IGF 2017 - Day 1 - Room XII - WS48 The Future of Internet Identifier: How the DNS Will Function in a Smart Cyberspace

 

The following are the outputs of the real-time captioning taken during the Twelfth Annual Meeting of the Internet Governance Forum (IGF) in Geneva, Switzerland, from 17 to 21 December 2017. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

 

>>> We're waiting for one more panelist ‑‑ a couple more panelists for the moment.  A key panelist, I should say.  So if you'll bear with us for a few more minutes.  Thank you. 

Okay, good afternoon, everyone.  Welcome to the session on the Internet identifiers: How the DNS will function in a smart cyberspace.  Very interesting topic.  I'm glad to see so many people here.  I am not Wolfgang Kleinwachter.  Unfortunately, he was not able to come due to a few issues.  So I'm stepping in for him.  I'm the chair of the European at‑large organization and several other hats as well.  But today I'm basically just an individual who will be trying to moderate this session.  We'll got only one hour.  I think it's a very short session.  We also have one panelist missing, and that's Vint Cerf.  He's currently in another session.  He will join us a little bit later.  But we still have a star‑studded panel here.  And, of course, we want to have as much interaction with everyone in the room as possible.  So I'll ask everyone to be quite brief in their statements, et cetera. 

I think that we can just turn straight over to Jorg Schweiger who is the proponent for this session and has basically put it together.  So Jorg, you have the floor. 

>> JORG SCHWEIGER: Well, thanks very much and welcome to this sort of impromptu show because everybody seems to be on time arriving.  We very precisely come to terms with how this flow is really going to happen.  Let me start with the key question.  Can we keep the Internet open?  Can we keep it secure, unfragmented and transparentally governed?  I think these are the key questions of this workshop as new applications and services like IOT rapidly evolve and the users of the Internet shifts more and more towards mobile, towards machine‑to‑machine communication. 

So our proven technologies used today like DNS, for example, are they suitable?  Do we need to adopt them or even substitute them?  Or just in contrary, are those best practices proven over decades ready to use only restricted by perception, know‑how and/or political calculus?  This is what we are discussing about, and it's a pleasure to do so from very, very different perspectives represented by distinguished colleagues from the Technical Community as well as from a commercial and a government‑related standpoint. 

And I'm sure statements from you, the audience, will be very warm and welcomed as well, be it within the audience or be it remotely participating.  So without any further ado, I'd like to hand it over to our moderator. 

>> Thank you very much, Jorg.  So we have ‑‑ the session is structured with first a few speakers that will have about five minutes to bring their points forward.  Then we'll have a handful of commentators as well.  And then we'll open the discussion throughout the room. 

Our speakers today are Christoph Blanchi from the DONA Foundation, Marco Howening from RIPE NCC, Hans‑Peter Dittler from the ISOC Board.  And I think while we should Ramy Ahmed Fathy remotely, and we might be able to get him, we'll have to see a little bit later.  Let's start first with Christoph Blanchi from the DONA Foundation.  Christoph, you have the floor. 

>> CHRISTOPH BLANCHI: Thank you very much.  Welcome to you all.  It's a pleasure to be here addressing you.  So five minutes is not too long to talk about what we have to talk about.  The DONA Foundation is a little bit of a black sheep, if I would say, in this community.  There are all sorts of issues having to deal with our competitors, DNS or not.  Our perspective is, however, different.  We've been working on what we call the visual object architecture.  Before it was CNRI in the United States that pioneered the work with (?).  And now the DONA Foundation is working on the standard and operating the global handle registry, which is a didn't type of identifier resolution system than DNS. 

So a little bit about why CNRI and now DONA are pursuing the handle system.  In the beginning, this was based on this notion that information on the Internet had to be a first‑class citizen.  So what does that mean?  That means that every item that you can reference, whether it be physical, a machine, an IOT device, a person, it really doesn't matter, has an identifier that can be resolved securely into what we call state metadata.  It's user defined.  Hopefully everybody can understand a little bit what they're saying.  Even if that's the case, they can type their metadata, and somebody can walk through the typing system which themselves are identifiers to figure out what these things are.

     So we start with identifiers that are globally uniquely and securely resolvable.  And then we put on top of that a data model that provides consistent access to any kind of information.  So whether you're a server, whether you're an interface, whether you're a device, whether you're a file, you talk to these things the same way.  Mostly it's you make a request using a type.  This type is itself an identifier.  If you see an operation with this type, everybody knows what it means.  You can create new operations.  If you want to create give me your temperature, can you create a type that does this.  And hopefully the next guy who has a sensor who wants to access his temperature can use the same type.  But they're not restricted to do that. 

The reason ‑‑ so I'll focus a bit more on the identifier system which we call the handle system.  So it's independent of DNS.  It was built completely separately.  And it's not because, you know, DNS doesn't work.  It works great.  That's not the issue.  The issue was that we needed record‑level granularity security.  We needed scalability where the services could be run easily by anyone on the 'net.  We needed it to be scalable so that people could have one local handle server as we call it or 1,000, marrying the same address space.  And the interest was that every community running these services could set their own policies, operational regimen and, you know, could respect their local laws. 

So the handle system is a resolution system.  So you could say it's similar to what DNS does.  DNS is a resolution system.  People have implemented version of the handle system with a bind back end or vice versa.  You can have interoperability between the two.  The handle is record‑level security.  So you don't sign zones.  You have individual access and administration on your records, and you can sign and certify those as you need. 

So overall, I would try to keep this short the point of the handle system was not to compete with DNS.  We think we can interoperate.  We can interoperate with block chain.  We can interoperate with anything that needs identification.  We have some IT has implemented for instance OID resolution using the handle system.  Our view is interoperability.  And we welcome, you know, anybody saying, well, we like our identifiers.  We maybe like our resolution systems, but we'd like them to be used in the handle system because there's a large community that uses them. 

And a final point, you have to think about identifiers.  The key point of identifiers is that ‑‑

(Audio fading in and out)

We have to identify ‑‑ and things could be (?).  In China (?) Control and figure out (?).  They can monitor bay stations for towers, 5.5 million.  You know, full cycle chain, supply chain management.  They keep impressing us with their ideas.  Counterfeit is probably one of the things that has the highest value bang for the buck.  It's a local handle server with identifiers that have statement data about the things that you want to track through the supply chain.  And so with those remarks, I'll conclude.  Thank you very much. 

>> Thank you very much, Christoph.  And you've actually answered some of the questions I had for you already.  That's good.  That saves a bit of questions before.  So now we've got Marco Howening from RIPE.  When you're handling numbers, what is your approach to the enrichment of these options that you have now? 

>> MARCO HOWENING: Yeah, thank you.  I work for RIPE NCC for the Middle East and Asia.  The distribution of IP address blocks to users everywhere.  Originally I'm an engineer.  So I kind of look at this from an engineering perspective these days.  It's more social engineering.  The age‑old rule there still I think applies.  And that's use the right tool for the right job.  And I'm doing a lot with IOT.  If you look into sort of the topic of IOT and identifiers, maybe some of you will say here's one of those nonbelievers. 

The topic of the panel, the DNS has served us for a very long time.  It's probably the most crucial part of the Internet.  Nobody can remember IP addresses and IP addresses have a tendency to change.  And the DNS is really the glue that holds it all together.  A name you can remember, a name you can tie to an address and that you can easily type.  In that sense, I think the DNS is serving as part of the most fundamental part of the Internet.  It allows us to find everything.  Until Google took over. 

Closer to home ‑‑ and what I do is I'm Internet numbers.  And I'm very deep down and kind of on the invisible side of what makes up the Internet.  But in essence, if you want to connect to the Internet, you need to run the Internet protocol in the global space of what we call the Internet, you can't function without using one of my or one of our colleagues' numbers.  If you don't use an IP address, it's impossible to use the Internet protocol.  And from an engineering perspective, it's impossible to connect to the Internet.  You might connect to a global network.  But yeah, is that still the Internet or not? 

So a bit more what they said on the panel is what we're trying to answer here is can the existing technologies be (?) With IP keep up with the changes to come, also from government's perspective.  And certainly we have challenges.  I've run out of IPs before years ago.  So did my colleagues.  And our industry, the collective, as we sit here, have not done that much.  There's still a lot to come.  Also what I see a lot in IOT is especially for people developing low‑power, long‑range, battery‑operated sensor networks, IP protocol, the Internet protocol, isn't really popular.  People see it as a lot of (?) There's a lot of state to keep and rather crowded because they don't see the added value of IP.  And sometimes I have to agree there because sometimes you look at applications and you think, is it really that beneficial to have it sit out in the open in the number space where everybody can reach it?  Or are we better off without? 

And, of course, what we tend to look at is can we meet all those requirements?  But also, do we want to match them?  The DNS very much evolved from what it originally was to indeed having that global distributed database.  Sometimes we're joking in the engineering task force, just put it in DNS.  If you want to load something into the Internet, no matter what, find the label and put it in there and it does automatically distribute.  It's true, it works.  But it also poses governance challenges.  And sometimes I wonder do we really want to meet all those challenges or indeed leave it to ‑‑ well, call it competition ‑‑ leave it to a better tool to do that job.  That doesn't mean we today to abandon DNS or we should abandon DNS or maybe we can abandon DNS.  It will be there.  It's part of the Internet.  It's part of it to locate things.  And we have to see it in a way that when you look into machine to machine, they don't care whether it's (?) Any string will do.  In that sense, it's far less fencing and people pay for it because machines aren't going to type it. 

But crucial and I think for this panel also to keep in mind is what are you trying to identify?  I very much keep telling people IP addresses are not identifiers.  Because we usually see them as if I know your IP address, I know who you are.  And that's not the case.  An IP address identifies felt work end point.  You move your device in the network, your IP address will change.  That doesn't mean you change.  But you'll have a different number.  So I always ‑‑ while I always stay weary of collecting IP addresses with identifiers in this context, yes, we are an identifier, but we're basically identifying the little antenna in your laptop.  And that's all we do.  You want more, you want other things.  I'm not sure I can accommodate that within the current framework.  We can, of course, look into your needs and see if we can change our framework and change the way the Internet protocol currently works to match some of your needs.  But maybe indeed we need to step back and say, okay, this is for somebody else.  This is for a different layer of the Internet to resolve.  And whether you can use an existing protocol or invent something few, it remains to be seen.  I'll leave it with that. 

>> Thank you very much, Marco.  So next is Hans‑Peter Dittler from ISOC.  The Internet Society has made a statement about the ITU‑WTSA recently about the DOA, digital object architecture.  Do you see DOA as being a problem or an opportunity?  And as far as the future is concerned, do all objects need a handle?  That's for Hans‑Peter.  And then you can answer that as well, Christoph.  I think we know your answer already. 

>> HANS‑PETER DITTLER: What a question.  Trying to come back a little bit to the title of our session, how the DNS will function in a smart cyberspace, I could make my statement very, very short.  And speaking to just the same as it's been used for the last 20 years.  But looking a little bit deeper, the position of ISOC is really to keep them open, usable for everybody everywhere.  So we need to make sure that things like stability, scalability, reliability are still key points.  And the DNS was already mentioned is now in an age where you can really think back on a long time of evolution.  And you can say for sure it's stable.  It's scalable so far.  But at the same time, new things have to be covered and new developments need to be there also.  I would have been set more or less. 

Why is it done always inside the DNS, even if you can shift nearly everything into DNS record?  Is it really the right way to do?  So we have to ‑‑ we have to believe that there are many possibilities to solve things, and there might be better solutions to some things which are besides the DNS or on top of the DNS or somewhere else in the Internet.  It doesn't need to be the same thing.  But when we have to look very closely at the new development, and we have to look at it at a technical point, this scalability, reliability, stability, really proven is it fair?  Is it part of the whole development?  We have to think about how secure is the system against tempering, against misuse, against stealing of personal information?  All of those things have to be looked into and checked very deeply. 

And there are additional promises from new ideas in the digital objects architecture area like permanent storage.  Permanent storage, that's a promise.  That's nothing more.  It has to be proven over time that it's really permanent.  You could also store things permanent in DNS.  You can also store things permanent in a text file if you like.  (?) IP records in a very permanent way in text files.  So how permanent will it really be? 

And the second big area also mentioned by previous speakers about policy and transparency.  What policies will rule those new regimes of identifiers?  Especially if you see that parts of identifier space is given to different local organizations?  Are they bound to set basic rules, basic policy set?  How transparent are those policies, and who will check on those policies?  I think there are still a whole load of questions that have to be answered before we can really jump on a new technology and promise that this new technology will solve all our problems in a defined set.  We'll never promise to check all problems but at least in a defined set.  Yeah. 

Your last question was, should all things in the world, all objects have an identifier?  I'm not sure.  I'm not even sure how to define object.  Globally, that we are talking about the same thing on our panel, not talking about the room or the world.  So I will be happy to attach an identifier to any object living or dead, digital or analog, which needs to be identified.  And I'll leave it there.  Okay. 

>> This is becoming very philosophical.  This is not an object. 

So next ‑‑ we were supposed to have Ramy Fathy.  Is he online or not?  From the ITU Study Group 20, which is the applications of IOT and smart cities and communities.  Do we have Ramy on the ‑‑ no?  Okay.  Then we can go straight to our commentators.  We have two commentators.  We have someone from ICANN, and we have Olga Cavalli from the South School of Internet Governance. 

>> OLGA CAVALLI: From many places. 

>> Many places.  Many different hats.  We'll start with you.  What's your thought about the DOA, the DNS, the future, how to address objects, et cetera? 

>> Yeah, thank you.  A brief comment.  I think the issue here is about how we evolve the Internet infrastructure and specifically the DNS to match with the application evolution, use evolution, IT and so on.  One thing fundamental is that we know the DNS.  We have been using it for the past many years.  We know how robust it is.  And it is one of the most distributable we have today, which is scalable, has proven several times its scalability. 

From my perspective, I think we are going to continue building on that, on what we know.  And beyond the fact that today the DNS is seen as a way to link semantic name to an IP address, we may move away from that semantic of the DNS to all that kind of mapping of identifiers.  But behind, the DNS will always be used to resolve those type of names, even though they are not semantic.  So we will see more and more information added to the DNS because people rely on not only the technology, but the policy environment rely on its scalability. 

And because it is already running, people will ‑‑ won't go with something that is so disruptive, they will start over.  We have seen the example of IPV4 and IPV6.  IPV6 is a completely new protocol which is not backward compatible which makes its adoption a little bit more difficult.  And the same thing for the DNS.  People want to use the technology that is already there.  The question is how do we involve the commercial environment to that evolution of the DNS?  How do we make sure that the security aspect or privacy aspect of this taken into consideration?  When is the right moment to start thinking about a policy aspect?  You know, the revolution of the technology, or as somebody pointed out yesterday.  We have seen work done, I mean, specifically, and we have been looking into this.  And we have (?) For instance implemented some extension of the DNS to take into consideration that semantic aspect, that persistent identification.  It's doable.  The main thing is to look at what is the issue, and how can we do it without raising too much disruption.  

>> Thank you, Adil.  Next is Olga Cavalli.  Olga. 

>> OLGA CAVALLI: Thank you.  Thank you very much, Olivier, and thank you for organizing this interesting panel.  Thank you for inviting me.  I would like to make some comments from a different perspective and disrupt this perspective.  What happens in developing countries and developing countries about these identifiers?  I liked what Hans‑Peter said about the DNS is open, secure, reliable.  We know that but there is an imbalance in between the developing world and the developed world.  For example, if you check the usage of IPV6 and IPV4, for example, in Latin America, there is still a long way to go and to have a level of usage in, like, developing countries and developing economies. 

What I see now ‑‑ and this is a perspective from me being a university teacher and investigating these issues from ‑‑ especially from a Latin American perspective and developing economies perspective, is the changes are being more rapid now.  And I see a gap in between the possibilities of developing economies in adapting and using these technologies.  Especially if we are going to create or use a different set of identifiers. 

Say, for example, for Internet of things.  How this will be governed.  How this will impact the development of technologies in developing countries.  For you to have an idea, half of the economy and half of the labor in Latin America is run by small or medium enterprises.  How can a small or medium enterprise capture these technologies?  Are they able to have human resources to learn how to use and participate in the sovereign organizations about this stuff?  This is the comment I would like to share with you.  I don't have an answer, but you're perhaps more expert than myself and about these issues.  And I see this technology developing very quickly.  For example, we have a lot of development in our culture in Latin America.  Especially my country, Argentina.  And now the small or medium enterprises are trying to use Internet of things and (?) Our culture, the command that we will have in the future.  Will they be able to do that? 

In industry 4.0, I have been checking the strategies from Germany and the United States, for example.  They have built a strategy which is very much partnering the companies the government the Civil Society, different organizations, unions.  Is that happening in the developing world?  That's a question I have.  And it's a concern I have.  So I would like to share this concern with you.  As I said, I don't have the answer, but just ‑‑ this is something that worries me from my citizenship being Latin American.  Thank you very much. 

>> Thank you, Olga.  Would any of our panelists wish to address some of the questions that Olga has raised?  Christoph?  No? 

>> CHRISTOPH BLANCHI: I don't have much to say.  I want to echo what is the granularity of identifiers what does it mean to be persistent?  Clearly persistence is an actively managed thing.  There's no magical store out there that will remain an eternity.  So clearly that's not the promise of the digital object architecture.  But the point is that it's the nature of the identifier itself.  So, you know, make sure that the identifier does not contain any rules or regulations, approaches, algorithms that you may want to shy away from later on.  We had a great case recently with one of our primary administrators where they wanted to take a prefix of 250 to match their country code.  And then they realized that they wanted to also fill identifiers for the rest of Africa.  And imagine a passport in Kenya starting with number 250.  That just wouldn't work.  So semantics is where you find it, where you make it.  If you want something persistent, it better be completely irrelevant from any possible findings to things that have to do with the physical world. 

But you can do things, you know, with some level of flexibility.  But if you really want persistence over time, you know, you have to think, what is it going to be in 1,000 years?

What are we going to do then?  And this is what the DOA tries to wrestle with.  It's being completely independent from the underlying technologies.  You're left with just ways to interact with things and on a very simple data model level that we think is enough to deal from the simplest to the most complex.  And what binds this and makes this possible is this notion of interoperable or extensive typing mechanism.  So the core DOA is based with the notion of types.  So if you can't do something today, you create a type.  It gets globally accessible and you can extend your infrastructure.  But the rest, the core remains the same.  This is a principle from Bob which I really like.  When you're defining your protocol, get rid of all the things that are redundant and just keep the core.  You can always add niceties later.  But the core has to be single‑purpose.  And this is what the DOA is trying to do in the space of identifier.  And more importantly, what do you identify, and how do you deal with that?  Thank you. 

>> Thank you, Christoph.  And now we're going to ask if panelists had questions to ask each other, but I already see people on the floor wishing to ask questions in the room.  So that's pretty exciting.  Let's start with Walid. 

>> It's Walid.  I'm a member of the Board of the Internet Block Special Interest Group.  One of the research areas we've been exploring is the potential for a totally decentralized DNS identifier system that would be totally distributed in a way that would prevent any form of central failing points or points of failure.  Alongside that, there's also another threat.  First, what's your opinion on that? 

And the other point is about the recent announcement by ‑‑ was it the Russian Council talking about the backup DNS that will be set up by August next year in collaboration with other bricks countries.  How do you see this government intervention directly into a space that's more technical in nature?  How would that threaten the current model, and whether this is simply a natural evolution of how things evolve in terms of technology or if it's a breach of the multistakeholder model?

 

>> Thank you, Walid.  Anybody who wishes to tackle these questions?  Marco?  You're brave. 

>> MARCO HOWENING: Let me be the brave one.  Well, I admire some initiatives there in terms of, like, let's decentralize certain parts, in the sense that we probably need to be careful and look out for the single point of failures in the system.  But we also have to be certain that from my technical perspective is a good objective.  But from a more political perspective, I don't see how we fully decentralize the DNS in that you need globally unique labels to some extent.  So even if you would be decentralized, I think you allow people to generate their own labels.  Sooner or later, we need a form of arbitration.  And that form of arbitration becomes your central point, which is liable to capture difficulties.  So in that sense, be careful what you wish for because we have a working system now.  We know what we do.  There is a small ‑‑ let's call it single point of failure in the sense to root.  Engineeringwise, we've done a lot to solve that with 13 root servers all independent of each other. 

I don't see an immediate point where the whole of the root system will fail.  But you need to allow your clients who also operate as designed.  If you can restrict your clients who only use a specific set of servers you are creating a single point of failure.  And I think in terms of DNS from an engineering perspective, be careful what you're trying to solve and at which layer you're trying to solve it.  Because you want to solve political problems at a technical layer, you're likely going to end up with other problems. 

>> Walid, I saw you shake your head a bit earlier.  Was there anything that you didn't ‑‑

>> I mean, I was thinking of the block stack initiative, block stack DNS.  And they actually have answers to those questions.  I was thinking of perhaps another session on this would be useful, but it's too much for now. 

>> Next year.  We've got an operation.  First we have Jorg Schweiger. 

>> JORG SCHWEIGER: Even though Christoph was brave to answer the question, I'll try to answer it as well.  Block chain is a very interesting technology.  It's yet another alternative to ‑‑ well, cope with the problems we try to solve with DNS right now.  I'm pretty sure other problems still need to continue solved like with DOA.  For that reason, I'd just be cautious to figure out if we do have problems we want to solve and if we do not just propose yet another new chain of technologies where all different kind of problems that already help them solve need to be solved again.  That was a part of the answer.  The other remark would be ‑‑ I forgot it. 
(Laughter)

>> About Russia.  Russia's proposed backup of the DNS system. 

>> JORG SCHWEIGER: I'll come back to it later. 

>> Thanks.  Alain is next. 

>> Thank you.  I would like to address a point about the developing countries, developing economies.  And also follow up on what Adil was mentioning, some of the projects that we had started at ICANN.  So we started in October with a research project (?) And the University of La Plata.  Essentially using (?) For system identifiers for IOT.  And we did that in three weeks.  But what I saw was the appetite for this type of technology.  And when I went to Nigeria just two weeks ago, and I met people who were also very interested, and we are going to start another collaboration maybe in Ghana in January next year, just next month.  And we expect to go as fast in a few weeks' time, get something up and running that is fairly easy but doesn't require expert knowledge.  People can really start doing something that solves an actual problem that we have using technology that is readily available.  Thank you. 

>> Thank you.  Olga for a comment? 

>> OLGA CAVALLI: Thank you for bringing this up.  This experience was an idea of our national chamber of ISPs with University of La Plata as you mentioned.  I fully agree.  And as I said before, the only way forward towards embracing any new technology or any new identifier scheme is through a collaborative effort in between businesses, organizations like ICANN, universities and associations like the Chamber of ISPs. 

My concern is that at a point, it has to ‑‑ this evolution has to go down to the companies, to the smaller ISPs, to the smaller companies that are using the technology for perhaps identifying objects in their crop fields it.  So I see that as a big challenge.  I'm not saying that it's impossible, but I see a challenge.  Also, there are some challenges related with regulations which are different in every country.  For example, using spectrum ‑‑ the same in every country, could be not the same.  So there are some things that should be harmonized. 

You know, not many developing countries are active in ICANN.  I think that's good.  Perhaps Argentina is an active country in ICANN, but not all countries are represented.  I see the challenge there.  And also a challenge I see is the rapid evolution of all the new technologies like artificial intelligence, Internet of things and other things are evolving more rapidly than IPV4 and IPV6.  This is what I wanted.  But thank you for bringing this up. 

>> Thank you, Olga.  Do we have any remote participants wishing to have any questions?  Nothing at all.  Okay.  All right.  Let's go over to the gentleman in the back, please. 

>> From the Internet Architecture Board.  I wanted to respond to a point that was raised by Walid and related a bit to a broader point.  I wanted to reference RC28‑26 which was the value on a unique DNS root.  And a lot of these identifier systems, it's not that they require a common resolution mechanism, but that they require that there be a single mapping between a particular identifier and the thing it results to.  And we talk about that as the uniqueness principle in terms of the DNS.  There's a single root to the DNS.  And so there's a hierarchy which goes out.  You can resolve from that single administrative hierarchy in any way you like.  And indeed, we're developing ways for reaching DNS servers quick and other transports that would change in some ways the mechanisms by which DNS resolution occurs without actually changing that uniqueness principle or without actually changing the mechanisms by which the administration works. 

And I believe that that's a very important principle for many Internet identifiers.  It's certainly critical for IP addresses that there be a single holder of a particular IP address.  And it enables you then to build identifier systems on top of it.  It becomes a generative aspect of things.  We've certainly seen that in the DNS and its ability to generate things like URLs and URNs.  And certainly we use then the scheme of the URL.

HTTP or DNS or whatever to disambiguate, but we rely on that to build that generative system. 

When I see something like DOA, it operates slightly differently than the one built in, but it creates the same generative mechanism.  The handle system isn't a single identifier system.  It's a method for creating new identifier systems that work in a common way.  I think as long as that system maintains that same uniqueness principle so that there is a single route to it and a single place from which they are generated, then it can be among the same identifier systems.  It can function in the Internet in a way these other identifier systems can.  And we can build on top of it the things which are appropriate to the kind of more complex schemata that it might be able to produce. 

I'd also like to point out that there are sort of residences here that our colleagues have built something called IOT.scemata to help you contextualize those where the transparency of the information and the extent to which you've made it public is also a part of how generative it is in terms of people building systems on top of it.  And so I think we look at those aspects of identifier systems and say, what is it that makes a great identifier system for the Internet?  It's the uniqueness principle that enables it to be generative, and it's the transparency of the data it provides.  And in that context, I think there are a raft of different identifier systems already on the Internet and a variety of levels.  But they rely on those principles in order to function correctly. 

And I think we'll continue to rely on those principles as we build new identifier systems as the Internet changes and grows.  Thank you. 

>> Thank you, Ted.  As a follow‑up, is there a danger of having a multiplication of competing identifier systems? 

>> I think that the question kind of comes down to one thing.  Is somebody who wants to be able to communicate with another mode on the Internet going to be able to determine correctly how to do so from the systems which are provided to it?  And as long as it's clear which system it uses for resolution and transport, then the danger is really one of deployment, not of architecture.  And so you may have a small‑scale system which can't handle a multitude of different resolution systems, and it will have to pick one.  And in that guise, I think you do have a bit of a deployment challenge in determining which resolution systems are appropriate to which system and which ones get deployed.  And the simpler you make this, that is the fewer you actually need to deploy, the more successful it will be. 

But this isn't really fundamentally different than deciding whether an IOT device needs, it's really a deployment question rather than an architectural one. 

>> Okay, thanks for this, Ted.  Now, I might have missed a few hands around the room.  Marco wanted to speak.  Marco, go ahead. 

>> MARCO HOWENING: Thank you.  That already took away a lot of my comments.  What I said earlier on as well is we should for the forget sort of the layered architecture of the Internet.  A few basic principles allow you to build new applications.  In that sense it also allows you to build new identifier systems to be used in those applications.  But more to the comment ‑‑ the exchange between Olga and Adil, while I appreciate these efforts, what I often see ‑‑ and it's not particular to your solution, per se ‑‑ is that often the new solution is lacking a clear problem statement.  What's the problem you're trying to solve here?  And again, as I jokingly said, let's put it all in the DNS.  I sometimes have the feeling that we also put all problems in the DNS.  And as a route server, sure, we have our share of problems, especially in developing countries, and we did a lot of effort in shrinking down our route server deployments where we can kind of house it in the kitchen cupboard and no longer need a fully equipped data center with power, et cetera.  We've come a long way.  We've solved those problems.  If you give us a problem statement, we can solve it.  Or maybe we can't solve it.  This is a different layer.  This is a different thing.  And the Internet is an open bottle.  Build something new.  And we shouldn't see it as a threat.  We can also see it as an opportunity. 

>> Thank you, Marco.  We've just expelled our session organizer with Vint Cerf.  Welcome, Vint.  Next question. 

>> Thank you.  From Pakistan.  This is a very good discussion on the role of DNS in smart governance.  The challenges to DNS, the liability and accessibility.  Olga also highlighted the challenge of the implementation of IPV6 particularly in the developing countries.  (?) And emerging technologies. 

My question is about how to ‑‑ of course, there are short‑term technical challenges to address these key issues regarding the role of DNS in smart governance.  My focus is the social respect and particularly (?) The willingness of the people in developing countries.  So what is the strategy of ICANN (?)?  Thank you very much. 

>> Thank you.  Adil, do you wish to address this? 

>> Yeah.  I mean, in terms of capacity building, we are talking about already existing and well, you know, deployed.  So those identifiers happened in different organizations.  (?) In terms of IP addresses, they are very active.  (?) Building specifically for IPV6.  And from ICANN perspective, we also very much engage into, for instance, securing some of the DNS with DNS capacity building around the world.  And capacity building and how to use them.  To use those identifiers which already exist.  What is emerging is still emerging.  And the possibility will come with maturity of the new identifier system.  But those already exist from those two perspectives.  There's a lot of work that is being done and specifically in developing region as well (?) Very active in those specific areas. 

But to come back to the discussion about the evolution of the DNS, I just want to also highlight the fact that one aspect that will ensure that the evolution happens (?) In looking at the policy impacts of the impact of policy on those new identifiers are the way they are mapped for the DNS or other architecture.  How do we make sure that the policy put in place (?) That the policy evolve really address the issue that these new identifiers are posing.  And that is key because the technology is one aspect.  What we are doing, for example, is a diagnostic policy.  The technology.  Then how do we implement it?  What are the underlying principles?  That is a completely different discussion. 

>> Thank you, Adil.  And Christoph from the DONA Foundation perspective. 

>> CHRISTOPH BLANCHI: I will just, you know, talk a little bit about our experiences around the world.  They came to us with the idea of managing their own space and identifying their own resources and coming up with their own plans for, you know, how to deal with concrete problems that they're experiencing in societies.  And the big sell for them was that they had full control over their identifier space.  DONA credentialed them.  But once they're credentialed, they can do whatever they want.  We can see what they're doing, but we can't change what they're doing.  And so for them, this was a big advantage is that they could really decide how their policies would apply. 

And then the other thing that was very attractive, they could manage the code themselves.  They could decide to implement the handle system on top of whatever they wanted.  They could redistribute the code, develop programs in their own countries to really make this part of their technological foundation. 

And that was the other thing ‑‑ and not to say that DNS doesn't do this, but in the case of the DOA, we're not just talking about identifiers.  We're talking about what do we do with the data?  I think this is the other part that they're interested in.  We want to talk about the data.  We want to interact with the data, and they felt the handle system provided the level of accessibility, manageability and technology transfer they were looking for.  Thanks. 

>> Thank you.  We've got Hans‑Peter.  Andrew Sullivan waiting for a long time at the back.  But perhaps if it's just on this thing, Hans‑Peter, do you want to say just a couple of words, Adil, and then we'll go to Andrew and Vint climatized in the room.  Vint? 

>> Just a quick answer.  The feeling when I hear that's a big challenge, that's a key point of selling, you have your own jurisdiction over your name space.  That's also a big challenge because it's not only what you allow to be entered into the name space.  It's also who is allowed to access this data and at what level this allowance is done.  Everything is left to the one who is owning this part of the data space.  And I think that's a big difference as a DNS.  The DNS is always open for everybody.  And the DNS gives answers to everybody who is asking without looking where you're coming from and what you are.  And I think that's not only a pro.  That's at the same time a big contract for the same thing. 

>> Adil?  Christoph, it's going to get warm. 

>> Sorry.  No, it's just I don't have any specific issues with this comment.  It's not the technology that sets the policies.  The handle system and DOA are as open as you want to make them.  And you can close them if you like.  But again, I mean, you know, you go to China, and you can't get Google.  So, you know, this is just a fact of life.  You give the technology and you hope that they'll make the best of it.  But you can't tell them how to run their stuff.  I mean, you can, but they might just implement their own. 

>> Or they might ignore you. 

>> Or they might ignore you, exactly. 

>> We might need someone from Google to come in on this.  Okay, let's go to Andrew Sullivan, please.  And apologies for making you wait so long. 

>> No, no, I'm happy to wait.  My name's Andrew Sullivan and I don't speak for anyone. 
(laughter) yeah, not even for myself.  One of the things that has troubled me a little bit about this discussion ‑‑ and it's not only in this room but actually historically ‑‑ is that there's very often an assumption that we need to specify the identifier system or some tiny set of identifier systems that are necessary for the Internet.  And I think that that is not consistent actually with the history of the Internet, which had identifier systems from the very beginning that competed with one another and various ones were used for specific sorts of cases or they were appropriate for this use and not for that use.  And so you use the new one when it's handy.  And I guess the question ‑‑ I think that this becomes a little bit more troublesome in an environment where we have the ability, you though, to sort of suck up all of the data ever about everything that happens.  Because in an environment where that is true and there is this pressure to go to a single unified identifier system for, I don't know, airplane parts and shoes, it seems to me that that's actually a dangerous thing to be promoting.

That is I want to be able to find the entire history ever of what happened to the fan blades in the engine for the airplane that I'm getting onto.  I think that's a fine, fine thing to be able to do. 

I do not want the identifier of my shoes to walk out of the store with me and track me everywhere I go.  And that seems to me to be a problem with a unified identifier space that is an important one.  It has these big social and political consequences that are, from a technical point of view, putting my technical hat back on, I don't care.  It's just an identifier.  Use it how you want.  But as a citizen, I'm deeply worried about that pressure.  And I think that we ought to be tackling some of that here in an environment where the policy and technical questions can both be on the table at the same time.  We'd better be paying attention to the policy implications of that second thing.  Thank you. 

>> Thank you, Andrew.  Vint Cerf? 

>> VINT CERF: Now's probably the right time for me to come in.  I have to say, I'm wandering in the midst obviously of a lengthy discussion.  And I can't stay very long because I have another commitment in a few minutes' time.  Let me start out by reinforcing something that Andrew said, which is in the design of the Internet, our intent was there was freedom to invent identifiers that could be associated with IP addresses.  And it didn't matter whether it was DNS or something else.  Now, it happens that DNS was invented to do something better than the host.text file which became unwieldy both in terms of size and maintenance of its accuracy.  So DNS has very valuable properties and has expanded over time.  In some ways I think the DNS system has become overloaded with functionality that should cause us to think again about possible alternatives. 

It also has the property that at least the URLs that are derived from domain names are not permanent.  They're not persistent.  They have understandable features, for example, if you don't pay your rent, the domain name may go away.  In which the thing it pointed to may also be inaccessible.  Page not found being a common web‑based error message. 

There's also a case that identifier systems in the Internet are already quite fragmented.  We have private identifiers, hashtags, for example, or Facebook IDs and the like.  And the fact that there is fragmentation isn't necessarily bad in and of itself.  Andrew's point, I think, again, is worth consideration.  So this existence of multiple ways of identifying things has already evolved.  I will say that our inability to combine the various identifier systems into a more coherent hole is sort of sad from the purely technical point of view.  But it may be inevitable from all the other forces that create that. 

I will say ‑‑ and I spent an entire day with Joan Clemson and Patrick Feldstrom trying to sort through domain names and the awkward way in which we have tried to implementation using 2003 and subsequently 2008.  I think our theories behind Unicode have proven not to be exactly valid.  And so there's an issue there.  How do we accommodate strings that are not in simple forms like ASCII.  I don't think that we've done a very good job of that.  And with the emergence of emojis and other things, I confess that it feels like the name space has become weirder than I ever anticipated that it would, if that's a technical term. 

I'm also very concerned about TLD squatting, to say people using what things look like comparable domains which are not, they're not part of the DNS.  They get resolved in some alternative ways.  And it causes problems if any of those TLDs actually become allocated in the domain name system.  We have collisions.  We already see this in .home.corp and .local, things like that.  The monetization is very interesting.  I had not anticipated any of this.  The idea that a domain name is worth millions of dollars did not occur to me or John Postel or anyone else in the early stages.  We just gave them away. 

>> Had you kept them, you wouldn't be here.  You'd be somewhere really warm. 

>> Yeah.  It occurred to me that a/8 should have been allocated to me personally, and that would have been my retirement plan.  But we didn't anticipate even IPV4 gray market.  We thought, you know, 2 to the 32nd 4.2 determinations were more than there were people in the world at the time.  It's got lots of space. 

There's also one other really awkward problem, and I think it was hinted at earlier, and it has to do with semantics.  These strings that we use for identifiers have meaning in many cases.  Although an identifier shouldn't necessarily be a word.  In many cases it is, and that makes it easier to remember.  The problem we have is that because there are semantics, people have reactions to the presence of some of these identifiers and their use.  And from a purely technical point of view, it would be nice if the identifiers were just sort of plain numeric strings that nobody really cared about.  However, nobody can remember them. 

And so we have this tension between something which is noncontroversial and something which is useful.  And now how do we find a binding between those two?  So let me finish given that I'm consuming a lot of your time here with an observation.  I think that we surely should examine alternative identifiers systems.  We can ask ourselves what properties would we like them to have both technically and perhaps from the ‑‑ it's not just technical, but monetary.  How do we maintain a system over long periods of time?  If we want identifiers that last for a long time and can be resolved for a long period, I'm talking about hundreds of years, you have to have a business model that makes sense. 

So we should be asking ourselves not about the sole, single, new identifier system that we should adopt in the Internet space, but rather what properties do we want our identifier systems to have?  And then how do we craft those systems to produce those properties?  And so despite the fact that it's a little unsatisfying to have more than one kind of identifier space, we live in that world today.  And I don't think we'll escape it.  So why don't we design our way into it?  I'll stop there. 

>> Okay thank you very much, Vint.  We are ‑‑ well, we have actually passed already the official end of this session.  I've checked.  There's no other group after us in this room today.  So we might be able to say just maybe closing words from each one of our ‑‑ each one of our panelists.  And I'm really sorry we couldn't have 90 minutes because it really is now that ‑‑ yeah, it's too crunched, too fast.  Let's start with the table and Hans‑Peter. 

>> VINT CERF: That's the farthest out person on the table. 

>> Was that south or north? 

>> You're beside me, by the way. 

>> I didn't even see Jorg.  He finishes everything. 

>> HANS‑PETER DITTLER: Thank you.  I'd like to make it short.

Let's stick to the principles.  Let's grow as many flowers as there can be because there are many good potential ideas floating around and really there need to be more than one solution because we have several problems on the table.  And there's not a clear one solution to all of them. 

>> Marco. 

>> MARCO HOWENING: Yeah, I agree with Hans‑Peter Dittler.  There's certainly not a single solution for all the problems we can see, and especially as we start intercollecting them.  We're just growing the problem space.  So look at problems and figure out a way to solve a particular set of them.  But let's not try to agglutinate it all into one space. 

>> Adil. 

>> Yeah, definitely we need to look at what issue we're trying to solve.  And focus on that and try to solve them.  They will also add there is the likely chance that the semantic aspect of name in the DNS is going to evolve.  And that may have less precedence in the naming system, in general, which may push the DNS to work differently.  And we have to look at that as well and make sure that policywise and the way we use it much of what is coming up. 

>> Christoph. 

>> CHRISTOPH BLANCHI: I'm going to try to add something different.  Since I agree with everything that's been said.  In terms of these identifiers and I call them resolution services as opposed to identifiers because we should allow all of them, we need to think about security really seriously at the level, at the granularity of the identifier itself.  And what is it that you're identifying, and how do you know that this identifier is actually referencing the item that is claiming to be an identifier for?  And this is a key aspect of the handle system that was built in from the beginning because that was our concern.  Then the other one is we should try to think about ways to interoperate.  Because we might not need 80% of another resolution system's functionality.  But we should be able to interoperate in the 20% which enables 80% of functionality.  So that would be my comment.  Thank you. 

>> Thank you, Christoph.  Olga. 

>> OLGA CAVALLI: Thank you.  Being a very optimistic person, in spite of the fact that I have been talking about several challenges for developing countries, I do trust in the governance forum, ISOC in working with developing countries, developing regulators in trying to bring all this new evolution of the technology to all of the world.  So we have this Internet open for everybody.  And especially for developing countries.  Thank you. 

>> Jorg? 

>> JORG SCHWEIGER: So I was hoping that that panel would lead to some more answers as to whether we need or we would not need new identifiers.  I see there could be a need for new identifiers, but we have to figure out what they would be used for.  I would be very interested ‑‑ and this was a point I wanted to raise before with your question ‑‑ how we would make those identifiers interoperable if we would have more than those ‑‑ more than the DNS, how that would interact and how we would migrate to something like DOA or block chain or whatever comes up.  I think that that answer probably it should be left to the next panel or us working on those identifiers.  With that, I would like to thank Olivier once again for stepping in for Wolfgang.  Very good job.  And thanks for your attention.  See you.  Bye‑bye. 

>> Thank you very much, Jorg.  I was just going to say, you touched on the multiplication of identifiers that could lead to user confusion.  This was actually something that was discussed when the new detailed program was put there.  How many more top‑level domains would be.  Plus we've got top‑level domains plus IPV6 which makes it even more confusing.  All right.  Thanks, everyone, for coming to this session.  I hope it was interesting.  And as you can see we've got probably a title for the next session next year.  So thank you.  And this session is now adjourned. 
(Applause)

(The session ended at 1:29 P.M. CET.)