ICANN's Lynn discusses DNS debate, security

The Internet Corporation for Assigned Names and Numbers, or ICANN, the group best known for adding new top-level domains, is often a magnet for controversy and confusion. From a spartan office in this beachfront community, Stuart Lynn, the president and CEO of ICANN, sat down with Computerworld to talk about an organization that follows a Star Trek-like "prime directive" of ensuring the stability of the Internet's Domain Name System (DNS). Lynn, a former academic with a doctorate in mathematics, discussed what he sees as threats to the stability of the DNS as well as some other issues facing ICANN. As the organization begins its annual meeting this week, his ability to defend the 3-year-old organization is likely to be put to the test.

Q: You have called alternate roots harmful and a threat to ICANN's prime directive, the stability of the DNS, but you don't seem to have a clear course of action for dealing with them. Your policy seems to be to ignore them and hope they go away.

A: I don't say that. You have to understand at the beginning that ICANN has no power other than what it obtains through consensus and through entering in agreements and contracts with various kinds of entities. We have no legislative power. We're not a government. ... But what we can do is articulate very, very clearly -- as clearly as we can -- what we think is right and what we think is leading the internet in harmful directions.

Q: So your primary strength is really as a bully pulpit?

A: We are very much a bully pulpit. ... We have to be very clear what we think is the right thing to do and what we think is not being supportive of stable and secure directions on the Internet.

Q: Do alternate DNS roots pose a security risk?

A: Absolutely. One of the standard ways of creating a security problem on the Internet is to spoof the Internet as an alternate root.

Q. The alternate root supporters have been asking for ICANN to cooperate with them. Is there room to cooperate?

A: They come to these meetings, they send lots of people, they try to persuade people on their points of view. ... We're an open organization. But ... it's very difficult to understand what role they have to play within the ICANN framework.

Q: You have limited your introduction of new top-level domains (TLD) to seven -- .biz, .info, .name, .pro, .museum, .aero and .coop -- and are now running a "proof of concept" to test these new domains. When do you have "proof," and what happens next?

A:Proof is a very difficult word in this context. We have a task force that I'm chairing that is coming up with recommendations on how to evaluate the current round of introductions. I suspect that the report of that committee will be a month or two away. One question is whether or how to introduce new TLDs in the future. I don't want you to think that it's a foregone conclusion that we will or that we won't. The board has made no decision on that either way. As many people as there are who want to see more TLDs, there are also large segments of the community who think we have enough already. The former tend to be very vocal; the latter we hear from as well.

Q: Do new TLDs jeopardize the stability of the DNS?

A: One of the reasons we're doing a proof of concept is to try to answer that question. Scalability in terms of performance is one of the issues that's been raised by the IETF [Internet Engineering Task Force], and we don't know the answer to that because it's been 15 years since major generic TLDs were introduced. We have some learning to do.

Q: If there are no technical impediments to adding new top-level domains, would that essentially obligate you to do so?

A: No. We do have other responsibilities in creating a level playing and a fair place for competition to occur. And if there was any feeling that the consequences of that could destabilize the Net, not just in the area of performance, then we would be concerned about that. On the other hand, we are not going to apply constraints just for their own sake. We're fairly minimalist in trying to create that playing field. We're not a regulatory body; we coordinate a degree of industry self-regulation.

Q: Sept. 11 has prompted you to focus on security. Have recent events drawn attention to new security weaknesses or just made the old ones more glaring?

A: What we're doing here is really taking stock and making sure that there aren't areas that were missing things that we need to think about. This isn't "the sky is falling." We have been working on security all along for years.

Q: When it comes to security, where do ICANN's responsibilities begin and end?

A: We're not responsible for the overall security of the Internet. ICANN is concerned with the Internet's Domain Name System and address allocation systems. ICANN operates at the intersection between the technical world, the policy world, the world of management and bringing those together, particularly where there are policy issues involved. We coordinate.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about ICANNIETFInternet Corporation for Assigned Names and NumbersInternet Engineering Task Force

Show Comments