Slashdot Mirror

We tried. We sent in one of our best:

http://cavebear.com/index.php?option=com_bookmarks&Itemid=67&mode=2&catid=-1&navstart=0
Search for ICANN.

Chris.

I have long held that competing DNS root systems *can* work - and in fact have been working for long time.

The issue is not whether there is one singular catholic DNS root, but rather the degree of consistency between competing roots.

We all accept that internet users dislike surprise - they will not like any DNS root that give surprising (or misleading or fraudulent answers). That's why any DNS root that gives surprising DNS answers will quickly be shunned.

What is intriguing about competing DNS roots is that they provide a way around ICANN and around ICANN's choices - and ICANN's fees and ICANN's trademark-over-everything-else policies.

I wrote a note on this topic some years ago - "What would the internet be like had there been no ICANN?" at http://www.cavebear.com/cbblog-archives/000331.html

I have long held that competing DNS root systems *can* work - and in fact have been working for long time.

The issue is not whether there is one singular catholic DNS root, but rather the degree of consistency between competing roots.

We all accept that internet users dislike surprise - they will not like any DNS root that give surprising (or misleading or fraudulent answers). That's why any DNS root that gives surprising DNS answers will quickly be shunned.

What is intriguing about competing DNS roots is that they provide a way around ICANN and around ICANN's choices - and ICANN's fees and ICANN's trademark-over-everything-else policies.

I wrote a note on this topic some years ago - "What would the internet be like had there been no ICANN?" at http://www.cavebear.com/cbblog-archives/000331.html

Much of what is happening in Rio is not on the agenda.

Both the US Gov't and ICANN have tried to put many issues off limits, not the least of which is ICANN itself.

It is slowly dawning on people that there is a mad grab by industrial interests, with a lot of assistance from certain parts of certain governments, to lock-down large parts of the net and keep "the mob" (you, me, and the other people who use the net) as nothing more than puppet consumers.

That exclusion, which amounts to a total inversion of the idea that governmental authority derives from the people, i.e. a rejection of democracy, is a foundation stone of most of internet governance - see my note "Stakeholderism - The Wrong Road for Internet Governance" at http://www.cavebear.com/archive/rw/igf-democracy-in-internet-governance.pdf

When his grass-roots election to ICANN happened, he ended up against the madness that ICANN was and is. Goto http://www.cavebear.com/ and get his story. He's a protocols expert, worked for Cisco at high levels, and knows his chops. You could also see him hanging from the rafters at InterOp. Yeah, he's a lawyer, too. Add a moral geek with an atty, and that's what you get.

"ICANN: Internet Corporation for Assigned Names and Numbers.

They dish out IPs and run DNS.

What exactly do they want immunity from?"

Lawsuits.

You'll never get immunity from things like DHS and "issues of national security". Netsol was threatened once with being taken over by the army if they ever did anyuthing to displease the USG and their alternative root servers never saw the light of day. But I saw (and touched) them.

Keep in mind this is an organization so secretive it's only elected director had to sue to get access to the books. Can you imagine a company keeping its books secret from an elected director?

I agree with much of what you write, but there is one important point - ICANN has created an arbitrary fee of $7 per name per year that we all pay to Verisign for every name we keep in .com every year.

Now, as we see from the 200:1 ratios, and from the fact that we know that Verisign is making a good profit from registry operations, the $7 registry fee exceeds the actual operational cost of those 201 transactions. This means that the actual cost of a registry transaction is as low as $0.02.

Why should you and I be forced to pay $7 for something that costs $0.02. The answer is the ICANN-supported Verisign monopoly over .com.

This 5-day add-grace thing that the "domainers" use is merely the bright light that illuminates this enormous difference between cost and price and the fact that ICANN is an active element in the transfer of roughly $300,000,000 per year out of our pockets into those of Verisign. (And that doesn't include the ICANN cut.)

Now, if there were in fact real inter-registry competition and existing registries had to charge no more for renewals than they do for first-time registrations, then this system might cure itself. But with ICANN's guild-like approach to domain businesses, this isn't possible.

Consider my proposal to do a registry in which registrations are represented by a certificate that can be transfered outside the registry, and never expires, and in which revenue is obtained by service fees (e.g. NS record updates) rather than rent - see The .ewe Business Model - or - It's Just .Ewe and Me, .Kid(s)

The copyright clause in the Constitution allows Congress to enact laws to protect the work of authors only for limited periods of time.

Now, in the Mickey Mouse case, the court said that protection periods on the order of 100 years are OK, but the Court kinda hinted that it might not go along with this much further.

Anyway, the technique of leveraging DRM protections in via a copyright and then having them live forever is rather a slap in the face of the Constitutional limitation on the duration of copyrights.

Of course, Congress does have a weasel-way out: they might say, "oh, we allow DRM to exist forever as part of our powers over commerce among the states."

But in practical terms, DRM forever transforms what is supposed to be a copyright of limited duration into a copyright that lasts for all eternity. And that, is contrary to the purpose, a purpose actually stated in the US Constitution, to promote the arts and sciences, for copyright and patents.

See my note "The Rule Against Digital Perpetuities". It's short, so I'll just copy it here:

The Rule Against Digital Perpetuities

It seems to me that in the fight over copyright and digital rights management few have considered what happens in the distant future when the material being protected is no longer covered by copyright. That thought led me to propose the following rule and accompanying pledge.

The Rule Against Digital Perpuities:

        No Digital Rights Management (DRM) limitation or anti-copying mechanism may endure longer than the original copyright in the protected work.

The Pledge:

        I pledge to neither specify nor standardize nor implement any system that does not conform to the Rule Against Digital Perpetuities.

Theories?

You obviously have missed the fact that privacy of whois has been one of the big issues of internet governance ever since the latter 1990's.

Just the other day I listened to a person from the FTC say, in essence that to protect privacy they have to eliminate it.

As for whois being public - I'm in the 1974 ARPAnet directory, something that evolved into whois, so I'm hardly unfamiliar with its history. The rules of acquisition of domain names shifted from being a clubby kind of thing where you'd call up Susan or Joyce at the NIC at SRI and ask for a name to a pay-for and subject-to-contract commercial mass system with now 44 million names in .com. And with that shift we moved from having that information available to people who you reciprically (sp) knew to a system in which domain names became one of the few non-dangerous instrumentalities, apart from land, that required the purchasor to publish his/her name, address, phone number, affiliation, and e-mail to the world 24x7.

Ever heard of Megan's law, where the names of predators are published to parents? The current regime of domain name whois is Megan's Law in reverse - where we publish the names of the potential victims to the predators, whether those predators be spammers or stalkers.

I have suggested several times that there be safeguards, such as requiring anyone who wants to look at whois to state, and prove, their identity, state the reason why they claim they need to look and give supporting facts, that the list of people making such inquiries be given to the domain name registrants, and that there be a yearly publication of how many whois queries each person made.

Right now I'm working on the code for an anonymous domain name registration system that uses public keys to indicate ownership. See http://www.cavebear.com/cbblog-archives/000159.htm l

No problems? Hmmmm. What you meant to say is nor problems YOU are aware of. Dig a bit deeper. Be daring. Read a little. Maybe start with one of the last PUBLICLY elected directors : http://www.cavebear.com/cbblog/ or maybe this: http://www.gtld-mou.org/

The fact that ICANN has foreign directors does not change that most internet stakeholders have no say in new TLD's. Did you bid on running .com? No? Oh I forgot there was no public tender to run .com. Just yet another backroom deal.

These directors have what power?

The prices for .com names may go up significantly - 7% per year.

And ICANN's slice goes up to 50cents per name per year.

All of this adds up to increased taxation on those who acquire domain name, i.e. you and me. Yet we are unrepresented in ICANN's decision-making processes. Can you say "taxation without representation"?

And if you really think about it, what is the actual cost to provide a service in which the yearly cost is that of *not* removing an entry for a database and in which the resources consumed are a few hundred bytes of disk space?

I've suggested a new domain name selling model - The .ewe Business Model - or - It's Just .Ewe and Me, .Kid(s) (http://www.cavebear.com/cbblog-archives/000159.ht ml)

You are right that much of the net does not need to be governed. But there are some things for which it is useful that there be one cohesive system.

Take for example the allocation of IP addresses - for routing to work well the allocation of IP addresses ought to follow some rules.

ICANN doesn't stay within the lines of those kinds of technical areas that could use a bit of control; instead it mostly ignores those and goes on into the more sexy area of business and economic policy - like regulating the way that domain names are sold, and by whom.

I proposed to the WSIS/WGIG that they follow the Louis Sullivan rule of "form follows function" - that we should first figure out precisely what aspects of the net need to be governed and then design specific little bodies to manage/govern those issues and nothing else. (We need to do a little review of 18th century thinking to re-learn how one constructs such bodies so that they tend to stay on topic.)

I've written many notes on this stuff on my blog at http://www.cavebear.com/cbblog/

Karl Auerbach, who served on the ICANN board as the first (and last) North American representative for the short period that ICANN allowed elected representatives on their board, basically (with the help of the Electronic Frontier Foundation) had to sue ICANN to get access to ICANN records so he could perform his board duties. Archives on that legal fight are here:

http://www.eff.org/Infrastructure/DNS_control/ICAN N_IANA_IAHC/Auerbach_v_ICANN/

Karl's opinions (and blog) may be found on his web site:

http://www.cavebear.com/

While I don't agree with Karl on several issues, I agree with his general assessment that ICANN is not looking after your (or my) interests. Karl has written on ICANN's abuse and misuse of their status many times - browse his blog. So long as the U.S. government, and the root name servers it controls, continues the accepted convention in following ICANN there is no good end in sight to its misuse of its position.

Now compare ICANN with the ITU. The ITU (International Telecommunications Union, formerly CCITT) has been around over 100 years and has members from just about every country on the globe. (ITU lineage predates the UN by many decades.) The ITU define standards (a.k.a. "recommendations") that have made it possible for you to pick up your phone and be able to call anyone else anywhere in the world who has a dialable phone number. Without them, the global telephone system and the global Internet almost certainly wouldn't exist as we know it.

If no harm or censor of content has come to the global telephone system under the gentle auspices of the ITU, then I think fretting over ITU control of the Internet root domain name servers is probably misplaced.

When ICANN got rid of their At-Large board members (like Karl Auerbach), they lost something even more important: Credibility. BTW, his web pages regarding his service at ICANN speak volumes over why this is even an issue.

I wish the U.S. Dept. of Commerce had insisted back elsewhen that the regional representive model for the At-Large ICANN board members would have been the actual structure of the organization. Instead it is made up of special interest groups and early internet corporations that have been able to maintain their current position in part due to having grabbed the concepts first, not because of technical competiance.

In this whole mess, it is the U.S. Department of Commerce that really deserves to get the blame for the whole thing being so screwed up. Particularly where money is involved (like registration fees) or the allocation of scarce resources (like IP addresses). Why the U.S. government getting blame? They were the ones who set up the mess in the first place as the original internet infrastructure was based in the USA and only later moved out elsewhere in the world.

The United Nations is only trying to do a "land grab" of their own, as this has the potential of being a rather influential governing structure of world commerce. It has the potential of being one of the few things that if directly under UN control would allow the UN to be more than a debate society of national diplomats. IMHO all the UN should be is a debate society, and any ambitions to go beyond that are doomed to cause more harm than good.

Part of Gilmore's complaint is that there are no visible regulations or laws that compel the presentation of identification papers. In other words, not only is the law not clear, it is not clear that there is a law at all.

By-the-way, I did a blog entry on this situation
http://www.cavebear.com/cbblog-archives/000116.htm l

ICANN's SSAC came up with the right answer with respect to Verisign's "Sitefinder" but they did so using a method that contains the seeds of an even greater danger to the net: unprincipled and subjective condemnation of change on the net.

See my note on this at http://www.cavebear.com/cbblog-archives/000108.htm l

If you've got ethereal installed, look at file /usr/share/ethereal/manuf and search for the first three bytes of the MAC address:

00:30:BD BelkinComp # BELKIN COMPONENTS

This file is a merging of two sources:

The IEEE public OUI listing:
http://standards.ieee.org/regauth/oui/index.shtml
http://standards.ieee.org/regauth/oui/oui.txt ...and...

Michael Patton's "Ethernet Codes Master Page":
http://www.cavebear.com/CaveBear/Ethernet/
ftp://ftp.cavebear.com/pub/Ethernet.txt

Hey, my old company is even in that file!

In the past, ICANN has always made a song and dance about the crucial need for DNS stability, yet now, in the face of a unilateral move that causes great instability, they meekly ask Verisign to please stop. If ICANN are too spineless to act, then the Department of Commerce needs to step in. Despite the contractual complexities (see Karl Auerbach's blog), Verisign have committed a fundamental breach of trust, and the DoC should reallocate responsibility for .net and .com as soon as practically possible.

The server that died was not my own - it was Circle ID's. My own machines have been happily running throughout.

If you want to know more about who I am check out my web pages at http://www.cavebear.com/" You can find the original version of my note in my blog.

Ah I see the problem - the /. article points to a copy of my original article on another site's server. That server apparently got squished.

The original URL, on my own server, is:
http://www.cavebear.com/cbblog-archives/000051.htm l

Here.

I feel like this story would've been better left sitting on his obscure blog than on the /. frontpage where it'll be routinely ripped to pieces. ____ is dying is like so totally over. ;)

http://www.cavebear.com/cbblog/

It originally posted here and reprinted on the slashdotted site.

It's become pretty clear that the US Dep't of Commerce likes ICANN the way it is. The Dept of Commerce can pretend it has authority over the Internet via ICANN (despite having absolutely no statutory authority granting the DoC the ability to do what it is doing), and because ICANN is nominally "private", the DoC can do a shell game of exercising authority when it wants authority and evading responsibility when it does not want responsibility.

The real shame of ICANN is not ICANN - although there is more than enough in that swamp alone - but, rather, in the way that the US government, in the form of the US Dept of Commerce, has abandoned principles of Constitutional and administrative law. Congress is only slightly less to blame for letting the executive branch (which is where one finds the Dep't of Commerce) get away with it.

I have suggested reforming ICANN - not the pseudo reform that ICANN has gone through. See my notes at http://www.cavebear.com/rw/apfi.htm

I've suggested splitting ICANN into a number of small bodies, most of which would be essentially clerical or service bureaus with no discretionary powers.

Take a look at http://www.cavebear.com/rw/apfi.htm for details.

Hell, they KEPT DOCUMENTS FROM THEIR OWN PRESIDENT, and he eventually quit.

Karl Auerbach was elected to the Board of Directors (At-Large Representative for Canada and the United States), he was not the president.

Karl did win his case with support from the EFF.

Stuart Lynn is President and CEO of ICANN. He is the one that is attempting to control ICANN through both day-to-day operations as President, and the Board as CEO. Stuart seems very intent in increases his power, and his domain of power, the role and responsibilities of ICANN.

I am miffed that IANA was assigned by the US Dept. of Commerce to ICANN, and not the Internet Society / Internet Engineering Taskforce (IETF)

Sure, there are script kiddies out there who are Internet sociopaths and who will attack anything that that moves. Most of those folks are so uninventive that they'd attack address 127.0.0.1 if somebody told 'em to do so.

I've had this idea: A CDROM that contains all the pieces that one needs to build an emergency DNS service for one's home, company, school, or whatever..

apparentlyicannwatchnew year resolution was to migrate from nuke to slash.

... as the result of my win in my lawsuit against ICANN I have seen materials that give me great pause - my confidence in the abilities of ICANN's management is not very high. In fact my confidence in ICANN's management, which has never been high, has reached an all time low. I believe that ICANN's board ought to remove certain ICANN executives and officers from their duties for insubordination and incompetence. I also believe that ICANN has become a captive of the law firm that created ICANN and that has become ICANN's largest creditor.

Seriously, I cannot believe that the rest of the world has not demanded that the US hand over control of ICANN to the UN.

Part of the point of ICANN was to avoid creating a new international treaty organization. I don't know that turning this all over to ISOC or IETF was ever really an option; the issue was simply too big. ICANN needs to be reined in, certainly, but having the DNS run by a subgroup of the International Telecommunications Union or by a new treaty organization would be a nightmare.

The big win of ICANN is that power stays with relatively clueful people (Dyson, Cerf, et al.) instead of representatives of major world governments. The really big win of ICANN was that the "people of the Internet" could elect even more clueful people to oversee the self-appointed board members. With this level of oversight gone, ICANN loses a good deal of its credibility.

Anyone thought about reviving the Boston Working Group, of which Karl was a prominent member?

I made it clear that I felt that .org should remain an open TLD, that no conditions be placed on those who wish to enter new names into .org or to renew existing names. I would have preferred that this policy be written directly into the resolution. However, board appeared to agree that rather than taking the time to amend the resolution that the board express its sense that ICANN management follow that expressed policy. We will soon find out whether ICANN's management follows that expression.

TO ICANN LAWYERS - JONES, DAY, REAVIS & POGUE

Why do ICANN stick with Jones, Day, Reavis & Pogue? Is it because of certain old ICANN links with them? Are JDRP profiteering? They are very costly - have ICANN looked for other Law firms?

Have you checked out JDRP.com - and their people involvement with ICANN?

A quote from a Karl Auerbach:

Jones, Day, Reavis & Pogue is ICANN's law firm, and has been so since the day of ICANN's birth. Indeed Jones-Day actually performed the incorporation ceremony in its Los Angeles offices.

Jones, Day, in the person of its principle man-on-the-ICANN-scene, Joe Sims, was present for at least half a year before ICANN was born, working in the shadows, responding to unknown interests and possibly making unknown deals. About all we know about that period is that those who were not insiders to Joe Sims process were ignored and that those who objected were treated with condescension and abuse.

Over the life of ICANN, Jones, Day has been the the dominant creditor of ICANN.

Even now Jones, Day continues to receive a lion's share of every dollar that flows into ICANN.

And one of Jones, Day's partners, Louis Touton, left the firm to become ICANN's Vice-President, Secretary, and General Counsel.

There is in my mind a question about the appearance of propriety.

Karls platform.

***End quote.

In a good two month period, October and November 2000, they got $465,553.67 from ICANN.

ICANN minutes.

As it one of the largest intellectual property practice groups in a general-practice law firm - with more than 85 intellectual property lawyers, I would imagine Jones, Day, Reavis & Pogue make a lot of money on trademarks problems on the Internet.

Jones, Day, Reavis & Pogue.

Virtually every word is trademarked, be it Alpha to Omega or Aardvark to Zulu - even common words you learnt with your A B C's - apple, ball and cat - most many times over.

MOST share the same words or initials with MANY others in a different business and/or country. For example, the World Trade Organization (WTO) shares its initials with six trademarks - U.S. alone (please check). Conflict is IMPOSSIBLE to avoid.

The solution to this problem has been ratified by experts - so that ALL registered trademarks can be identified on the Internet.

Jones, Day, Reavis & Pogue know this solution.

They would lose a lot of money, if there was less trademark problems on the Internet - wouldn't they?

Draw your own conclusions - but it is my opinion they do not want the solution to 'consumer confusion', 'trademark conflict' and 'passing off' problems on the Internet.

There is in my mind certainly no question about the appearance of corruption - it is beyond doubt.

Please visit WIPO.org.uk to see. No connection with the United Nations WIPO.org.

TO ICANN LAWYERS - JONES, DAY, REAVIS & POGUE

Why do ICANN stick with Jones, Day, Reavis & Pogue? Is it because of certain old ICANN links with them? Are JDRP profiteering? They are very costly - have ICANN looked for other Law firms?

Have you checked out JDRP.com - and their people involvement with ICANN?

A quote from a Karl Auerbach:

Jones, Day, Reavis & Pogue is ICANN's law firm, and has been so since the day of ICANN's birth. Indeed Jones-Day actually performed the incorporation ceremony in its Los Angeles offices.

Jones, Day, in the person of its principle man-on-the-ICANN-scene, Joe Sims, was present for at least half a year before ICANN was born, working in the shadows, responding to unknown interests and possibly making unknown deals. About all we know about that period is that those who were not insiders to Joe Sims process were ignored and that those who objected were treated with condescension and abuse.

Over the life of ICANN, Jones, Day has been the the dominant creditor of ICANN.

Even now Jones, Day continues to receive a lion's share of every dollar that flows into ICANN.

And one of Jones, Day's partners, Louis Touton, left the firm to become ICANN's Vice-President, Secretary, and General Counsel.

There is in my mind a question about the appearance of propriety.

Karls platform.

***End quote.

In a good two month period, October and November 2000, they got $465,553.67 from ICANN.

ICANN minutes.

As it one of the largest intellectual property practice groups in a general-practice law firm - with more than 85 intellectual property lawyers, I would imagine Jones, Day, Reavis & Pogue make a lot of money on trademarks problems on the Internet.

Jones, Day, Reavis & Pogue.

Virtually every word is trademarked, be it Alpha to Omega or Aardvark to Zulu - even common words you learnt with your A B C's - apple, ball and cat - most many times over.

MOST share the same words or initials with MANY others in a different business and/or country. For example, the World Trade Organization (WTO) shares its initials with six trademarks - U.S. alone (please check). Conflict is IMPOSSIBLE to avoid.

The solution to this problem has been ratified by experts - so that ALL registered trademarks can be identified on the Internet.

Jones, Day, Reavis & Pogue know this solution.

They would lose a lot of money, if there was less trademark problems on the Internet - wouldn't they?

Draw your own conclusions - but it is my opinion they do not want the solution to 'consumer confusion', 'trademark conflict' and 'passing off' problems on the Internet.

There is in my mind certainly no question about the appearance of corruption - it is beyond doubt.

Please visit WIPO.org.uk to see. No connection with the United Nations WIPO.org.

ICANN has devolved more and more into a secret society that caters to Network Solutions/Verisign's every whim. It's not about doing what's right, correct, or even profitable for most people. It's become what's about right for Verisign.

I don't think that ICANN aimed the r"evolution" proposal at me. It's my sense that ICANN's staff wanted to create impenetrable walls to eliminate any chance of real oversight, leaving ICANN's staff free to build empires, spend money, and wreak havoc on the concept of the internet as a place for innovation and impose pro-trademark regulations until there isn't a breath of room left on the Internet for non-commercial activity.

There are several agreements between ICANN and the US Department of Commerce. Those agreements come due for renewal this summer. Several groups - including ICANN's own "General Assembly" have advocated that the US Dept of Commerce hold an open selection among applicants for the job now held by ICANN. You may want to discuss this matter with your Congress critters and with the folks at the US Dept of Commerce.

Sometimes it's useful for an organization to split itself up into distinct and separate parts - AT&T split into various parts - Lucent and several AT&T companies. HP split into Agilent and HP.

In that line of thinking, I have suggested that ICANN consider a six way split -- http://www.cavebear.com/rw/apfi.htm

As a general matter I consider ICANN's r"evolution" proposal to be nothing short of a disaster for the Internet community - we lose all forms of public participatio. Accountability to the public simply evaporates.

I think there are a few things amiss with the pfir plan and I'd like to suggest and comment on some alternatives and have a few comments about our continues use of 20th century DNS.

Look back at the creation of ICANN and it's not difficult to see why it has failed. The timeline goes something like this: when the Wired article came out in 1994 where Joshua Quittner reported he registered mcdonalds.com and McDonalds didn't want it he ended up selling it to Burger King. At the time InterNIC registrations were taking about 3 days. This shot up to 11 weeks in a matter of days. The NSF, who funded NSI to run the InterNIC, did not feel it's role, which is to foster academic and scientific advancement, included subsidizing deodorant.com and the like, so, it asked the FNCAC to do something. What they did was instruct the NSF to tell NSI to begin charging for domains. This caught the Internet community rather off guard and discussion ensued on a "newdom" mailing list (whose archives can be found here). Several forces came into play. First was the rift between the group that felt they too could run a TLD and the group that though this should be run from a great big central registry. The latter became the IAHC/CORE thing while the former became the first alternative root. The US Government shut down the IAHC and began it's own proceedings: the white paper was produced. Other governments, most notably in the form of Paul Twoomey from Australia
and Chris Wilkinson from the EU balked at the plan and the revised plan, the green paper took out the language about creating 5 new TLDs immediately (thereby throwing each conflicted group at least one bone). At the time Mikki Barry and Kathy Kleinman suggested in Becky Burr's office that a set of global meetings take place, not to decide answers to tough problems, but to determine just where there was consensus on the various issues. This became the IFWP forum and 3 meetings were held in Reston Va., Geneva, and Singapore. There was to be a followup meeting to merge these consensus points into a framework for the new corporation that was to replace IANA. While this was happening, NSI and IANA were negotiating, and Ira Magaziner, Clinton's senior science advisor and Roger Cochetti, a VP of IBM were running around selecting a new board. The IFWP wrap up meeting never happened, it was scuttled by Mike Roberts (suspicion is high he had been told be would be president) and the vast amount of time and energy, money, hopes and aspirations that was IFWP went down the toilet - which is a real shame as it was a significant body of work. Three proposals went in to the US government to form the new corporation. The IANA/NSI proposal drafted by Joe Sims and NSI, the Boston Working Group proposal (which is where the wrap-up meeting was to have been) which was a sane version of the NSI/ICANN proposal, and the ORSC proposal which was the BWG plan with greater fiscal responsibility and an existing corporate shell. Citing popular public support for the IANA/NSI plan it was selected - but if you read the public comments on the NTIA site carefully you'll see far less support than implied and much of it was tentative, frankly. A board materialized out if thin air, selected because they didn't know anything about DNS. So what went wrong? Was the original ICANN plan flawed or were the people just the wrong choices? I suggest that if Karl Aurbach and 9 people like him has been the original board we would not now be even talking about DNS; the board appointed from in high did not represent the Internet community whatsoever and instead represented telco, government and trademark special interests. It is believed the concessions made so that foreign government supported the "green paper" was that they got to pick certain members of the board. The first big clue there was trouble was when the board missed it's deadline to define a process for their replacement and simply extended their jobs; they should have been gone over two years ago now.

So what have we learned from this? In my opinion, no group that says "we're in charge" really is; respect is earned, not asserted and I think this was the great failing of both IAHC and ICANN. So while I generally like Weinstein, Newman and Farber, I do distrust the IAB to some extent based on previous debacles like the Boston Tea party where they were thrown out for claiming OSI and not TCP/IP was the way to go. The ISOC is another non-starter, it's wanted to get it's hands on the DNS for over a decade and has been a great supporter of the authoritarian regimes of both IAHC and ICANN. The key, I believe, is not some group claiming they should be in charge or that they have all the answers - nobody does - but the good old fashioned and time proven method of Internet collaborative cooperation. And this means actually doing it, not paying lip service to it like ICANN did. Oh and cut out the 5 star hotels and first class Concorde flights.

Is this about Internet governance? No. Absolutely not. In it's most basic form this is nothing more than an institutionalized debate between Dave Crocker and Karl Denninger in 1986 taken to it's logical conclusion. But it's nothing to do with governance of the Internet. Face it, if all you do is read and write email and/or usenet news, and play on ISC or muck about on the web, you may never have heard of ICANN and it certainly has zero effect on you. This is just about new top level domains, period; the IP addresses have virtually all been handed over to the regional registries and the port allocations are handles by somebody than CAN add one to a number and write it down on a piece of paper.

But didn't ICANN break up NSI ? Nope. That was Ira Magaziners plan executed through the Department of Commerce. You don't really think NSI gave in because ICANN though it was a good idea do you? What has ICANN really done in 4 years? They've knuckled under to WIPO and given us the horribly flawed UDRP and 7 really stupid TLDs that despite $2.$M worth of scrutiny still had huge problems to the point of being dragged into court over it.

What alternative roots exist? Quite a few actually, and while on the face of it you might think this would be a problem, but face it, if you can pick up your mail and get to Yahoo! then they work, and any of them will let you do that. The differences in them are what new TLDs they publish in their root zones. I need to disclaim right away that I coordinate, with Brian Reid's help, the ORSC root, and it's generally believed to have the greatest penetration and is certainly the longest continuously operating one. The barrier to entry it low: show us working TLD servers and we'll list you. Other notable ones are the TINC root which is operated by some old time Usenet people such as Peter da Silva which has a policy of one tld per entity, which I don't like think can be made to work (the now defunct eDNS tried this and it was found to be too easily worked around), PacROOT which in my opinion swings too far the other way with their NameSlinger client - I don't think I know the proper number of TLDS any entity should operate but I do know it's not in the hundreds if not thousands; this raises anti-trust issues, and OpenNIC which is pretty good but only has a small number of new TLDs. There is also NameSpace which believes they should run all tlds. This grates against the notion of the root as a collection of independantly run TLDs in my opinion. But, it doesn't matter to me which one people use as long as they use one of them. Vote with your nameservers - it is in nobody's interest to break anything and using any of these roots will let you see all current DNS names and a whole universe of new ones although how many depends on which one you pick.

Why do we still use root servers? Now this is where it gets interesting. What if the US Government suddenly shut off the legacy root servers? 90% of the net would feel some sort of perturbation immediately especially since at least one TLD (.SE) is name-served directly from the root (not TLD!) servers as are many in-addr.arpa delegations. As the TTLs to TLD servers expired, users of the legacy root would not be able to resolve any DNS names. But, people that use other root servers would be immune to the demise of the legacy roots (modulo one of Swedens 7 .SE nameservers of course) but an even better tactic in my opinion is to primary the root zone for yourself. Then, any or all root servers could be shut off and you wouldn't notice a thing. This would leave you with one remaining problem and that is where could you get the root zone from. Your upstream might be a good place or as DJB has suggested, a cryptographically signed root zone could be posted to usenet periodically. This has the inherent advantage of being out of band of TCP/IP; that is, even a UUCP connection could inject the zone into the news stream. That's one answer to "how do you bootstrap DNS without DNS".

Do I think ORSC should be the next ICANN as the ICANNWATCH poll suggests? No and hell no! Nobody should be in charge, and given that the net and the DNS itself is edge controlled - that is, whoever has the root password to a nameserver determines what dns names exist and what don't - any model that asserts a central authority is doomed to fail. There is need for coordination, but not authority.

Vote with your nameserver; vote early and vote often.

Richard Sexton
March 19, 2002

I had asked the question before on ICANNs own forum: It seems to me difficulties are due to piss poor management and nothing to do with need for structural reform. For instance, why stick with Jones, Day, Reavis & Pogue? Is it because of certain old ICANN links with them? Are JDRP profiteering? They are very costly - have you looked for other Law firms?

Have you checked out JDRP.com - and their people involvement with ICANN?

A quote from a Karl Auerbach:

Jones, Day, Reavis & Pogue is ICANN's law firm, and has been so since the day of ICANN's birth. Indeed Jones-Day actually performed the incorporation ceremony in its Los Angeles offices.

Jones, Day, in the person of its principle man-on-the-ICANN-scene, Joe Sims, was present for at least half a year before ICANN was born, working in the shadows, responding to unknown interests and possibly making unknown deals. About all we know about that period is that those who were not insiders to Joe Sims process were ignored and that those who objected were treated with condescension and abuse.

Over the life of ICANN, Jones, Day has been the the dominant creditor of ICANN.

Even now Jones, Day continues to receive a lion's share of every dollar that flows into ICANN.

And one of Jones, Day's partners, Louis Touton, left the firm to become ICANN's Vice-President, Secretary, and General Counsel.

There is in my mind a question about the appearance of propriety.

Karls platform.

***End quote.

In a good two month period, October and November 2000, they got $465,553.67 from ICANN.

ICANN minutes.

As it one of the largest intellectual property practice groups in a general-practice law firm - with more than 85 intellectual property lawyers, I would imagine Jones, Day, Reavis & Pogue make a lot of money on trademarks problems on the Internet.

Jones, Day, Reavis & Pogue.

Virtually every word is trademarked, be it Alpha to Omega or Aardvark to Zulu - even common words you learnt with your A B C's - apple, ball and cat - most many times over.

MOST share the same words or initials with MANY others in a different business and/or country. For example, the World Trade Organization (WTO) shares its initials with six trademarks - U.S. alone (please check). Conflict is IMPOSSIBLE to avoid.

The solution to this problem has been ratified by experts - so that ALL registered trademarks can be identified on the Internet.

Jones, Day, Reavis & Pogue know this solution.

They would lose a lot of money, if there was less trademark problems on the Internet - wouldn't they?

Draw your own conclusions - but it is my opinion they do not want the solution to 'consumer confusion', 'trademark conflict' and 'passing off' problems on the Internet.

There is in my mind certainly no question about the appearance of corruption - it is beyond doubt.

Please visit WIPO.org.uk to see. No connection with the United Nations WIPO.org.

There is no disaster if everyone picks their own root system. In fact there is a very definite benefit - the data is distributed more widely, points of traffic concentration are reduced, and the vulnerability of the entire system to data polution via bad root zone files is reduced.

The issue is not whether there are multiple systems of roots - the issue is whether they are consistent. Right now those who are operating root systems the compete with the ICANN/NTIA/NSI legacy root are offering supersets. How one views an enhanced service depends on whether one is in the "I chose not to move forward with the times" camp or the "I upgraded to a more complete service" camp.

DNS has largely failed on the real issue: invarience.

There are three questions:

- Does the meaning of a DNS name change depending on who utters the name (client invarience)?

- Does the meaning of a DNS name change depending on where the name is uttered (geographic invarience)?

- Once bound to a meaning, does the meaning of a DNS name change over time (temporal invarience)?

On all three of these counts DNS fails. Content management systems have broken the first kinds of invarience and, among other reasons, our simple inability to distinguish between containers and the information they contain has broken the latter.

Take a look at my submission to the NRC on these points: http://www.cavebear.com/rw/nrc_presentation_july_1 1_2001.ppt

One of the at large board members of ICANN, Karl Auerbach was reported as saying that "We've just had the equivalent of the president of the United States abolishing Congress" in response to Stuart Lynn's proposals.

At large board members are chosen by rank and file internet users.

Personally I think this proposal is a threat to the supposed impartiality of ICANN. To allow one third of the board members to be chosen by governments will completely alter the original mandate that ICANN was originally setup.

The BBC Website and the ICCAN Watch website has a much more indepth analysis of the proposed plan.

BM> I'm refuting your post that suggests that you let your beliefs interefer with your findings.

My beliefs are based on reasoned logic - and have not been refuted. My findings are objective - and can be proven to be so. Please give evidence that the findings are not objective.

BM> I interpret this as if you think that your beliefs - in conjunction with your findings - have proven something, which of course is rubbish.

As my reply above shows - you misinterpret.

BM> I don't see corruptness or conspiracies here...

Just like there was no corruptness or conspiracies at Enron.

I see it to be just like there - they all gain - the Lawyers, ICANN, WIPO and US DOC.

You are either niave, stupid or somebody with vested interest (e.g. Lawyer or in Big Business).

I believe the corruption runs deep through ICANN right to the United States Department of Commerce.

For instance, checkout JDRP.com - and their people involvement with ICANN.

A quote from Karl Auerbach:

Jones, Day, Reavis & Pogue is ICANN's law firm, and has been so since the day of ICANN's birth. Indeed Jones-Day actually performed the incorporation ceremony in its Los Angeles offices.

Jones, Day, in the person of its principle man-on-the-ICANN-scene, Joe Sims, was present for at least half a year before ICANN was born, working in the shadows, responding to unknown interests and possibly making unknown deals. About all we know about that period is that those who were not insiders to Joe Sims process were ignored and that those who objected were treated with condescension and abuse.

Over the life of ICANN, Jones, Day has been the the dominant creditor of ICANN.

Even now Jones, Day continues to receive a lion's share of every dollar that flows into ICANN.

And one of Jones, Day's partners, Louis Touton, left the firm to become ICANN's Vice-President, Secretary, and General Counsel.

There is in my mind a question about the appearance of propriety.

***End quote.

In a good two month period in October and November 2000 they got $465,553.67 from ICANN.

As it one of the largest intellectual property practice groups in a general-practice law firm - with more than 85 intellectual property lawyers; I would imagine Jones, Day, Reavis & Pogue make a lot of money on trademarks problems on the Internet.

They would lose a lot of money, if there were less trademark problems on the Internet - wouldn't they?

Draw your own conclusions - but it is my opinion they do not want the solution to 'consumer confusion', 'trademark conflict' and 'passing off' problems on the Internet.

There is in my mind certainly no question about the appearance of corruption.

I wrote a document about some simple steps that could be taken to improve DNS security before ICANN's meeting last November.


http://www.cavebear.com/rw/steps-to-protect-dns. ht m

Don't let the fact of 12 or 13 servers lul one into a sense of security - they are all fed data from the same source, and if that source is corrupted, then all the root servers will be corrupted. And that's not a hypothetical - the entire .com top level domain disappeared for a few hours in 2000. (Most people didn't notice this because of the damping provided by DNS caching, but it would have become really bad had the situation continued for a few more hours.)

Also, because all of the root servers run a nearly common code base, they are potentially vulnerable to a common weakness.

In addition, one need not bring down a server to take it off-line, an attacker need merely saturate the network in the vicinity of a target server so that no good traffic can get through. An even scarier notion is that of corruption of Internet routing so that packets flowing to DNS server addresses are forwarded out router interface null0.

I'm pretty sure it messes up a LAN to have duplicate MAC addresses on it.

It does. Duped MAC addresses serviced by the same router are going to cause problems for those devices.

Also some places base their security on MAC addrs, probably not a good idea,

I took care of a site with DEC hubs that allowed you to use a particular MAC address to be a form of 'authentication' for a particular hub port. If someone else plugged their PC into that port, the hub would disable the port, assuming they did'nt change the MAC address on their card.

Oh, I have heard of vendors accidently duplicating MAC addresses (years ago).

I don't know about that 100 figure, but I have heard of some dodgy no-name cards from Taiwan that have MACs that are not unique.

Me thinks that they were no mistake. ; ) They just want to churn out $20 10/100 cards en mass, but don't have the vendor range of MAC's to do it. Or worse, any vendor range of MAC addresses at all.

No two of their cards have a duped MAC though. Their theory is, what are the chances of a customer purchasing a card from us with the same MAC of another device on their network. The MAC is 48bit so there are a fair few to choose from. ; )

I rather disagree.

Competing root systems will no more damage the net than competing telephone number lookup mechanisms damage the telephone system.

When there are inconsistencies, users will chose with their feet whether to continue to use a name service that doesn't give 'em answers that meet with their expectations.

To my mind it is better to empower the users with a choice, even at the cost of some hypothetical inconsistencies, than to create a worldwide bureaucracy that forces all users to march to the drumbeat of the marketeer with the biggest budget.

Take a look at http://www.cavebear.com/cavebear/growl/issue_2.htm #multiple_roots

Sure there are some potential problems - NS and CNAME records written in one TLD context and resolved in another, web caches that stupidly re-resolve DNS names in URLs rather than using the IP address of the TCP/HTTP connection they intercepted, etc. But I'd happily trade-in a worldwide bureaucracy in return for a couple of repairable technical glitches.

Evidently, Superroot is what newly elected ICANN board member Karl Auerbach uses. http://www.superroot.net/how-to.html has information on how to use their alternative root.

A fully distributed, rootless name service would be something from the current DNS protocols and DNS implementations.

However, if one considers today's DNS to be a set of TLDs (Top Level Domains) that are found by consulting a "root" then it is indeed possible to create root systems other than the one most, but not all. of us use. Personally, I use one of these other root systems - and I have been doing for several years and have had zero problems. Take a look at http://www.superroot.org/ and http://www.opennic.unrated.net/public_servers.html

A while back I wrote a note on competitive root systems: http://www.cavebear.com/cavebear/growl/issue_2.htm #multiple_roots The IAB of the IETF takes a dim view of competive roots, but I don't accept the logic of their decison. (The IAB's note is in RFC2826.)

They most certainly are indicators of a thriving, healthy economy. When the titans do battle, it means that they're faced with real competition from each other, which, in turn, makes it possible for mere mortals to find niches, do business, and possibly become, themselves, titans.

When it turns sour is when there are no titans slugging it out, but just one titan, making all of the rules. Past examples include United States Steel Corporation, J.P. Morgan's railroad empire, and AT&T's monopoly over the telephone system. These are all examples of the monopolies Woodrow Wilson railed against.

Some people seem to be missing the point of FOCI, and for that, I must take responsibility, as the primary author of the letter, the petition, and most of the content of the site.

The point is competition. The point is that, of the proposals on the table at ICANN, over half are related to either Afilias or Melbourne IT. The point is not whether .web is or isn't a good idea, or whether TLDs or the DNS are or are not good ideas. The point is that, given a world that is this way (which is currently is), can we keep competition alive long enough to make real change?

If Afilias and Melbourne IT are allowed to dominate the DNS any more than they already do, all the Karl Auerbachs in the world won't do us any good.

I'm not saying that Image Online Design are heroes. I'm saying that they represent competition to Afilias and Melbourne IT, and for that, you should consider supporting their bid.

And, as I said in the letter:

As a final note, we encourage you to be critical of what you hear on this issue (even from us!).

So I fully agree with you that people should do research and make up their own minds. There's plenty of public record of the entire history of .web. Furthermore, there's a lively discussion in the ICANN comments area, in which plenty of skeptics, critics, or outright IOD detractors are posting alternative viewpoints. Of course, not all of them are using their names, but that's the 'net for ya'.

Please, though, don't try to make it out like John Mitchell or I are hiding anything. We've made our affiliations clear from the first moment. When we changed the wording of the petition after realizing what Melbourne IT was up to, we mailed all of the existing signatories to let them choose whether or not to apply their signature to the new wording, or let it stand with the old.

We, FOCI, have worked very hard to be precisely the sort of effort on behalf of a company that we'd like to see more of. We're not trying to snow you, or convince you that we don't have, ultimately, capitalist interests at heart. We're trying to be straight with you, and let you decide what is important to a Competitive Internet.

With over 76,000 activated members, ICANN achieved its goal of a large, globally diverse membership.

• 17745 - Asia / Australia / Pacific
• 11309 - Europe
• 3449 - North America
• 1402 - Latin America and Caribbean
• 130 - Africa

34035 - Total

Therefore, voter turnout was about 45%, or just shy of half. Not too bad.

I'd like to see a breakdown of membership numbers by region, since the voting results lead me to believe that people in North America are under-voting. Either that or they under-registered. Either way, it's pretty typical of Americans, but kinda surprising that the rest of North America didn't do more to make up for it.

As you mentioned, the Slashdot endorsements reflected the results fairly closely, but for what it's worth, I'll mention that I voted the way I did because I did my research and concluded that member-nominated candidates Simmons and Auerbach were much better choices than any of the board-nominated candidates (basically a bunch of corporate lackeys, except for Lessig).

The results didn't match Slashdot's recommendations that closely, though. Note that Simmons and Lessig are much further down the list than they were listed in the /. endorsements. I also think Auerbach won simply because he was clearly the best choice by far. Just have a look at his website. The guy has some good ideas (even if those annoying and stupid-looking javascript popup windows are one of them!)

This is the guy who will be the At-Large rep for North America!
HIS PHOTO
and yes.. Al Gore is 50% in love with Karl Auerbach!

I'm curious what kind of huge mess you foresee?

Except for your comment, the opposition to an increase in the number of top level domains comes mainly from trademark folks who don't want to have to take the time and trouble to police their marks in multiple TLD name spaces. They clearly have a point. But I don't find it a sufficiently strong point to justify the draconian impositions that are being placed on the ability of those of us who don't have trademarks to create and use names.

As you may know, I'm a strong advocate of a massive - and I mean on the order of 10,000/year - new TLDs. See http://www.cavebear.com/ial c/platform.htm#dnspol-tldpol

As a technical matter, the DNS system can handle it - a million TLD root zone is really no different in terms of traffic flows or server burdens than a multi-million entry .com zone.

My personal hope is that in the longer term all this warring over DNS names will tend to diminish as real directory services come along. But that's merely a hope and perhaps not a very realistic one.

In addition to new TLD's I also believe in multiple, competing DNS root systems - like the OpenNIC. My own machines use the ORSC/Superroot root. See my comments on multiple roots at http://www.cavebear.com/cavebear/growl/index.htm#m ultiple_roots So far the only difficulty that I've encountered has been with a machine that was on a net where the ISP not-so-transparently proxied web queries and the not-very-transparent proxy was re-resolving the DNS names in the HTTP queries rather than using the destination IP address from the TCP connection it was intercepting.

--karl--

I'm curious what kind of huge mess you foresee?

Except for your comment, the opposition to an increase in the number of top level domains comes mainly from trademark folks who don't want to have to take the time and trouble to police their marks in multiple TLD name spaces. They clearly have a point. But I don't find it a sufficiently strong point to justify the draconian impositions that are being placed on the ability of those of us who don't have trademarks to create and use names.

As you may know, I'm a strong advocate of a massive - and I mean on the order of 10,000/year - new TLDs. See http://www.cavebear.com/ial c/platform.htm#dnspol-tldpol

As a technical matter, the DNS system can handle it - a million TLD root zone is really no different in terms of traffic flows or server burdens than a multi-million entry .com zone.

My personal hope is that in the longer term all this warring over DNS names will tend to diminish as real directory services come along. But that's merely a hope and perhaps not a very realistic one.

In addition to new TLD's I also believe in multiple, competing DNS root systems - like the OpenNIC. My own machines use the ORSC/Superroot root. See my comments on multiple roots at http://www.cavebear.com/cavebear/growl/index.htm#m ultiple_roots So far the only difficulty that I've encountered has been with a machine that was on a net where the ISP not-so-transparently proxied web queries and the not-very-transparent proxy was re-resolving the DNS names in the HTTP queries rather than using the destination IP address from the TCP connection it was intercepting.

--karl--

Actually, there are many such people. But they're not running for the Board, they're already there, running ICANN.

Fortunately, we have Karl Auerbach's platform.