At 23:27 30/08/2008, Lutz Donnerhacke wrote:

Because this point might be interesting in this election: I believe in a single root. Not a virtual one. A real single root.

I *define an internet* as a transitive hull of computers connected using TCP/IP. And I *define the Internet* as an internet with contains the IANA operated DNS root servers.

Please consider this very clear position in your vote. I'm a technical guy, I do not dream.

Dear Lutz, I am afraid only non-technical guys are dogmatic: "The principle of constant change is perhaps the only principle of the Internet that should survive indefinitely." (RFC 1958). As a result ICANN's position is extremely clear (ICP-3): ".. alternate roots are commonly operated by large organizations within their private networks without harmful effects, since care is taken to prevent the flow of the alternate resource records onto the public Internet." "It should be noted that the original design of the DNS provides a facility for future extensions that accommodates the possibility of safely deploying multiple roots on the public Internet for experimental and other purposes. As noted in RFC 1034, the DNS includes a "class" tag on each resource record, which allows resource records of different classes to be distinguished even though they are commingled on the public Internet. For resource records within the authoritative root-server system, this class tag is set to "IN"; other values have been standardized for particular uses, including 255 possible values designated for "private use" that are particularly suited to experimentation." "As described in a recent proposal within the IETF,11 this "class" facility allows an alternate DNS namespace to be operated from different root servers in a manner that does not interfere with the stable operation of the existing authoritative root-server system. To take advantage of this facility, it should be noted, requires the use of client or applications software developed for the alternate namespace (presumably deployed after responsible testing), rather than the existing software that has been developed to interoperate with the authoritative root" ... "In an ever-evolving Internet, ultimately there may be better architectures for getting the job done where the need for a single, authoritative root will not be an issue. But that is not the case today. And the transition to such an architecture, should it emerge, would require community-based approaches. In the interim, responsible experimentation should be encouraged, but it should not be done in a manner that affects those who do not consent after being informed of the character of the experiment." "Experimentation has always been an essential component of the Internet's vitality. Working within the system does not preclude experimentation, including experimentation with alternate DNS roots. But these activities must be done responsibly, in a manner that does not disrupt the ongoing activities of others and that is managed according to experimental protocols." "DNS experiments should be encouraged. Experiments, however, almost by definition have certain characteristics to avoid harm: (a) they are clearly labeled as experiments, (b) it is well understood that these experiments may end without establishing any prior claims on future directions, (c) they are appropriately coordinated within a community-based framework (such as the IETF), and (d) the experimenters commit to adapt to consensus-based standards when they emerge through the ICANN and other community-based processes. This is very different from launching commercial enterprises that lull users into a sense of permanence without any sense of the foregoing obligations or contingencies." Most of the technical guys (such as the IETF) failed ICANN. With the current situation as a result. @larges carried the experiment. Tested the way virtual root should work, and the way it works today (I wrote a TLD Manager and Root Administrator Best Practices that was signed by several and discussed with Europe and Denic at that time). We do not intend to suffer from the lack of response of the IETF (I called upon three times in vain, asking to share in our ICANN conformant test-bed experimentation [dot-root project] that was reported at the time to Europe, ITU, Govs, etc. [in French]). Today, I am sure many are ready to try to include DNSSEC in thier own system plans if you wish to help determine why it would be good, how, and how to test it. Specially the very young NSEC3. And how to adapt to the virtual root matrix. However, I am sorry, I am a network architect and system designer, our members are @large Internet lead users. They are technically and politically aware. Our duty is to our fellow citizens and to our countries : we cannot back to 1983 when I was running the world "root" and interfaced the young Internet (RFC 920, Postel). Telling the ICANN BoD it is possible could be religious, but would not be telling the truth. I will look carefully through your other mails. This is very ionformative and helpfull. Even if we may disagree on some points. Thank you! jfc