bit of a ride, IMO. Wow. I missed this gem in Craig's note. Bill also has reasonably short hair. And let's not get started about his beard. And then of course there is the fact that he lives in L.A. and we know what THOSE folks are like. Well, at least Craig's comment makes quite clear how seriously his analyses are intended to be taken. d/ -- Dave Crocker TribalWise t +1.408.246.8253; f +1.408.850.1850 From braden at ISI.EDU Thu Nov 14 14:30:43 2002 From: braden at ISI.EDU (Bob Braden) Date: Thu, 14 Nov 2002 22:30:43 GMT Subject: [ih] Re: internet-history digest, Vol 1 #66 - 1 msg Message-ID: <200211142230.WAA08614@gra.isi.edu> Folks, This is a history list. How about keeping comments in this forum to statements of facts (perhaps filtered by fading memories or partial knowledge) from those where were around at the time, and leave the interpretation to some other list. Bob Braden From sammm2 at hotmail.com Sat Nov 16 02:09:37 2002 From: sammm2 at hotmail.com (abid Gen:) Date: Sat, 16 Nov 2002 10:09:37 +0000 Subject: [ih] Request for information about INTERNET Message-ID: An HTML attachment was scrubbed... URL: From touch at ISI.EDU Sun Nov 17 12:15:53 2002 From: touch at ISI.EDU (Joe Touch) Date: Sun, 17 Nov 2002 12:15:53 -0800 Subject: [ih] Request for information about INTERNET References: Message-ID: <3DD7F8F9.5080205@isi.edu> abid Gen: wrote: > hyyy > i am abid ismail kahn and i want all the information of internet history > and its scope and its advantages and usages in ll the aspects of life > hope u will send me all the information > i will be thanks to u Please review the description of this list at http://www.postel.org This sort of question is not appropriate for this list. Joe From jtk at depaul.edu Wed Nov 27 09:29:47 2002 From: jtk at depaul.edu (John Kristoff) Date: Wed, 27 Nov 2002 11:29:47 -0600 Subject: [ih] A single OUI for IP multicast Message-ID: <20021127112947.67dd7be3.jtk@depaul.edu> I've heard the brief story in a couple of places, but thought I might be more definitive details. I'm particularly interested in any interesting pieces that are missing. Apparently Steve Deering was only able to obtain a single OUI from the IEEE due to budget constraints and the cost of of an $1000 per for IP multicast to IEEE 48-bit MAC mapping. I've also heard that Jon Postel was the one who's budget this money was coming out of. First, is this the whole, accurate story or is there more to it than that? Second, was there ever any further consideration given to purchasing (or IEEE donating) the additional 15 OUI's to cover the IP Class D to IEEE 48-bit MAC conversion? John From cls at rkey.com Tue Nov 12 11:42:14 2002 From: cls at rkey.com (Craig Simon) Date: Tue, 12 Nov 2002 14:42:14 -0500 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) Message-ID: <3DD15996.2020209@rkey.com> I'm including Jon Postel's response to my request for a copy of the original message he sent out initiating the so-called "test." The note he sent me included three messages. It's important to note that the first of these messages -- a statement to the press -- refers to a test. So does the last of these -- an operational directive sent to various operators of root zone secondary servers -- in which Jon stated, "The root zone transfer verification test has been completed." However, the directive initiating the action (apparently there was an earlier email which included the same text, but without a PGP signature) does not refer to a test. Instead, Jon announced a "small step" in the "transitions" of the Internet's "management arrangements." Nothing was said about testing or an expected reversion back to the original arrangement. One can argue the case that there were some technical and administrative aspects of testing going on, but to stress that what occurred was really a technically-oriented test is to obscure the fundamentally political nature of Jon's action. Calling it a test of power would be more on target, but that characterization oversimplifies things as well. Furthermore, I have a taped interview in which Ira Magaziner says that during their famous phone conversation, Jon Postel proposed the idea of using the word "test" as a face saving gesture. Yes, the message to the press refers also refers to a "transition" as a justification of the test, but in my judgment, the language is highly finessed. The statement hints that the "verification" was performed in support of the government's desires, but it certainly was not. We know this for certain, in light of the response from the government's officers. Also, to respond directly to Dave Crocker's note: If the directive was justified on the basis that NSI was on the verge of "going rogue," then why even bother to call the directive a test? I'm aware of the very longstanding worry in some circles that NSI might do such a thing, but it would be useful to see any documentation that might have prompted the perception that -- just as the Green Paper was being released -- *URGENT* action was necessary, either to pre-empt NSI, or to be ready "just in case." Without such documentation, it's hard to uphold the position that Jon's primary motivation was a defensive move against possible action by NSI. And, for what it's worth, his statement to the press makes no mention of that worry. It is fair to assume that the USG's agents would have been rather tough on NSI if it had added any "rogue" zones to the root. I would also infer that the USG's strong threats against Postel served to constrain NSI's willingness to risk "going rogue" thereafter. I agree that the main players of the USG didn't have a particularly strong technical understanding of how the DNS operated. This largely explains their reticence to permit operational changes, even as they interrupted the "engineering community's" own administrative processes. The government's mantra was "stability," after all. Magaziner, Burr, et al were willing to intervene because, in their view, that commmunity's processes had less than nominal legitimacy to determine the deployment of such important resources. But questions of responsibility and legitimacy are a different matter. Dave Crocker wrote: > Just to add this to the archive for this mailing list: > > Things were fragile back then. That included concern over the possibility > that NSI would go rogue. NSI controlled the master root. The one that all > others took their data from. Jon needed to test the ability to switch to a > different master DNS root, to make sure that there were ways to "route > around" this concern over NSI. > > That's all the test was. Jon was clear about the need for this, weeks before > the test. All anyone needed to do was ask him, rather than engage in > unfounded, inflammatory speculation. -------- Original Message -------- Subject: Re: The famous test Date: Thu, 5 Feb 1998 23:27:50 -0800 (PST) From: Jon Postel To: cls at flywheel.com CC: postel at ISI.EDU Craig Simon: Hello, i'll send you the statement i've made about it and the actual messages. --jon. 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This statement was sent to the press and others that asked about the test. ================================================================== Hello: It is contemplated in the discussion draft issued by the government that the operation of the root zone will be transferred to a new organization performing the IANA functions. While the time period for the transition of operational services to the new orgaization is rather flexible in the discussion draft, it is possible that the transition of the root zone operation may be appropriate very soon. As a verification that such a transfer can be accomplished smoothly and without interruption to the operational service, a test is being performed to rearrange the flow of root zone information. Once this test is completed the arrangements may revert to the previous arrangements. There is very high confidence that these transitions can be accomplished without impact on the operational service, and experienced technical experts are assisting in this verification. It should be understood that there is no change to the data in the root zone. The contents of the root zone are decided on and prepared in exactly the same way as they have been, and distributed through the primary server at NSI (the A root server). --jon. ======================================================================= 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ----- Begin Included Message ----- Date: Wed, 28 Jan 1998 17:04:11 -0800 From: postel at ISI.EDU Subject: root zone secondary service Cc: postel at ISI.EDU, iana at ISI.EDU The following messages is pgp signed by "iana ". -----BEGIN PGP SIGNED MESSAGE----- ======================================================================== Hello. As the Internet develops there are transitions in the management arrangements. The time has come to take a small step in one of those transitions. At some point on down the road it will be appropriate for the root domain to be edited and published directly by the IANA. As a small step in this direction we would like to have the secondaries for the root domain pull the root zone (by zone transfer) directly from IANA's own name server. This is "DNSROOT.IANA.ORG" with address 198.32.1.98. The data in this root zone will be an exact copy of the root zone currently available on the A.ROOT-SERVERS.NET machine. There is no change being made at this time in the policies or procedures for making changes to the root zone. This applies to the root zone only. If you provide secomdary service for any other zones, including TLD zones, you should continue to obtain those zones in the way and from the sources you have been. - --jon. Jon Postel Internet Assigned Numbers Authority c/o USC - ISI, Suite 1001 4676 Admiralty Way Marina del Rey, CA 90292-6695 Talk: +1-310-822-1511 Fax: +1-310-823-6714 EMail: IANA at ISI.EDU ======================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNM/OggXEg/2i5jY1AQFOSgQAmFKo34Ytxi+8R78qG7/2BUP3KdWqH2Aj zufrv5sYkfQDNeW+02JA5LZT6ZW5AgRgTDJpQkZlKKvBfzD52GCsDpgt1yUdxxUJ 3VfmK48AIEV9LVKAwlDmOqia++cp1nA8Jd7en35HnKAuFVFEKN0fYEq8FHXEAuOJ TXXrSiVyCHE= =qZXq -----END PGP SIGNATURE----- ----- End Included Message ----- 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ----- Begin Included Message ----- Date: Tue, 3 Feb 1998 22:31:13 -0800 (PST) From: Jon Postel Subject: root zone transfer verification completed Cc: postel at ISI.EDU, iana at ISI.EDU -----BEGIN PGP SIGNED MESSAGE----- ======================================================================== Hello. The root zone transfer verification test has been completed. Please return to the previous method of obtaining the root zone information from the A.ROOT-SERVERS.NET machine (located at NSI). This applies to the root zone only. If you provide secondary service for any other zones, including TLD zones, you should continue to obtain those zones in the way and from the sources you have been. - --jon. Jon Postel Internet Assigned Numbers Authority c/o USC - ISI, Suite 1001 4676 Admiralty Way Marina del Rey, CA 90292-6695 Talk: +1-310-822-1511 Fax: +1-310-823-6714 EMail: IANA at ISI.EDU ======================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNNf6wQXEg/2i5jY1AQFvMQP+OFAhN1Uge7m2RlUOIROZidF+4poBCtTi Ax75fOBB1Mcd7FrYfxDQZgz/wq5hTL5JcCNjqu8mJBtBzWbz5DFGKcVlTqrUJko/ uVTx8pInJl0N8Zb9Dg4DT0kaMTJkUBehjJdcQWSs4eEvxmpH9OOFaxHVzXyaGpZa gP5mdZBjDDI= =Yp7o -----END PGP SIGNATURE----- ----- End Included Message ----- From moore at cs.utk.edu Tue Nov 12 13:58:00 2002 From: moore at cs.utk.edu (Keith Moore) Date: Tue, 12 Nov 2002 16:58:00 -0500 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) In-Reply-To: (Your message of "Tue, 12 Nov 2002 14:42:14 EST.") <3DD15996.2020209@rkey.com> Message-ID: <200211122158.gACLw0l03681@astro.cs.utk.edu> > Also, to respond directly to Dave Crocker's note: If the directive was > justified on the basis that NSI was on the verge of "going rogue," then > why even bother to call the directive a test? because it became apparent that NSI had the political backing to support their going rogue. > I'm aware of the very > longstanding worry in some circles that NSI might do such a thing, NSI *did* do such a thing. We're still largely stuck with the result. they managed to obtain effective control over the master root server and the most popular TLDs. they retained the ability to exact a toll over registrations while giving the appearance of competition (the other organizations essentially act as commission-based resellers). they delayed the introduction of any competition for several years, and managed to hold on to .COM and .NET for much longer than they should have. > but > it would be useful to see any documentation that might have prompted the > perception that -- just as the Green Paper was being released -- > *URGENT* action was necessary, either to pre-empt NSI, or to be ready > "just in case." I think it was rather a case of "too little, too late". > It is fair to assume that the USG's agents would have been rather tough > on NSI if it had added any "rogue" zones to the root. it's a mistake to assume that NSI's going rogue would have involved them adding more TLDs. NSI's interest was not in adding more TLDs, but in maintaining their existing power/control over the DNS. of course it helped NSI's arguments that they could say they were merely maintaining the status quo (one which favored their interests), when they were in reality able to use this as an excuse to shore up government support for their monopoly. They were able to make it appear to the media as if Jon was changing the status quo, when was the one who was widely recognized - within the technical community - as being in charge. > Magaziner, Burr, et al were willing to intervene because, in their view, > that commmunity's processes had less than nominal legitimacy to > determine the deployment of such important resources. Whether the US government had the legitimacy to give control over a vital international resource to a private US company (albiet one with many close ties to the US government) is of course a separate question. Keith From cls at rkey.com Wed Nov 13 08:53:05 2002 From: cls at rkey.com (Craig Simon) Date: Wed, 13 Nov 2002 11:53:05 -0500 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) References: <3DD15996.2020209@rkey.com> <194151098508.20021112150323@tribalwise.com> Message-ID: <3DD28371.6050301@rkey.com> I'll put the gist of my response up front. Was it a hijacking? No. Was it a technical test? No. Jon was seeking to put physical control of the root where he honestly thought it belonged -- under IANA. Dave Crocker wrote: > Let me get this straight. You are offering a basic analysis that hinges on the > absence of the word 'test' from one of 3 message? No doubt I misunderstand > you. Seems so. I'm saying that the "small steps" message that launched the redirection is by far the most important document we have revealing Jon's initial intentions. The press release in which he began to use the word test was was clearly written after the conversation with Magaziner. You have been saying quite explicitly the action was designed as a technical test, and you have been implying that Jon told you this beforehand, but you haven't stated explicitly that such a conversation was held, or when. The "test" story that has been diffused to the public stems from the post-"test" statement from Jon. There are also some posts on the net.internet.dns.policy thread from Jon's brother Tom in which he said that that such a test had been planned for over a year. Tom also says that the rationale for the timing was related to the expiration of the Cooperative Agreement (implying a political calculation). However, Tom makes some a few surprising statements that seem factually wrong. If these are actually correct, I'd like to know. Tom P. wrote that such tests had been run before... He initially argued the agreement was set to expire at the end of January. He also initially argued NSI cooperated in the test... He said that the test was over by the time Magaziner called.. And he wrote that Jon's lawyer (unidentified) convinced Magaziner that Jon did have the authority to do the "test." Tom does put a lot of emphasis on RFC 1174 as the basis for Jon's authority, which is a correct place to focus. The core of problem, however is that, at the end of the day, Jon's authority was not recognized as unequivocal. Craig Partridge and Joe Touch add plausible and useful clarifications as to what the technical aspect of the test was about -- the power to re-site the root and the relative ease of doing so. I would like to know if the conversation that Joe Touch recounted happened before or after the incident. In an interview with me in August 2000, Bill Manning described some test-like activities that occurred during the redirection incident, but he didn't actually mention the point about testing the ease of re-siting the root, nor the rationale for the timing. I do recall that when I saw Bill at the IETF meeting around March/April 1998, he was wearing a T-Shirt with a picture of the cowardly lion from the Wizard of Oz, with the caption, "If I only had the noive." Choose your own inference. The fact remains that the secondary root server operators that I've spoken to who were participants/subjects in this so-called test weren't told at the time that the action was a test, but that it was a transitional step in the development of the Internet. > Craig> One can argue the case that there were some technical and administrative > Craig> aspects of testing going on, but to stress that what occurred was really > Craig> a technically-oriented test is to obscure the fundamentally political > Craig> nature of Jon's action. > 1. I did not claim there was no political component to the test. What I > said was that he was not demonstrating his power to the US government as has > been claimed. That's not my primary claim either. Recall that the person who started this thread said that Jon was trying to "embarrass" the USG, and I was arguing against that conclusion. > 2. What I said was that there was considerable concern that NSI might > choose to go rogue. I do not mean the sequence of events that actually has > transpired. There is much to criticize in NSI's performance around that > time, but they did not openly run counter to the administrative authority of > the root. So what I was referring to was a fear that they might actually > declare their independence of the long-established authority that had been > dictating the contents of the root. How do you operationalize the statement, "declare their independence?" By this time, hadn't NSI had already announced that, while the CA was in effect, it wouldn't make a move to change the root zone without permission from the DOC? And hadn't Becky Burr already stated loud and clear that she was the gatekeeper over what went into the root? > 3. As is typical in the politically oriented public discussions about the > DNS, the operations issues are casually dismissed. Folks need to stop doing > that. Operations is about details and the operations issues that Jon was > testing were not nearly as trivial as some folks wish to believe. Large > scale operations requires large scale attention to the details. The rule > with operations is that all change is disruptive and it usually has > unexpected, negative consequences lurking in unseen places. So operations > folks for mission critical services worry a lot about even the simplest of > procedures. > > > Craig> Furthermore, I have a taped interview in which Ira Magaziner says that > Craig> during their famous phone conversation, Jon Postel proposed the idea of > Craig> using the word "test" as a face saving gesture. > > Ira was extremely upset. As with most others, he was having so much fun > with the politics he neither cared about nor understood the operations > issues. I was particularly intrigued to discover that after more than a > year of deliberation, the Inter-agency task force, over which he had assumed > authority and which was about to issue its findings, lacked very basic > knowledge about DNS technology. I had to form a quick panel of experts to > try to get them up to speed. The discussion there was fascinating. 1. You're changing the subject. 2. I presume you're talking about the meeting with Kahin, Burr, Weinberg, Stef, Postel, Mockapetris, Baker, Austein, Crocker, Kowack, et al, during the IETF meeting in DC in late 97? I sat in on that one. I agree it was fascinating. It seemed to me that Rob Austein had won over the USG participants' confidence. His presentation was excellent, and my reading of the body language in the room was that he had convinced the USG folks that the POC/CORE group was in able hands, and would proceed responsibly within carefully considered parameters. Then you spoke, Dave, and the mood changed dramatically. > Craig> Yes, the message to the press refers also refers to a "transition" as a > Craig> justification of the test, but in my judgment, the language is highly > Craig> finessed. > > That is because you are looking for finesse. Don't. Jon did not try to be > that clever. He really was a pretty straight-forward guy. I'm not "looking for finesse" in particular. I'm looking to see how the pieces of the puzzle fit together. Sometimes the most plausible explanation is finesse, just as sometimes it can be ideology, material interest, a sense of duty, ego, tactlessness, or something else. Usually it's a mix. Finesse isn't bad, by the way. > Craig> The statement hints that the "verification" was performed in > Craig> support of the government's desires, but it certainly was not. > > You are confusing Magaziner's expectations with the government's desires. > Jon was not the only one concerned about NSI's possible behaviors. If you are suggesting that there were individuals in the government who supported Jon's actions, please say so directly and specifically. We all know that, "Jon was not the only one concerned about NSI's possible behaviors." The question in that context is whether he was in league with officers of the USG who believed they had legitimate oversight of the root, or who were expressly concerned about NSI going rogue, or who expressly wanted to test the ease of re-siting the root. > Craig> Also, to respond directly to Dave Crocker's note: If the directive was > Craig> justified on the basis that NSI was on the verge of "going rogue," then > Craig> why even bother to call the directive a test? > > Perhaps because that's what it was? We've clearly got a significant disconnect going here. I think you have a stronger argument when you say that Jon was worried about NSI adding unsanctioned zones, in comparison with the reports that he just happened be conducting a technical test one day. If his action was designed as a preparation against bad actions by NSI, then be straightforward and make the point directly, from the top. Actually, I think you've been more clear this time around than previously, but people who have detected the long history of dissembling on this matter, from that first press report on, presumed that its purpose was to deflect attention from what they believe was a hijacking. The hemming and hawing tends to strengthen their suspicions. > Craig> Without such documentation, it's hard to uphold the position that Jon's > Craig> primary motivation was a defensive move against possible action by NSI. > > You are right. We should ignore direct reports from anyone he talked with. > Unless he wrote it down, it can't possibly be true. The people Jon talked with years ago that I have spoken with since then are reporting quite different things about what Jon said and what kinds of pressures he was facing. In such cases, documents are extremely valuable. > Craig> And, for what it's worth, his statement to the press makes no mention of > Craig> that worry. > > gosh. what a surprise. fear that the DNS registry monopoly might go rogue > with a mission critical service did not get cited in a public release that > would be sure to piss off that monopoly. > > wow. really difficult to understand why they were reticent. Earlier you wrote Jon was straight-forward in that document. Now you are arguing he was using tact and finesse. These are all fine qualities. > Craig> It is fair to assume that the USG's agents would have been rather tough > Craig> on NSI if it had added any "rogue" zones to the root. > > Craig, you were spending a lot of time talking with people back then, but > you seem to have completely missed the difficulties that were rampant. > > > Legalities were claimed to be disputable. Physical power of the monopoly > was excessive. Direct effects of disruptive service would have been > disastrous. > > Yet you want to cite vague possibilities of post-hoc retribution as being an > adequate deterrent? Sorry, but that's just a tad naive. First of all, to be clear, when it comes to this point, I'm inferring, not citing. The reason for this conjecture, whether it's reasonable or naive, is to try to think through a rather obvious question, "What were the ramifications of the root January 1998 episode that some people think was a test, and that others think was a hijacking?" I don't think it's naive to assume that, after all the attention given to Postel's action, agents of the USG would have been very alert to any move by NSI to add "rogue" (not blessed by IANA) zones to the root. Would this make the people at NSI think twice? Certainly some of them. In any case, the company found much more effective ways to steer the process to its own ends. Craig From dhc2 at dcrocker.net Wed Nov 13 09:20:37 2002 From: dhc2 at dcrocker.net (Dave Crocker) Date: Wed, 13 Nov 2002 09:20:37 -0800 Subject: [ih] Re: anyone remember when the root servers were hi-jacked? (fwd) In-Reply-To: <3DD28371.6050301@rkey.com> References: <3DD15996.2020209@rkey.com> <194151098508.20021112150323@tribalwise.com> <3DD28371.6050301@rkey.com> Message-ID: <90216928476.20021113092037@tribalwise.com> Craig, Wednesday, November 13, 2002, 8:53:05 AM, you wrote: Craig> I'll put the gist of my response up front. Was it a hijacking? No. Was Craig> it a technical test? No. Jon was seeking to put physical control of the Craig> root where he honestly thought it belonged -- under IANA. You are confusing a specific action with a larger goal. The mistake of having NSI hold physical control over the root was, by then, clear to pretty much everyone in the ops community. IANA was a logical alternative to pursue. This was not even slightly controversial. The question was how to achieve that end. My exchange with Jon was a pretty casual conversation, weeks beforehand. Indeed, as I recall, the topic had been discussed among the community for quite awhile, but I was not active in the DNS community during the time immediately preceding the IAHC work. So my direct knowledge of that earlier period is very limited. Postel's comments to me, weeks before the test, were clear about the problem and clear about the nature of the solution. Any competent ops person will approach such a transition incrementally, starting with a test. Let me stress this. You begin transition of mission-critical operations by doing tests. Whether you tell people it's a test does not make it something else. Given the nature of the concern over NSI, one can easily argue that part of the test required treating the root server operators mechanically, by issuing a limited note, rather than describing anything in detail. Consequently there was absolutely nothing in Jon's approach or actions that was even slightly interesting, until the pols decided to make it an emotional event, and folks decided to pretend that he was doing a power play. You are over-interpreting small bits of language and you are inventing your assessment of Postel's motives. That you do not see this speaks loudly about how much all of this really is nothing but a Rorschach test for the non-ops participants. You want a power play. What a surprise that that is what you see. d/ -- Dave Crocker TribalWise t +1.408.246.8253; f +1.408.850.1850