IETF 88 Vancouver igovupdate BOF Monday 13h00-14h30 Co-chairs: Marc Blanchet, Andrew Sullivan Minutes: Heather Flanagan (small edits by A. Sullivan) Mailing list: internetgovtech@iab.org 0. Administrativia (co-chairs) 1. Why this BOF? = Jari Arkko 2. Update on Next Generation Whois at ICANN = Chris Disspain, ICANN board member = Murray Kuchewary, IETF weirds co-chair + Why are we updating whois? + What are the policy requirements of the next whois? + What are the implications for protocols? + Who will implement and deploy the new whois? + What is the status of the work being done by ICANN? + IETF weirds wg update 3. IGF update, Jari Arkko and Andrew Sullivan 4. Discussion ----- Update on Next Generation Whois at ICANN (see slides) "A Next Generation Registration Directory Service (RDS) by Chris Disspain WEIRDS (see slides) "Weirds Status Update" by Murray Kuchewary Discussion re: WEIRDS and WHOIS: (John Klensin) When WEIRDS was chartered, there were a specific set of requirements for names, domain name related records laid out by ICANN staff and were presented to IETF as high level design criteria. Chris' group is working on high level design principles - so either we are getting ahead of ourselves or we invented a time machine (Chris Disspain) Don't know how long it will take for the WEIRDS work to complete, but it will take a very long time for the EWG output to go through the necessary processes and then if it goes to the GNSO and turns in to policy, it is not entirely conceivable that the WEIRDS result may work with the existing design criteria from the ICANN board, but in the future perhaps it can change to whatever the ICANN board (Olaf Kolkman) The way we are working the problem - we are taking a "low hanging fruit' approach, creating a basic protocol with basic functions and all the more complicated stuff is not in there yet. We should have something done at that basic level fairly soon. If more work needs to be done, this should be fairly extensible. (Murray K) At every meeting, there are ICANN staff that attend and the groups try to stay in step. No de-synch so far (Chin ???) the Internationalization Data WG in ICANN was not mentioned (Chris Disspain) not up to date on what they are doing (Chin ???) One of their goals is a data model of registration data ------ IGF Update (Andrew Sullivan) (see slides) Jari - Note that mood from last year is very different from this year and that has increased the risk for bad things happening (e.g., national regulations, more fragmentation of the Internet, intergovernmental control of operational Internet). Jari - on the draft of issues, the things that trouble things around the world are all difficult issues. There is no low-hanging fruit. The existence of these issues is being used as an argument for governance. this was create dog opinions; it is not a reflection of official opinions of the IAB or IETF. Jari - have heard other people make statements as to what they perceive to be of the problem. (Chris Disspain) there are emerging issues that encourage governance, and the government of course defaults to government involvement; one of the key players that has been pushing the multi-stakeholder model is the US government, but the US gov't is now weaker in this area than it used to be. Since they are weakened, they are not currently able to be as useful. In the meantime, the middle governments that could have been persuaded, are becoming frustrated and are moving away from the multi-stakeholder model. The next 24 months have several activities to support those in favor of a government governance model. There needs to be an alternative to a government home or centric home, and we need to be clear of what the issues are. We need to be in a position to show that cooperative arrangements work. There care three things going on: 1) a dialogue on evolution of internet governance, that in turn may lead to a grass-roots campaign to keeping governance multi-stakeholder, and 3) there is a meeting planned in Brazil in May of next year and there have been many misunderstandings about the purpose of that meeting, we need to make sure it is not hijacked by governments (Lynn St. Amour) Chris covered the events fairly well. Struggling as to whether it was the discussions at the IGF or elsewhere - what is the right balance? We need to provide leadership, but the I* community doesn't recognize the credibility we have in a lot of governmental places. They know the Internet has scaled and has brought great value to their citizens, and they know where that comes from. Need to find the balance between tight timetables, surprises coming from new opportunities, top-down/distributed/decentralized and all the things that have brought strength in to the Internet. (Phillip Hallam-Baker) The US is not going to have a multi-stakeholder solution. They are an aggregate of what they call a multi-stakeholder solution where the US government has unique control points. The power of the control points is being increases so that under DNSSEC, ICANN has the technical capability of dropping regions off the routes. They are concerned that the US government will use that control to impact economics and military of other countries. (Andrew) You are talking about ethnical proposals from the IETF? (PHB) Yes. (Andrew) and you think that having this outside the US would help? (PHB) there are very simple technical fixes - get each country sovereign allocations of IPv6 addresses that they can uses however they like. Get DNSSEC through multiple routes embedded everywhere so it is harder and more expensive to switch routes. Diffuse the control points. (Leslie Daigle) Have some familiarity with the taxonomy document. Looking at this through the IETF context is still valuable. If we want to have a successful internet, everyone has to coordinate - not just technical, government, regulators. We need to understand the problems and their contexts so that the solutions work in a more coordinated fashion. Also got to live through some intermediate level "how do we move beyond this" in the development of WHOIS. Some work had moved in to IRIS, but it was done somewhat independent of ICANN goals at the time. We cannot solve the WHOIS problem if we are not tied in to the audiences that have the issues and have processes and discussions that span the spaces of concern, even though the IETF want to focus on the technical end. Problems are real whether or not we share them and we need to get commonality of understanding in order to do our part to find solutions. (Nacif Jeferson) the IGF was meant to produce recommendations. It is not just a forum for discussion and debate. But there is a problem in that the current mechanisms are not sufficient for the IGF. That's why new mechanisms are need to address these issues. Noting that developing countries are still poorly represented in the IETF and beyond. We need to think about the mechanisms and what should we establish to address these subjects. What kind of principles can we define to help avoid further fragmentation of the Internet? We should also look at the internationalization of ICANN. It is time to think about reorganization and modernization of the organization and systems and work together putting governments and new stakeholders together to create a more democratic system. (Andrew) clarifying question: does this mean that a new organization is needed, or that multiple orgs that are collaborating in an ad hoc way are adequate? (Nacif) do not have an opinion about that. Can just see through current reality of people sitting in the UN system that there is much to understand and it goes through the system and a treaty results. This is a traditional way to solve the problems - put governments together and create a treaty. So we want to ask the organizations to sit with us and com cup with some new answers. If we don't try to solve the questions, governments will put in the UN systems, which may not be enough or sufficient but is the most simple for them to do. Security, privacy, and human rights can all be treated this way through this system. (Olaf Kolkman) How can we empower people to actually represent us? It is difficult to go to these types of meetings and not be able to represent the community in a credible fashion. Having to come back for every statement or decision will be difficult. There is no structured want o organize the event in Brazil yet, but while that is being done we need to determine a position for our leadership that will be attending. So what do we as a community need to put together to empower you (Jari) to encourage a good outcome? What is the process for us to put that together on a short time scale? Not sure the rest of this BoF will provide that outcome. (Jari) It's a good question. We need to go back to basic principles - establish opinions about different things. Example: direction for IANA how do we see that evolving in the future? We should come up with a strong opinion on that so we know where we want to take that then anyone can repeat that opinion. (Olaf) Principles like a global Internet. Governments want to see things fixed, which usually turns in to mandates, which we are very bad at. How do we take in requirements from governments? Governments do not know how to go to the IETF if they have technical requirements. Suppose if we have all those governments had a single opinion, there will people at the IETF do not consent to that, and our processes don't work in that situation. How are we going to brainstorm about these issues when we don't even have an agenda for the Brazil meeting? There will be very little time. (Marc) Closing mic line (Eliot Lear) With an IAB individual member hat on. Olaf hit on good points. Andrew ended presentation with a mailing list - key message are what are the parameters for discussion and what are we going to agree on. The process for all of this will take a year or two to sort itself through in a broader perspective. Thanks to Leslie and Lynne for putting that document together, and thanks to Olaf for his representation (Brian Dickson, Verisign) The Internet, rather than a resource, can be seen as a community. It is within the purview of governments that control giving passports - what if we got to the point where we could establish ourself as a different kind of nation-state and could then get a seat at the table and participate in deciding governance over the Internet (Scott Bradner) One of our feature sets is that we treat all input as from individuals no matter where it comes from. That makes coordination among organizations much harder. We need to figure out not just how to empower us to speak to others, but also how to help others speak to us (David Crocker) We take input all the time from people as individuals. We will even take input from governments as individuals. The utility of that input is the number of people willing to work on that optic and how it fits in to what the IETF does, at which point it's not a government dictating requirements its a person providing just another piece of input. Helping governments how to work within our model - we are an engineering group not a policy group. The challenge in a topic like this - as individuals we care about the work, the policy work, the problems. We want it resolved. It is not the IETF's job to do so. The IETF should do what the IETF is good at - individuals can go behind this and become active, but that's not the IETF. We develop useful technical solutions based on consensus, and if that happens to be based on a government's desire should be transparent to us. No different from bringing things in from industry. (Larry Massinter, Adobe) Want to encourage the IESG when talking to governments about governance to move off the protocol stack. Most things governments want to regular like copyright or spam are not things handled at the routing layer. Cyber bullying on Facebook is not a transport layer issue. There are areas where minor difference ins protocol can make major differences in the availability of a service, but not a great deal. (John Levine) My concern is that picking apart the things that the IETF can reasonably work on and what they cannot. The main reason that the US spies on Brazil traffic is because it routes through Miami, and there are technical ways to fix that but that doesn't really need our help. It is in our remit to do better crypto. Not sure agree with Phil's analysis about DNSSEC route signing. HOw do we do a triage of stuff that is us vs. stuff that is not us? (Thomas Narten) There are a lot of things that are not strictly in the scope of the IETF, but traffic going outside the country and fix it by creating an IPX in your region is something many countries don't even know about. We need to do educational outreach. (John) Everything Thomas said is right, but that's in ISOC's mandate) (Cathy Ericson) Second time at IETF where fixing things is giving big blocks of address to others. For this community to just say give blocks of addresses, we should realize what this community does and what other communities do and not say things like that. (Alyssa) There is a strong linkage between what Olaf said and the discussion about do we stick to what we do in the IETF. Sometimes the value is having people who know and understand the value of the IETF in those other rooms and forums what we do and describe avenues of cooperation. How can we empower the participants/leadership to go do that? There is an overlap there between not allowing evangelism. In talking to other civil society participants, they couldn't say enough good things about having Jari at the IGF and talk about what the IETF is and how it does it (jabber) It is good that the IAB is getting involved in governance. There are complex problems in several layers and it is good we are looking at this. (Pete Resnick) Larry said early "when the IESG interacts with governments" made me leap out of my seat. We should have that firewall there. Doesn't mean that people in the IETF community cannot encourage communication, and that the IAB facilitates getting requirements in to our stream of work. But we do want to keep the hats separate, so we stay focused on technical problems the way we do now. (Marc) This topic will continue its discussion on the mailing list (Jari) One obvious thing: we need to discuss more with the rest of the world. It does not mean we will have an opinion on everything. We will continue to work as we have been doing, and we will continue to work on communicating those opinions externally. We need to work on the interaction and if there are areas where there is strong community opinion and how things should be done. If there are different policy guidance in the future, need to understand how that will impact technology.