Can you tell us briefly about ICANN and its role in the Internet ecosystem?
The role of ICANN, the Internet Corporation for Assigned Names and Numbers, is to hold the rulebook for unique identifiers (domain name system, Internet Protocol addresses and protocol parameters), facilitating community driven policies development and implementing the rules that help drive one, global Internet.
ICANN is just one of the entities who’s work contributes to the secure, stable and resilient technical operation of the Internet, and there is no single point of control. The partnerships and cooperation across the technical operators of the Internet are what keeps it as a global network. The physical networks are distributed across thousands of ISPs and operators.
In short, ICANN is about technology with a very limited remit: The coordination of the global Internet unique identifier system. We are not the Internet but we are an essential part of the Domain Name System –the DNS.
On 6 June, we celebrated the sixth anniversary of the launch of World IPv6. But despite the progress made on the transition from IPV4 to IPV6, some feel that it is not fast enough. What do you think about the pace of this transition?
In general, the ICANN organization does not have technology development in its remit. However, the Internet Protocol (IP) has the particularity of being the technology at the core of the system upon which the Internet operates.
There are 7 billion people on the planet, but just about 3.7 billion public IPv4 addresses available for ordinary devices and infrastructure. It is estimated that over 50 billion devices will be live by 2020. The remaining pool of IPv4 addresses cannot support the growth of the Internet.
Because of the projected exhaustion of the IPv4 free pool, the need to move to IPv6 has been known by the technical community for many years. However, the lack of clear business justification and the emergence of workarounds to IPv4 scarcity have resulted in many organizations deferring investment in IPv6.
IPv6 adoption is expected to facilitate the rapid expansion of the Internet. In the future, if each device will have at least one unique IP address, only IPv6 in adoption can allow that. If a business depends on the Internet, it will also likely depend on IPv6 as a critical part of its future.
As IPv4 addresses continue to become increasingly scarce, the cost of maintaining and expanding IPv4-only networks can be expected to increase. As a result of these increased costs for IPv4, we can expect a shift toward IPv6 adoption. The cost of which by either remaining constant or decreasing over time will probably ignite a faster adoption.
Africa is currently 100% IPV4. What do you recommend for Africa? Go until IPV4 addresses are exhausted or switch to IPV6 now?
The universal deployment of IPv6 would create a simpler operating environment than the current mix of IPv4 plus IP address sharing techniques (such as Network Address Translation or NAT) and the partial IPv6 rollout currently observed.
However, there are technical, operational, and economic impediments to deploying IPv6 that have caused IPv6 deployment to proceed slowly in many parts of the world, resulting in the development and deployment of techniques to extend the life of IPv4 and/or create interoperability bridges with IPv6.
ICANN org, in keeping with the community’s position as expressed by the Address Supporting Organization and Number Resource Organization, believes the long-term future of the Internet is best served by an eventual full adoption of IPv6, but acknowledges the current operational and economic realities that will result in a mix of IPv4 and IPv6 for the foreseeable future. This holds true for Africa as well.
We have been working on raising awareness in Africa around IPv6. Within our limited technical remit, we are advocating for and educating in support of IPv6 deployment. As ICANN org, we will also conduct research aimed at understanding and measuring the actual state of deployment of both versions of IP and understanding the impact of a protracted transition period on the security and stability of the Internet. We hope that Africa, as well as other continents, will benefit from our efforts.
In 5G networks, priority will be given to machines with artificial intelligence such as cars connected to smartphones. Will ICANN use the same addressing treatment for mobile devices, computers and various objects and machines that will also be connected to 5G telecom networks? What is ICANN’s take on 5G and IoT?
There is no indication that the addressing and unique identifiers system will change for the next billion connected devices. ICANN, adhering to its mission, will continue to follow community defined processes and policies for these identifiers management.
5G is one of the major gateways to Internet of Things (IoT). To meet expectations associated with IoT deployment and operation, it is expected that mobile operators will build out 5G networks at orders of magnitude larger scale than 4G networks are in 2018. Mobile operators will be running networks that are much larger than they have ever been, which is expected to have significant impact on the operation of the DNS within 5G networks.
DNS has not usually been a part of mobile operators’ core operational considerations. 5G as a platform for IoT will change that. It has been projected that tens of billions of devices will be online on 5G by 2020. These devices, and the applications they run, will all make use of the DNS.
Mobile operators need to properly plan for DNS, both for scale (load) and for security of both devices and applications. In particular, operators will need to harden their DNS infrastructure to ensure that infrastructure is resilient in the face of Denial of Service attacks implemented via IoT devices connected to 5G networks.
The very large number of DNS queries that 5G devices and application are likely to make encourages mobile operators to consider DNS when architecting their 5G infrastructure, both for systems engineering reasons, and for cybersecurity. This is particularly important for the DNS resolvers that mobile operators will deploy on the 5G networks.
As 5G becomes a reality, and tens of billions of devices make use of the DNS, the load factors on DNS resolvers will increase. Mitigating performance issues will require mobile operators to deploy more resolvers for their customers. Increasing the number of resolvers will increase traffic to the root zones, and the root server system’s scalability which is within ICANN remit is already being reviewed to increase its capacity to cope with such surge in query if/when it happens.
ICANN will change the cryptographic keys that are used to secure the Internet Domain Name System (DNS) for the first time. Can you tell more about this process and why it is important?
When people go online, they need to be able to access content easily, in their local languages. They need to trust that the Internet works, safely and securely. They need to be connected to users around the world, and they need to be an inclusive part to the benefits of digital economy. ICANN participates in the facilitation of this through several programs, one of which is the preparing for the ‘Key Signing Key’ rollover, a process to which network operators in particular should all be paying attention.
ICANN is planning to replace the top-level cryptographic keys used in Domain Name System Security Extensions (DNSSEC). DNSSEC is a technology that was developed to, among other things, protect against domain hijacking attacks by digitally ‘signing’ data to ensure its validity. This will happen on the 11 October 2018.
This will be the first time this cryptographic key replacement (or rollover) has been performed. It is critical that Internet Service Providers and network operators around the world, make certain they are ready for this change as failure to do so can result in their users being unable to look up domain names and thus be unable to reach any site on the Internet.
The changing, or “rolling” of the key, is an important step in keeping the global DNS safe and secure. It is very much in line with commonly accepted operational practices that ensure that important security infrastructure can support changing password if the need were to ever arise.
We have recently published an announcement that includes a comprehensive guide to what to expect during the KSK Rollover. Those willing to learn more about the process should definitely take a look at this guide.
Lastly, can you tell us about ICANN’s Internationalized Domain Names program and its significance?
If we want to connect the rest of the world, content in local languages is key. Realizing this, ICANN took the responsibility upon itself to roll out the Internationalized Doman Name program, to enable people around the world to use domain names in their local languages and scripts.
It aims to formalize international domain names in many different scripts, such as Arabic, Chinese, Cyrillic and so forth– a major step in encouraging the creation of local content and connecting most of the next billion Internet users whose native language is not based on the Latin script.
As part of this effort, ICANN has been organizing IDN activities across the world to assist in the development and promotion of the Internet in different scripts and languages. As the Internet continues to grow, more local content will be created, and IDNs will become more commonly used across the world.