Vint Cerf set to part ways with ICANN
Vaya con dios, internet
ICANN just released a fact sheet covering the IPv6 protocol that everyone seems to be dragging their feet on implementing. How close are we really to IPv6? The fact sheet noted the existing domains could run out completely as soon as 2009 - a full two years earlier than what hda been speculated at the June Puerto Rico meeting. I found that pretty shocking. Is it time for ICANN to be more forceful on this front, maybe by interpreting its contractual agreements with registries more aggressively? Hold their feet to the fire, so to speak.
ICANN cannot, of its own accord, force anyone to introduce IPv6. It has already approved placement of AAAA (IPv6) addresses into the root zone file. It has authorized allocation and assignment of IPv6 addresses. The registries are not responsible for forcing user of IPv6. All the RIRs are fully equipped to assign IPv6 address space.
If there is a bottle neck, it is with the Internet Service Providers who do not see the utility of introducting IPv6 unless customers are asking for it. We have a classic chicken and egg problem here. There is growing awareness that IPv4 and IPv6 must co-exist for some time. I believe that 2008 will see some serious commitment to the introduction of IPv6.
The root servers are mirrored so many times from what I've heard that the massive attack on the root servers earlier in the year didn't really threaten the stability of the net itself, but security is always a concern. Are these kinds of assaults on the core of the internet really something to worry about? Is this something we can expect more of? Is this just the downside of maintaining a unified root, rather than having the more laissez-faire approach advocated by UnifiedRoot, for example?
Yes, we should worry about these although the botnet army generals probably do not want to kill the iternet as it is a source of revenue for them. The denial of service attacks that have been mounted in the past have largely been absorbed or diffused through the use of anycast replication of root zone servers. The UnifedRoot concept provides no more redundancy than the anycast root system, possibly less.
While we're talking about stability issues, what about DNSSEC? Is that any closer to full implementation? Is this another case where ICANN might want to push a little harder?
ICANN IS pushing hard on DNSSEC. It has engaged with the TLD community and at least four TLD operators (.se, .br, .bg and .pr) are already signed. It will be important for ICANN to move ahead on procedures for signing the root zone.