The ISP Column A column on things Internet October 2016 Geoff Huston NANOG 68 – A Brief Potted History of the IANA October 2016 marks a milestone in the story of the Internet. At the start of the month the United States Government let its residual oversight arrangements with ICANN (the Internet Corporation for Assigned Names and Numbers) over the operation of the Internet Assigned Numbers Authority (IANA) lapse. No single government now has a unique relationship with the governance of the protocol elements of the Internet, and it is now in the hands of a community of interested parties in a so-called Multi-Stakeholder framework. This is a unique step for the Internet and not without its attendant risks. How did we get here? Scott Bradner, long time IETF participant and also active individual while he was the Internet Society’s Vice President for Standards was personally involved for much of the IANA’s history, and he took some time at the recent NANOG 68 meeting in October this year to mark this change with his history of the IANA function. Having been directly involved in some of these events myself I found Scott’s history quite enlightening and I found myself taking detailed notes. In anticipating that others may find this equally interesting, I’ll reproduce my notes here. Originally the IANA function started within the research project that became the Internet, and the initial “bookkeeping” was performed under the name of the “Network Working Group”, which dates back to 1968. This was an Ad‐hoc group “concerned with the HOST software, the strategies for using the network, and initial experiments with the network” according to RFC 3. The “IANA" name itself did not show up until 1988 in RFC1060, but of course things had been happening well before that time. Much of the DNS structure was put in place by 1984: RFC822/823 and RFC920 date from the early 1980's, and define the hierarchical structure of the domain name space and the role of the registry of those names that were directly delegated from the DNS Root. Of course at the time the Internet was a well kept secret, and from a wider perspective at the time noone had even the slightest interest in this project. Even when the Internet started to gain some attention in the academic and research environment in the late 80’s and early 90's there was much scepticism from the mainstream IT and communications enterprise sectors. So much so that at one conference at the time the Internet folk in attendance used the bumblebee as the Internet's icon because in theory bumblebees could not fly - as with the common perception of the Internet at the time! The mid 90’s saw the comprehensive demise of OSI and the interest in the Internet as a public service was taken up by various agencies and corporate entities, complementing the earlier adoption in the research and educational community. Interestingly, it was the namespace that attracted the most interest and attention, and this posed some real challenges to the nascent community and IANA in particular. The shift from an obscure semi-private function to the glare of public attention and the challenges on an enthusiastic entrepreneur sector happened at a pace that the IANA function appears to be ill-equipped to cope with this level of activity and attention. As early as 1995 the ISOC Advisory Council championed a proposed to move the global DNS root to ISOC. This was aired at the DNS Evolve BOF in IETF 34 in Dallas, and the ISOC proposal received spirited discussion. There was not much support either way despite this, but rough consensus was that there was no technical threat from more TLDs but there was a feeling that they were not solving any particular problem, so from that respect there seemed little need for change at the time. But the external pressure for change in the DNS namespec continued, and in 1996 ISOC and the IAB jointly sponsored a further study, undertaken by an International Ad Hoc Committee (IAHC), to look at the further expansion of the DNS name space. They published a report and an MoU in early 1997 proposing 7 new TLDs and a registrar / registry split. At this time Jon Postel was sued over “.web” from Image Online Design. The suit claimed that Jon had ‘promised’ this company the .web top level domain name, and the IAHC proposal essentially walked back on this promise. Jon reacted to this by observing that at the time ISI was unwilling to back him, and rather than be exposed personally in this and further law suits, he decided that institutionalising the IANA was the best course of action going forward. Vice-President Gore also pushed the agenda for the Internet as the supporting infrastructure for global electronic commerce, promoting the private sector role in building and running this. Meanwhile Jon was pursing the agenda to institutionalise the IANA. There was a conference at the end of Jan 1998 in London with Ira Magaziner (who represented the US President’s office in some capacity), and this conference saw Ira take a string USG position that explicitly denied the ITU and other inter-governmental organisations a formal place in overseeing the Internet and instead pushing strongly for a private sector-based approach. He was along a similar path as Jon to institutionalise the IANA and saw this working as a private sector entity. The question at the time was why was the USG prepared to work so hard to withhold the Internet from the ITU, to the extent of demonising the ITU, yet it was quite happy to work with other inter-governmental organizations, such as the UPU for the international postal system. Why was the ITU so special that it managed to have both the Presidential Office and Congress determinedly set against it? What egregious sin had it committed? Perhaps the answers can be found in telephony. The uptake of international telephony volumes due to a combination of the use of the fax, the rise of the multinational corporation and the increasing access to international telephony meant that international call volumes had been rising since the 1960’s. The manipulation of the ITU-arbitrated international call accounting settlement rates produced an outcome that appeared to work against the US carrier, in so far as billions of dollars was flowing out of the US due to these inter-carrier payments. AT&T, the historical international US carrier, evidently spent not inconsiderable amount of money lobbying the US political system to oppose the continuation of these payments, taking anti-ITU stand as part of this opposition. In many ways the answer to why the ITU was considered by the US to be such an evil organisation was simply: “AT&T”. January 1998 also saw Jon Postel redirect the authority point of the root server constellation to his own root server, and this move caused considerable angst in Washington. Heated words were exchanged, intervention from the FBI was threatened, and Jon backed down. The USG published a Green Paper that was informed by Jon’s desire for an institutionalised IANA and the concepts of the IAHC MoU. The basic approach was to allow the private sector to take the lead role and withhold this institution from overt governmental control of any form, which in effect was to keep this function separate from the ITU instrumentalities. However, by then the RIRs and the IETF were sceptical about all this and wanted no part of this plan, but Jon said “no” and was unwilling to permit this schism between the three major IANA roles of names, numbers and protocol parameters. Approaches were made to the US Department of Commerce (DoC), who appeared to carry the USG’s agenda in this space, with the same answer - “no change: the IANA is an inseparable bundle!" June 1998 saw the White Paper released, which described the intended future for the IANA. The idea was for the IANA to set and oversee policy and process for names, numbers and protocol parameters, funded by names and numbers. The subsequent discussion was completely misaligned to the topic. The discussion was more about “managing the Internet” and “Internet Governance” than the particular matter of the carriage of the IANA and the manner of distribution of DNS TLDs and IP addresses per se. At no stage were the specific recommendations of the IAHC considered in any detail, nor any specific changes to the RIR function considered. Even the ITU conceded that it was ill-equipped to undertake an operational role as an address registry in the conventional sense, and was only in a position to divide the address space up on a country-by-country basis, which would have a likely serious impact on the scaling properties of the routing system. Jon Postel died in October 1998 and the proposal for ICANN proceeded in any case. A closed ICANN Board meeting occurred on the 26th October 1998 as the first Board meeting of ICANN. This closed approach was apparently antithetical to what Jon wanted, but that was the path pursued by ICANN. The arrangements saw DoC having residual approval rights over changes to the root zone, and nothing else. As a control point this was all there was. Despite this minimal formal involvement in the IANA function, much international political capital was made of the USG’s special role in the Internet. The calls for the US to relinquish all control continued, and at the same time within the US the position appeared to be that if the reset of the world was so convinced that there was some national benefit to be had from this position, then maybe this was indeed the case! If so then the US would be ill-advised to surrender this position so readily. Over the ensuring years the various arrangements with the Department of Commerce have changed, with the most recent incarnation being an “Affirmation of Commitments" but none of these heralded any substantive change. By 2010 it was clear that the USG was prepared to spend some considerable political capital to keep the Internet firmly within the realm of the private sector, and to resist any coordinated international effort to draw the Internet into the more traditional international treaty structure. We’ve seen the emergence of the BRICS and the pushing of the broader topic of Internet Governance and the Digital Divide to the UN. We’ve seen WSIS, WCIT and similar. In recent years the world witnessed the Wikileaks revelations and the Snowden leaks and at some point the USG appeared to lose heart. From the outside it appeared that the USG response to these damaging leaks, among others, was to stop paying the diplomatic price for the Internet’s current structure and the USG’s unique “backstop” role in this, blow the bolts and leave the Internet to its fate, whatever that may be. So ICANN was given the task of defining who it would operate in a stable and fully accountable manner to its multi-stakeholder community of common interest. Which, after some years, it evidently did so. It did not require USG approval per se, but just the willingness of the USG not to renew its Affirmation of Commitment which defined the residual role of the NITA in the functions of the IANA. That lack of renewal duly occurred, despite some last minute political drama on the 1st October 2016. Scott Bradner is of the view that ICANN is seen as process bound, and I find it hard to disagree. He noted that the original ByLaws of the organisation had 9,000 words, and over time this has expanded to 36,000 words. Scott appears to hold the view that ICANN blew any goodwill Jon had personally gathered from the start, and has maintained a largely secretive and capricious perception. Again, I cannot disagree with this opinion. So we’ve seen much rearrangement of the deck chairs to arrive at a structure for the operation of ICANN and the IANA that was acceptable to the NTIA and the DoC and was able to get through the US Congress without their active blocking of the move. One possible explanation is this change of heart by the USG is that Snowden’s legacy in particular was more damaging and painful than many suspected. Irrespective of the precise motives that have managed to get us to this position, we are now in a new phase and one that has its elements of continued change and potential instability. The degree of public sector commitment is variable, and the pressures on ICANN are completely and totally unpredictable. It’s likely that at best all we can say is that this will probably not stay the same as it is today. As the Internet continues to change IANA must change, and it will change. But as to how and why - well, that's the tough question! Scott’s presentation to NANOG 68 can be found at https://www.youtube.com/watch?v=UYHmIXGzsiU Slides are at: https://www.nanog.org/sites/default/files/20161013_Bradner_Keynote_Iana_Transition_v1.pdf Postscript Steve Crocker, the Chair of the Board of ICANN has kindly provided the following correction to this article, which I reproduce here: On 24 Oct. 2016, at 4:57 pm, Steve Crocker wrote: Geoff, Thanks for your CircleID article on Scott Bradner’s NANOG talk. In your description of the end of the relationship with the Department of Commerce, you referred to the Affirmation of Commitments as defining the residual role of the NTIA in the functions of the IANA. This isn’t accurate and completely omits the IANA functions contract. From the beginning there two separate, parallel contractual relationship between NTIA and ICANN. One started as a Memorandum of Understanding. It later transformed to a Joint Project Agreement and transformed yet again to the Affirmation of Commitments. There was an entirely separate document, a formal procurement contract, specifically focused on the IANA function. It defined the IANA functions and tasked ICANN with providing the IANA service. That contract was renewed several times but was essentially unchanged over the years. The latest incarnation of that contract began 1 Oct 2012 and was structured to run seven years. More precisely, it was set up as a three year contract with the U.S. Government having a unilateral option to renew it twice, each renewal to run for two years. When NTIA announced in March 2014 it was planning to transition its stewardship, it expected the consultation with the community would be complete in time to simply not exercise its right to extend the contract in September 2015. The community consultation process took longer, so NTIA broke the first two year extension into two pieces, each a year long, and exercised the first piece. All the drama was around the IANA functions contract, not the Affirmation of Commitments. It was that contract that lapsed on 1 Oct 2016. And what happened to the Affirmation of Commitments? The operative parts of the AoC were about periodic reviews of ICANN’s transparency and accountability, of security, stability and resiliency, of the whois service, and of competition, consumer choice, and consumer trust. These are now incorporated into ICANN’s Bylaws. Thanks, Steve Disclaimer The above views do not necessarily represent the views of the Asia Pacific Network Information Centre. About the Author GEOFF HUSTON is the Chief Scientist at APNIC, the Regional Internet Registry serving the Asia Pacific region. He has been closely involved with the development of the Internet for many years, particularly within Australia, where he was responsible for building the Internet within the Australian academic and research sector in the early 1990’s. He is author of a number of Internet-related books, and was a member of the Internet Architecture Board from 1999 until 2005, and served on the Board of Trustees of the Internet Society from 1992 until 2001 and chaired a number of IETF Working Groups. He has worked as an Internet researcher, as an ISP systems architect and a network operator at various times. www.potaroo.net