In comments filed today with ICANN, the President and CEO of the Internet Society (ISOC), Lynn St. Amour, sent some sharply-worded criticism to ICANN President and CEO Rod Beckstrom. The comment, which was sent to the entire ICANN Board, criticized Beckstrom for his comments before the Governmental Advisory Committee at the Nairobi meeting last month, when he claimed that the domain name system is “under attack as never before” and implied that it is likely to collapse at any moment. Beckstrom made these comments by way of promoting his idea of a “DNS CERT”.
Beckstrom's comments already generated an outraged response from the head of ICANN's ccNSO, the Council of country code top level domain name operators. In a letter sent immediately after the presentation, Chris Disspain of the Australian ccTLD (.au) complained that telling governments such scary stories undermines the working relationships they have with their ccTLD operators: “Your inflammatory comments to governmental representatives regarding – in your view – the precarious state of the security of the DNS, have the potential to undermine the effective and productive relationships established under ICANN’s multi-stakeholder model. Your alarming statement to the GAC infers that current security efforts are failing.”
By joining the fray a month later, ISOC is reinforcing the message that there is a sizable portion of the Internet technical and business community that felt threatened by Beckstrom's comments, and that members of this community are willing to challenge exaggerated claims about instability and threats. The ISOC letter says “in our view, any effort to improve security and stability must be based on substantiated facts and careful planning. During the Nairobi ICANN meeting, ICANN’s Chief Executive Officer claimed that the Internet is under attack as never before; which has raised concern among many, yet the facts to substantiate that statement have not yet been made available to the community.” The letter went on: “many recognized experts in DNS security and operators of key Internet infrastructure are on record saying they do not agree that the Internet is suddenly experiencing dramatically greater or new types of attack, or that the DNS, or the Internet itself, are likely to collapse at any moment.”
The letter expressed reservations about Beckstrom's DNS CERT proposal and also expressed concerns about mission creep at ICANN. “ICANN has recently put forward two proposals to create a global DNS CERT capability. No doubt, vigilance is an important part of the community’s efforts, as are capacity building efforts. The Internet Society has reviewed the ICANN proposals and, as a starting point, agrees that taking steps to strengthen global DNS security, stability and resilience is important. That said, we have strong concerns about how the proposals have been developed and their future path in the ICANN community. As with all important initiatives concerning the functioning of the Internet, ISOC believes it is vital to rely on the Internet model to get the best result. By the Internet model, we mean relying on open, freely accessible, multi-stakeholder, and knowledge-based processes for both technology and policy development.”
Beckstrom responded to Disspain's letter on April 7, where he said, “my comments were based on strong, consistent and widespread concern expressed to me and to ICANN security staff by registry and registrar operators and others in a position to have relevant information and insights on threats to the DNS.”
But the ISOC letter said “we continue to be concerned that ICANN may be broadening out from its principle mandate as coordinator of the global resource that is the domain name system into the management of new and peripheral operational functions. More specifically, the two proposals to create a DNS CERT capability could
potentially distract ICANN from its narrow technical mandate and distract management’s attention and resources.”
Public comment on the DNS CERT proposal officially closed today, although stragglers might still be able to get theirs in.
One moral of this story is that there is still a residue of suspicion within the traditional internet technical community about ICANN and its ambitions. Another is that an ICANN CEO who challenges them or who makes them look as if they aren't doing their jobs right will have hell to pay. As noted in earlier blogs, we at IGP agree that security threats tend to be exaggerated and abused these days. While we initially greeted the idea of a DNS CERT centered on ICANN as worth exploring seeing ICANN as a looser and more globalized alternative to national security initiatives, it is interesting how the topic has morphed into (yet another) Internet Jeffersonian vs. Hamiltonian debate. Advocates of informal, loose cooperation are tagging the ICANN-based CERT as a more hierarchical approach.