The Wayback Machine - https://web.archive.org/all/20050223134346/http://www.templetons.com:80/brad/dns/nojur.html


DNS articles
Brad Templeton Home
Brad Ideas
(My Blog)
ClariNet

Interviews

EFF

Jokes / RHF

Photo Pages

Panoramic Photos

SF Publishing

Software

Articles

Spam

DNS

Dot!

Packages

Interests


RHF Home

Copyright Myths

Emily Postnews

Africa

Burning Man

Alice Pascal

The Rules for Guys

Bill Gates

   
 

A root without a nation

A root without a nation

How can you create a DNS root, a new ICANN, that is subject to the laws of no nation?

It's possible.

To do this, you use a feature of public key cryptography called digital signature. Digital signature allows people to prove they created a particular document. However, to make this simpler, I am going to explain the system in terms of userids and passwords.

DNS consists of a body of "root servers" around the world that identify where the TLD servers really live. They have tables that say, "for .com, go to one of these machines, for .us go to these" etc. All the ISPs and other systems of the world have configured their systems to use a common set of root servers.

Right now only the operators of the root servers have the passwords needed to change the tables that list what the TLDs are and where their databases reside.

To make a countryless root, we agree on a special committee -- a replacement for the DNS part of ICANN that I'm calling NOVAM. Imagine that this committee has 30 members, each in a different nation of the world. Each of the members of the committee has a password that lets them record a vote on all the root servers of the world that people use.

(So when I say "we agree" on a committee, what that means is that the operators of the major nameservers in the world, and the distributors of DNS software, all agree on a master list of root servers, based on the pledge by the operators of those root servers to hand control over to the committee as described below.)

The root servers are programmed to say that if say, 16 or more members of the committee connect to the server with their password, and register a vote that something be done (like adding or removing a TLD), that then it will be done.

So now we have a democratic committee but the counting of the votes is enforced by computer security. The keys are really in the hands of the committee, and like a nuclear bomb that needs both a computer key from the President and the two mechanical keys of the missile launch officers to go off, changes to all the root servers need any 16 of the committee members.

Of course, the courts in the country in which a committee member resides could order her to cast a vote one way or another. But this would make no difference. It would require 16 courts, in 16 countries, to make that order to arrange something against the will of the majority of the committee.

The courts in a jurisdiction could also order any root server located in that jurisdiction to change its tables, and indeed to stop listening to the members of the committee. But there are many root servers, and if this were to happen against the will of the net community, sites would simply stop using the root servers that they didn't wish to use, and stick only to ones that have not been given orders they disagree with.

Indeed, sites (ISPs and big institutions) could even give a committee majority the power to change who the root servers are, so such a change could take place overnight. The power of any nation or court against the root would be temporary.

Courts would of course have the power to tell the users in their own jurisdiction not to use the root servers of the international committee, and to use another set. This is fair -- courts can and should have the power over the machines and people in their own jurisdiction.

But no one court, or even group of courts, would have the power to give orders to the whole global system, and that is as it should be.

The actual majority number need not be 51%. It simply would be a number that assured that no group of nations would be likely to cooperate to control that many committee members to either force, or block, an action. There might be a different quota needed to add TLDs than to delete them, and a different one to replace a committee member. Adding a TLD might take the support of 50% of the members who vote, but might be vetoed by as few as 25% of the members, for example.

Many types of voting rules are possible, all enforced by machines, not people.

Of course, it should be said that the USA remains important enough that if it gave the order that nobody in the USA use the root servers controlled by the international committee, this would probably seriously hurt the power of the committee. However, the structure of the U.S. government and society makes such an order unlikely, since civil disobedience of the order is easy, and resistance to such sort of orders is strong.

The USA could also order Microsoft and the ISC to put a fixed list of root servers in all new copies of Windows and BIND. However, I feel confident that Microsoft, the ISC and the people of the world would fight such an order as far as possible.

Corporate

If the committee has a corporate structure, that would have to exist somewhere, and it could be sued there. However, the real power still resides with the members, and the corporate structure could be moved to another country at any time, on short notice. The main reason for a corporate structure would be to protect the individual committee members from being sued.

That last issue is the hard question. If the individual members have to defend themselves from suits because somebody doesn't like the actions of a TLD that they appointed, this costs money, and risk to the members.

Solutions to this include putting the members in countries where the courts will establish precedents that the committee members can't be sued in most cases of problems with a TLD. If one nation makes it untenable to be a committee member within that nation, that member can simply resign or be replaced with somebody from a more friendly nation.

Finally, TLD holders would be required to indemnify the members of the committee for any costs associated with any lawsuit regarding their activities into which a committee member is brought. In addition, they may need to prove the soundness of the indemnification, with insurance or a bond.

Digital Signature

Now a brief digression into digital signature and how it works.

To perform digital signature, you need a special secret number that is known only to you and well protected. Typically you store the number on your computer or mobile device with regular cryptography and a password known only to you. This secret number, called the private key, can be used to "sign" a document. Signing a document means combining the document and the number in a special mathematical function that produces another large number.

The trick is that there is another number, which you can calculate from your own secret key number, which is called the public key. This key can't be turned back into your secret key, but it's all people need to confirm that you used your secret key in the signing process.

Because the public key can't be turned into the private key, you can, as the name suggests, release it to the public. Then if anybody gets a document that was digitally signed by you, they can confirm that it was really you that signed it, or at least confirm it was somebody in possession of your highly guarded secret key number.

All that's needed is for the root servers of DNS to know the public keys of the committee members. Then they can write orders (computer commands) about TLDs to create and destroy, and sign them with their secret keys. Then they can send these orders in public, and everybody in the world, including of course software on the root servers, can confirm that they are correct, and that a proper majority of the committee have issued the order.

Thus it all takes place in the open, though distributed around the world.

The secret keys of the committee need to be kept very secret. Chances are they would be kept on a special computer not connected to the internet, and secured in a physical vault with tamper alarms. Committee members would enter a password known only to them to sign an order, and the computer would write the order on a floppy disk or simply print the signature on the screen, for copying to the internet were it can be sent out.