Sunday, October 16, 2005
James Seng also posted on this and provided also some additional references to warnings of Steven Bellovin, to the more supportive John Levine: "This isn't quite as stupid as it seems. The GSM industry needs some way to maintain its roaming user database, the database is getting considerably more complicated with 3G features, and it looks to me like they made a reasonable decision to use DNS over IP to implement it rather than inventing yet another proprietary distributed database." and even Paul Vixie who has been one of the most vocal opponents of alt. root chipped in, albeit in a slightly positive tone to many people surprise: "oh and one more thing. a small technical matter, insignificant next to the democracy-related points you raised. neustar isn't doing anything wrong-- the "root" they'll operate will only be seen by GPRS cell towers, not by end-user handsets."
I seems that Paul Vixie is not too well informed whats going on here (see below).
Also James seems to be supportive:
First, GSMA is already using an alt. root system with the .gprs for among their operators for their GPRS peering. What the deal essentially is to outsource that DNS operation to Neustar. In other words, Neustar did not intentionally create a new root or TLD; they are taking over an existing operation and it is unreasonable to expect them to "conform" to whatever norms we have.
Ok, I agree here that Neustar is just doing what the customer wants and they would be stupid no reject this ;-)
Second, there are approximately 1.5b mobile phone users. Put that into perspective, that is more than the total numbers of Internet users at this moment. So as we are converging between the mobile and Internet, be glad they (ie, GSMA) made no demands from us (ie, Internet) to conform to their norms and their root because really, they are much bigger than us.
What I said, they are trying to build a second de-facto Internet, in their walled garden, I just wonder that James is taking this so easy ;-)
Actually I am glad that their alt. root is now in the hands of competent DNS engineers who understand the Internet (particularly ICANN). Maybe we stand a chance to fold the two DNS system so that .GRPS is a recognizable ICANN TLD. Unfortunately, this is going to be take a while because no one knows when is the next time ICANN is going to ask for proposal for TLDs. Given such uncertain environment, you really cannot blame commercial operators moving ahead with their own root and TLD.
There will be no need, James, because .gprs is getting obsolete. To put some things in perspective, I first want to cite Kim Fullbrook's (O2 UK and member of GSMA) response to my post related to this issue on the IETF ENUM WG list:
As a result of the policy, those existing services that use the .gprs domain will continue to use it and any new services will use the 3gppnetwork.org domain. There might be new services in the future that would like to use a different domain name, in which case that domain name must be registered on the public Internet to avoid any potential leakage problem.
The Neustar press release describes the implementation of a root DNS to carry the .gprs domain (for some existing services) and 3gppnetwork.org domain for new services.
To comment on this, I want first refor to Annex D of this document, which was basically the result of the IAB intervention:
There currently exists a private IP network between operators to provide connectivity for user transparent services that utilise protocols that rely on IP. This includes (but is not necessarily limited to) such services as GPRS/PS roaming, WLAN roaming, GPRS/PS inter‑PLMN handover and inter‑MMSC MM delivery. This inter‑PLMN IP backbone network consists of indirect connections using brokers (known as GRXs – GPRS Roaming Exchanges) and direct inter‑PLMN connections (e.g. private wire); it is however not connected to the Internet. More details can be found in GSMA PRD IR.34.
Within this inter‑PLMN IP backbone network, the domain name ".gprs" was originally conceived as the only domain name to be used to enable DNS servers to translate logical names for network nodes to IP addresses (and vice versa). However, after feedback from the Internet Engineering Task Force (IETF) it was identified that use of this domain name has the following drawbacks:
1. Leakage of DNS requests for the ".gprs" top level domain into the public Internet is inevitable at sometime or other, especially as the number of services (and therefore number of nodes) using the inter‑PLMN IP backbone increases. In the worst case scenario of faulty clients, the performance of the Internet's root DNS servers would be seriously degraded by having to process requests for a top level domain that does not exist.
2. It would be very difficult for network operators to detect if/when DNS requests for the ".gprs" domain were leaked to the public Internet (and therefore the security policies of the inter‑PLMN IP backbone network were breached), because the Internet's root DNS servers would simply return an error message to the sender of the request only.
To address the above, the IETF recommended using a domain name that is routable in the pubic domain but which requests to it are not actually serviced in the public domain. The domain name ".3gppnetwork.org" was chosen as the new top level domain name to be used (as far as possible) within the inter‑PLMN IP backbone network. Only the DNS servers connected to the inter‑PLMN IP backbone network are populated with the correct information needed to service requests for this domain; DNS servers connected to the Internet that are authoritative for this domain simply return the usual DNS error for unknown hosts (thereby reducing the load on the Internet's root DNS servers down to normal service levels).
The GSM Association is in charge of allocating new sub‑domains of the ".3gppnetwork.org" domain name.
So is it only the out-dated .gprs and .3gppnetwork.org we are discussing here? Not quite. First, there is now in addition also .e164enum.net, registered from GSMA for Infrastructure ENUM purposes. And, going back to the above mentioned 3GPP TS 23.003: in section 13 "Numbering, addressing and identification within the IP multimedia core network subsystem" it is stated e.g. the following:
13.2 Home network domain name
The home network domain name shall be in the form of an Internet domain name, e.g. operator.com, as specified in RFC 1035.
If there is no ISIM application, the UE shall derive the home network domain name from the IMSI as described in the following steps:
1. take the first 5 or 6 digits, depending on whether a 2 or 3 digit MNC is used (see 3GPP TS 31.102) and separate them into MCC and MNC; if the MNC is 2 digits then a zero shall be added at the beginning;
2. use the MCC and MNC derived in step 1 to create the "mnc
3. add the label "ims." to the beginning of the domain.
This implies that .3gppnetwork.org is only used for compatibility with existing SIM-Cards. If there is an ISIM application, constructs like o2.co.uk or vodafone.de will be used. Now the point here is that within the data within this domains will not only be seen by cell towers, as Paul Vixie assumes, it will be used at least by the IMS servers to resolve public user identities, and that there will be different data on the public Internet. What we have here is simply a split horizon DNS, the question is only, what part of it will be the "private" and what will be the "public" part. According to James Seng the part in GRX network will be much larger, so is here the tail wagging the dog?
I asked Kim on the list the following question:
If I use a Public User Identity as defined in TS 23.228 (and TS 23.003) in the format of a SIP URI to be used on a business card (as also stated there) - e.g. sip:firstname.lastname@example.org, is the domain part of this SIP URI resolved in the GRX DNS or in the public DNS?
To which Kim replied:
Well said, but the real question will be, how this will be done? The problems this causes is analyzed BTW in GSMA PRD IR.65 IMS Roaming and Interworking Guidelines.