Slashdot Mirror
Internet Governance; ICANN and Accountability
Contention writes: "The following policy was released by ICANN today (9th July), reiterating their commitment to 'A Unique, Authoritive Root for the DNS'. The document contains a stern warning to anyone '[working] under the philosophy that if they get there first with something that looks like a TLD and invite many registrants to participate, then ICANN will be required [...] to recognize in perpetuity these pseudo TLDs, inhibiting new TLDs with the same top-level name' while at the same time encouraging clearly marked, experimental alternate DNS roots." So ICANN says, unsurprisingly, that ICANN is needed to govern the domain system. Meanwhile, the Markle Foundation released a study of internet governance and accountability issues today. Read the study, or the NYT article about it.
As soon as Microsoft roles out UDDI in all of their products, DNS users will be about as relevant as modern day trailer trash. So, who gives a rats ass what ICANN is doing since their going to be obsolete.
Prove me wrong.
So how do I go about setting up a root server for the .goat domain?
Then what happens when ICANN breaks?
If you want a better understanding of what the Government is trying to do with ICANN, look at the history or the Fed. How did a nation founded on a tax revolution end up paying over 50% to the government? (or, are we really paying it into the banking system?)
The ICANN take-over is the latest model for Government "tax" collection. Taxing people rights to exist... or, for their ideas to exist online.
... if the .cx ccTLD is any indication. ICAN'T has been blocking redelegation for over a year now without stating any reason as far as I understand. The shit really hit the fan when Planet Three (who initiated the redelegation in June 2000) became insolvent. Those who were using their e-mail and web forwarding services simply disappeared from the Internet. Those who are running their own nameservers should cross their fingers and hope they don't need to change their DNS entries, because they can't. All this because ICAN'T was unable to transfer control of the TLD to nic.cx within 12 months !
You can read about it here: http://www.nic.cx/cx.home.cfm
The IANA page still lists the wrong contact information: http://www.iana.org/root-whois/cx.htm
If they are unable to keep their existing database in order, how can they possibly manage new top-level domains ?
Someone is wrong on the Internet!
Simply substitute "social stability" wherever you see "Internet stability", and there you go.
Why can't it delegate the policies to the domain owner along with the right to create sub-domains?
For example, it has been suggested that .eu (European Community) should take the opportunity to be more strict about what organizations could own .com.eu names etc. and so 'add value' over existing alternatives such as .uk or .com. I don't happen to agree with this suggestion for .eu, but is a perfectly reasonable requirement in the general case.
Perhaps the fact that such basic concept distinctions are still not being made - here, between authority for names and authority for other things - is a consequence of the lack of formal definitions underpinning documents such as RFC 2826? (Exercise for the reader: go through 2826 and figure out when they mean fully-qualified name vs. partial (domain) name).
There must be rigorous specifications around that could be used - I used to use The ANSA Naming Model some years ago, but there must be more recent equivalents - anyone got any pointers?
cheers
alex
catfood.pets.new.net
and
catfood.pets
it is (amazingly enough)
catfood.pets.new.
Profound? Well, not exactly - the point is that by putting the naming authority (Newnet) explicitly into the name at the appropriate place - the top - the battle for 'highly desirable' names will be avoided provided ICANN avoids upsetting people by allocating TLDs which have general significance in the real world - .good, .holy, .cheap etc. itself. Instead, its only function would be to delegate to other authorities and let them allocate the 'desirable' subdomains if they want.
I'll admit I'm not all that well-informed about the DNS system, but I think this idea makes a lot of sense... Has anybody given any thought to the idea of multiple existing DNS systems, with the ability to specify which DNS you're using?
For example, say you have two websites, run by Siteowners Bob and Tom, who each want the domain "blah.com," and Siteowner Bob gets into the ICANN-run DNS before Siteowner Tom. So Tom goes to (and I'm pulling this name from nowhere -- I doubt it exists) CheeseDNS. The (hypothetical) newest versions of browsers are written under the assumption that there are multiple DNS' out there, and that functionality is written into them.
So to get to Siteowner Bob's blah.com, you might type:
icann://www.blah.com
... whereas to get to Siteowner Tom's blah.com, you might type:
cheese://www.blah.com
... or something to that effect.
This would probably necessitate maintaing an active list of DNS' -- that could be kept by ISPs, or some regulating body (hopefully not ICANN -- preferably some newly-created regulating body whose members are voted on REGULARLY, to avoid problems like the ones we're having with ICANN.
Like I said, this issue is not my area of expertise, so by all means tell me why it will or will not work.
inigima
It was much better than Cats. I laughed. I cried. I want to see it again and again...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Dan Bernstein is working on something like that. See his website for his ideas on how to do it, at the end of the page following his rant about DNSSEC.
Edith Keeler Must Die
There is a separate set of problems with adding more root servers, because the more servers for a zone (including the root), the harder it is to keep them in sync.
According to this article, does that mean the death of sites such as Whitehouse.com?
You're using her as bait, Master!
Well, for one thing (and unlike ICANN) every one of our users has explicitly endorsed our operation of a DNS root ... ;-)
;-) That's the way it works: anyone with the technical competence and the equipmewnt can set up a DNS root. It's not really very difficult.
.net, so I can't answer the next two bits there.
;-)
To respond to a few of your other statements:
1) OpenNIC is not, and does not want to be, _the_ root operator. We want to be _a_ root operator, and we encourage anyone who doesn't want their DNS root to run the way we do to set up their own and discuss root peering with us. A global DNS run by a collaboration between hetrogenous operators is the best possible structure for something as varied as the Net.
2) Yep, we just decided we were a root and, lo!, we were.
3) The complaint against ICANN is not that they did this (the U.S. government did it, not ICANN, for one thing), but that they did it without the consent of the users and that they refuse to cooperate with others. There are independant roots who don't cooperate either, and they're in much the same box as ICANN except, of course, that their users generally choose to use their system. (New.net is the more ICANN-like exception to this, since their agreements with Earthlink and such do mean the users had no real choice.)
4) As the only person with root on the box that tabulates our votes, I can assure you there was no tampering, but that's not really sufficient, is it? We are working on a PGP signed voting mechanism, but as the Software Libre world is well aware, these things take time to build for a volunteer project. We are concerned about this, and we are working on it. It'd be great if you wanted to help on that.
I don't know who the "Atlantic" is you're saying controls
From the above, you can see that I do think OpenNIC (if not the other independant roots) is a very different beast from ICANN. We have a 100% voluntary participation and a true democracy, rather than a captive usership and just enough of the trappings of community to disguise the fascist operation underneath. So, I think there are differences.
-robin
and to reply to your question, If you only had a million or 2 poeple on the net like the good old days that would be ok
Does anyone actually have a Java program designed to control air traffic, or for the operation of a nuclear facility?
The WWW needs the domain name system. Virtual hosting relies on the domainname to be transmitted in the HTTP request. Otherwise the server wouldn't know which of the many websites hosted on a single IP is the one you want to see. Other important aspects of the web would also fall victim to the no-DNS approach, for example multihoming and transparent migration of servers (which would be deadly for the email-system).
Redirecting and rerouting can not be used to transparently and permanently move a server or an entire subnet to a different IP-space. While transparency could temporarily be achieved with redirection, redirecting permanently would defeat the purpose. An abstract layer of names is necessary for the internet to work. My proposal is this: Create a top-level domain with a meaningless name, like ".TPMNKT". Then, just like the current domain name system, delegate subdomains, but require that these subdomains are handed must be random strings of consonants. Also require that these strings are at least 20 chars long and contain at least 10 different consonants. This way, all vanity should be removed from the game and domain names become just an abstract addressing layer. With that layer of fallback names in place, additional naming schemes can be proposed and tested by anyone without harming the basic operability of the net.
We do things entirely democratic at opennic --- which is one of the problems that we have with ICANN, in that they are not democratic, and are not even playing by their own rules.
Need a Linux consultant in New Orleans?
Damn straight. Besides which, bookmarks can remember IPs, and search engines can be modified (if they have to be) to use IPs instead of a DNS.
What's the biggie?
Oh yeah, it would neuter ICANN....
Kierthos
(no! it's not an anagram!)
Mr. Hu is not a ninja.
>Isn't today July 10th?
Not necessarily.
It may be July 11th in your timezone.
--
You are being MICROattacked, from various angles, in a SOFT manner.
Check out theses cool satiric cartoons about ICANN. They say it all. http://www.paradigm.nu/icann/
Nobox: Only simple products.
It depends on what the alternatives are. New.net looks a lot better than Network Solutions.
If this were a software project, we wouldn't listen to anyone who didn't contribute code.
Show me the patches ICANN.
What TLDs have you created?
What has been done to promote competition?
What have you done for the public?
Instead of wasting time tearing down the others, make them all moot.
If ICANN got off it's ass and approved a few hundred new TLDs,
then no one would care a whit about new.net, alternic, or any of the others.
ICANN is definitely _not_ needed and I wouldn't be leaning to far out of the window as to say their money grubbing big business approach to the net is definitely not appreciated.
.lan zone. This machine from where I'm posting this has the ip address 192.168.3.21 and goes (and resolves!)
by the name vmhost1.lan.
And getting there wasn't all that hard. First I set up a zone file for .lan and then I told
the dns server to relay anything it doesn't know about to a another dns server.
I have a dns server that serves the
_Anybody_ can put up an alternate root, though I guess it'll be illegal soon because it could potentially wreck someone's business plan and prevent a couple of really obscenely rich people from becoming insanely rich at the expense and well-being of as ICANN puts it, that "broader community"...
New.net is trying to peer up with ISPs to get them to modify their hints file or named.conf to alow resolution of all the pseudo TLDS's. Great. So only the peple who use new.net or have dl their nifty patch can see these sites? What if I set up a similar system here in Canada? Then when my swell Windows 9x box looks up asciiporn.xxx, where will it take you? To the UK site asciiporn.xxx.new.net, or to asciiporn.xxx.myisp.ca? Hmmm? It will depend on the order of your search domains. If new.net is first on the list to check unqualified names, I get the UK site. If not, I get the Canadian site. For those of you who think that DNS is broken now, just wait. You and I will be looking up the same "name" and possible get totally different sites, depending on our ISP or what region we are in.
The only way I can see around this is to get a really short domain containing only ONE letter. For example, x.com. Very 21st century. Then, as the holder of that domain, allow others to use *.xxx.x.com or *.kids.x.com. x.com is better than new.net, as using x.com is much easier to imprint in the brain for that average user.
I know that new.net is trying to do this, but in order for this to succeed, you basically need to be a carrier or in the postion to meter out the bandwith to major ISP's, and coerce them into modifying their name resolution. Asking or setting up an alliance wont cut it. You need to be the big dog who calls the shots. Not likely gonna happen with a start-up during the dot-com-crunch.
But then who "agrees" on the existing conventions? What happens when you wind up with multiple roots serving the same TLD with different information? Unless you administer your own name servers you're at the mercy of your dns provider's choice of root servers. And with the current trend towards conglomeration in the ISP industry most users of the Internet will find that the "choices" proponents of multiple roots crow about have disappeared--do you think MSN (for instance) would carry the .microsoftsucks TLD?
Yes, I can, and you can...and so can most everyone reading this discussion. But can your parents? Or your grandparents? Or your neighbor Bob? Do they even know what DNS is? Probably not. Which means they'll use whatever settings get pushed down to them from their provider and never be the wiser. Andrew
I agree . You need a starting point or it's just an endless loop. Without these standards that work very very well, you have chaos.
.whatevers!
It's easy to bash the standards but you better know what ur doing before you start creating endless loops of
M$ tried this overthrow of DNS called WINS (hahah we all love wins don't we... NOT). Talk about corrupt databases.
Mail won't work without MX records.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Even if there were a whole bunch of new TLDs, how would they be accessed by the average internet user? They average user depends on her ISP for DNS service, and that ISP would have to set up their DNS servers to know about the new TLD servers or so other global authority that knew about them. So no matter how many new ones there are, if ISPs aren't using these ad hoc root servers they are really pointless beyond a small club of hackers. When it comes down to it, you can't get around hard coding somebody's IP or other identifier in any naming system that will scale well to the internet. Whoever's IP is the one that gets hardcoded automatically becomes the authority.
Windows is more convenient than Linux just as having an ingrown toenail is more convenient than seeing a podiatrist.
IP's can also be redirected and rerouted. Devices for redirecting and distributing load based on domain names can just as easily be built to use the IP's to accomplish the same thing. True many systems currently depend on it, but things can change... As long as the tech community allows for the growing intrusion into network space by self appointed governing agencies (which many times does not understand what they are dealing with) we are going to see problems.
Not a bad plan, till I come around and trademark your TPMNKT and go whining to ICANN.... IE the problem with the current system. To keep domain names for the layman, I really don't see a good solution... too many lawyers and non technical folks are now involved... Let's just all go back to BBS's ;0) I know you want to hit my site, otherwise you wouldn't have called my number (Ok... the last section is a BIT sarcastic)
Dyson again: this time for democracy - political parties for ICANN. "Can a global civil society emerge for the net?" Or did slashdot get there first? *snick-snick-snicker* http://www.opendemocracy.net/forum/document_detail s.asp?CatID=12&DocID=482
TLD's are NOT roots. They are top level domains. One stop down from the root.
How are you going to get everyone to agree on who should be the TLD servers? You can setup any organization you want. Somehow they'll have to agree, perhaps by voting. Guess what, you've just invented equivalent of ICANN.
How do you know the ballot boxes weren't stuffed? When do we change Atlantic's rullership of .net? What do we do when it changes?
You're inventing the same mechanisms and just putting different names on it.
Let's make this clear. Right now there is one root. It means there's one name space. If I look up slashdot.org, I'm sure I get this site. Now, lets say there are other root servers that some "new" organization runs. What happens when this new organization puts in an entry for slashdot.org that points somewhere else?
The answer is that you no longer have any faith that any address you use is going to work for yourself. Even if it works for you, if you give an address to someone else you don't know what root server they're using and whether or not it works. Your email address becomes useless, because you can't be sure it actually works for any other user. You can also get into all the criminal activity if users connect to fake sites.
Before someone makes the argument, that the various root servers will just "agree" on how they share the name space, that ends up being the same as having a single root! The "agreement" just happens in the single version of the root server data file.
So, the fact is, that a single consistant root really is needed unless you want to go back to IP addresses for everything.
Now, I do agree that ICANN should be moving faster in granting new domains. They've had a hard time creating policies, and frankly creating policies that work for a VERY diverse group of people is extremely tough. But people should try to understand the TECHNICAL issues instead of just bashing on ICANN as a new form of government.
True, but you do have the choice of DNS providers, I've almost never used the one from my ISP, but rather the servers I keep alive at work. You can pick a name server and use it from anywhere in the world, regardless of what your ISP wants you to do.
--Mike--
I've got the file saved as "rebeldb.root" in my c:\bind directory, and updated named.boot with the following info at the bottom...
;
;
;cache . db.cache
;
; prime the DNS with root server 'hint'
information
cache . rebeldb.root
So there it is, you too can declare independance from ICANN, and decide for yourself who you trust to be the authority for each domain. Let the vanity TLD games begin.
I don't use Microsoft's DNS server, so your milage may vary, I suspect this should work with newer versions of BIND.
--Mike--
Uh, shouldn't that be their commitment to 'ICANN as the Unique, Authoritative Root for the DNS'?
Funny how that works. Ask the authorities, and the authorities will tell you, "Of course we should be the authorities!" No bias there, eh?
Got Rhinos?
Well, OpenNIC peers the original .biz (which is run by Atlantic Root Network) from the pacific Root. It's not an internal TLD for us.
.biz is running on our members' Forum right now and it does look like the original will win out in our root.
The vote on whether to accept ICANN's new
Thanks to ICANN, their great fear of fracturing the namespace is to come about due to their own actions. There's nothing like consistency, is there?
-robin
The Internet was pretty well served by the Internet Society, and the engineering details by the Internet Engineering Task Force. Why did the United States government decide THEY had to pick an agency, when the Internet Society is the place that represents ALL the people?
That, of course, meant that the Internet Name Task Force (INTF) (to pick a name) would not be beholden to US trademark law...
Yeah, but new.net is killing themselves. A program I installed (bearshare, a gnutella interface) shoved it around the back, I didn't notice. My DNS queries were ALL screwed up, servers wouldn't resolve at random, it kept giving me DNS errors. Then I tried to uninstall it. Big mistake. TCP became nonfunctional.
funny munging
Even more funny excerpts:
Traditionally, the responsibility for performing the central coordinating functions of the global Internet for the public good, including management of the unique public DNS root, has been carried out by the Internet Assigned Numbers Authority (the IANA). ICANN's core mission is to continue the work of the IANA in a more formalized and globally representative framework, to ensure the views of all the Internet's stakeholders are taken into account in carrying out this public trust.
And by "stakeholders" we mean those who have the biggest pieces and the most cash.
Check out Althea for a stable IMAP email client for X. Now with SSL!
Oh, you mean like this:
These would be hard for a human to remember, (20-30 random characters) but they have the other advantages of DNS, and a few extra;
They are guaranteed to be unique,
A single computer (IP address) can support multiple names
- and -
Hi-jacking a domain is nearly impossible,
Anyone who wanted to could become a listing service (competition)
They can be cached essentially forever
On a personal note, I just got an email yesterday from someone trying (unsuccessfully) to get a refund from this 'bogus name registrar' (new.net) because they did not adequately disclose that their domain names are currently invalid on most systems, and apt to stay that way, or that they are selling off names that may be *already taken* by other sites on other DNSes. (Also, in part, because the new.net trojan causes one of her favourite internet programs to pagefault on startup, but that's a separate rant.) Personally, I think they should submit a refund to ALL of their customers.
To top it all, this unhappy customer informs me that they are charging $50 USD for 2 years. An utter rip, IMHO, considering their domain-names aren't valid on systems that don't have their Trojan horse installed and aren't on one of their bed-partner ISPs. (For reference, I paid $35 to register my *real* domain [cexx.org] for 2 years, and have the guarantee that it will be valid on *any* system running *any* internet-ready operating system, and won't display a porn site to Earthlink/Juno/NetZero customers.)
--
Caveat Emptor is not a business model.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
Yeah, that'll work.
I see even classic Slashdot is now pretty much unusable on dial up anymore.
http://new.net/ is currently selling domains under a wide array of TLDs (like ".xxx", ".shop", or ".mp3" etc.). They suggest to ISPs to add additional entries to their named.conf, of course, but for end users you can change your "search" in your resolv.conf and add new.net: domains like "www.guitar.mp3" will resolve correctly under "www.guitar.mp3.new.net".
I/O Error G-17: Aborting Installation
Most of the current problems are due to the authorities perverted and twisted sense of protectionism towards big business trademarks.
What makes it bad - they know how solve this trademark and domain name problem.
The solution has been ratified by honest attorneys - even the honourable G. Gervaise Davis III, United Nations World Intellectual Property Organization panellist judge.
There is only one conclusion that could be drawn, for it not being used.
By not using solution, trademarks have priority, this stops free speech.
Fact: domain names were not designed to be trademarks - ask Paul Mockapetris, creator of Domain Name System. He was asked, "What do you wish you had invented?" - His reply, "A directory system for the Internet that wouldn't be controlled by the politicians, lawyers and bureaucrats."
Nor can they be used as such - reason: Most trademarks share same or similar name with many others e.g. Caterpillar tractors claimed 'cat' is 'their' trademark on the Internet - even though there are 1746 'cat' trademarks - IN THE U.S. ALONE. Conflict is IMPOSSIBLE to avoid.
They ALL legally have to protect their 'cat' trademark. For only one business to use, gives it dominant position over all the others. This is against 'unfair competition' laws.
What about free speech rights? The 'cat' was on this earth long before these tractors.
I thought the US Government were pretty hot on that - something you call the First Amendment, I believe.
The only logical conclussion that I can come to is - they want it that way. Amongst many other things, the legal profession get rich and corporations can abuse their trademark powers.
Please visit wipo.org.uk - for the easy solution.
WIPO.org.uk comments to World Intellectual Property Organization .
http://www.paradigm.nu/icann/icannstage.html
Nobox: Only simple products.
Do we want new.net to be the sole registrar for 30 pretty desirable TLDs just because they have a lot of venture capital from Idealab! to spend?
What ICANN is doing is stating up front that they are not going to recognise this type of tactic as legitimate.
People have always been able to set up their own roots, I do it myself on my home machine where I root the .test TLD for systems I don't want to register in the external Internet space.
Setting up your own TLD is a bit like setting up your own internal telephone area codes however. It is not a good thing if there are two competing companies handing out 1-800 numbers.
This leads to an important security issue, multiple DNS roots leaves companies open to the risk of having their DNS names hijacked. If I buy the name xyz.kids from the ICANN appointed registrar some smart alex could register xyz.kids at new.net and steal some of my trafic.
In the worst case there is no authoratative root and the site a domain name will resolve to will differ randomly depending on the ISP you select. To be frank the people who claim this is a good idea either have no idea what they are talking about or are paid shills of some alternate registrar looking to muscle in and make some quick cash.
If DNS addresses or IP addresses cease to have the uniqueness properties relied upon in the IP protocol then we no longer have an Internet, all we have is a patchwork of partially interoperable networks.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Why do they need to vigorously defend their position in a community that gets to choose who they point their DNS servers at?
.com/.net/.org/.whatever else they decide to sell, they would. The fact that they cannot, that there is freedom to operate a whole new .com root DNS outside of their control, that anyone who does not feel that ICANN is playing fair can use that DNS -- this is the dangerous "instability" that they speak of. Democracy is chaotic; tyranny is usually more ordered.
Their policy seems to be "We're not the only game in town, but we should be." Competition is one of the best principles of a free economy/society. Their position that "competition causes instability" is far stupider than any FUD Microsoft or any other monopolist would come up with. Think of it - "windows should be the only desktop OS because it would cause instability to have incompatible OS's proliferating among PC users". How fast would the anti-trust lawyers be on that?
Their argument is weak. If they could force admins to point their DNS at them or shut down "rogue" DNS for
-----------------------
-----------------------
Stay in school, kids! Peace out, Dubya
I'd like to see a distributed DNS system based on cryptographically signed keys. Hmm. I'll have to think about how one would implement one of those...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
- "I've found people want democracy, but they're often unwilling to do the work, whether it's looking at voting records or taking the most basic measures to protect their own privacy," said Ms. Dyson, who serves on a committee that is trying to increase public representation in Icann. "Frankly sometimes you don't need democracy, you need a market where people understand what's being offered and choose what they want."
Esther Dyson, though no longer Chair of the ICANN board, sums up ICANN's approach to namespace governance. God, these people make me crazy. If you think that the namespace should, in fact, be accountable to its users, and not ruled by fiat, then start using an alternate root now. I recommend the OpenNIC.Claim your namespace.
ICANN is trying to block and fight back at these types of services and re-establish themselves as the organization in charge of TLDs.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
- ICANN was subsequently selected
by the United States Government from among several proposals submitted
precisely because it was open, consensus-based, and rooted in the Internet
community. (Consensus my left butt cheek)
- This commitment to
a unique and authoritative root is a key part of the broader public
trust - to carry out the Internet's central coordination functions
for the public good - that is ICANN's reason for existence. (Is this a technological organization or a religious movement?)
- "As Internet names
increasingly have commercial value, the decision to add new top-level
domains cannot be made on an ad hoc basis by entities or individuals
that are not formally accountable to the Internet community." (Now, if only we could get ICANN to be accountable to the Internet community...)
- The success
of the Internet and the guarantee of Internet stability rest on the
cooperative activities of thousands, even millions, of people and institutions
collaborating worldwide towards a common end. (...yet ICANN holds all the cards).
- ICANN -
in deference to its public trust - will continue to collaborate
with these citizens of the Internet community to advance the notions
of a unique root system as a prerequisite to Internet stability, and
to ensure that community-based policies take precedence. (Translation: We only give TLDs to the highest bidder; Anything else would cause instability.)
Yeesh.Got Rhinos?
These decisions of the alternate-root operators have been made without any apparent regard for the fundamental public-interest concern of Internet stability.
ICANN has the best interests of the public in mind?
Next you'll be telling me the RIAA has the best interests of the artists in mind.