Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Governance; ICANN and Accountability

Posted by michael on from the oil-and-water dept.

Contention writes: "The following policy was released by ICANN today (9th July), reiterating their commitment to 'A Unique, Authoritive Root for the DNS'. The document contains a stern warning to anyone '[working] under the philosophy that if they get there first with something that looks like a TLD and invite many registrants to participate, then ICANN will be required [...] to recognize in perpetuity these pseudo TLDs, inhibiting new TLDs with the same top-level name' while at the same time encouraging clearly marked, experimental alternate DNS roots." So ICANN says, unsurprisingly, that ICANN is needed to govern the domain system. Meanwhile, the Markle Foundation released a study of internet governance and accountability issues today. Read the study, or the NYT article about it.

29 of 64 comments (clear)

  1. Re:Single Root is Required! by Caballero · · Score: 2
    Congratulations you have just invented, get this, a single root. I mentioned this in my post.

    TLD's are NOT roots. They are top level domains. One stop down from the root.

    How are you going to get everyone to agree on who should be the TLD servers? You can setup any organization you want. Somehow they'll have to agree, perhaps by voting. Guess what, you've just invented equivalent of ICANN.

  2. Re:Single Root is Required! by Caballero · · Score: 2
    Is OpenNIC's method fair? How did they get to be the defined operator? Didn't they just show up and say they were doing it? Isn't this the same complaint you're making about ICANN?

    How do you know the ballot boxes weren't stuffed? When do we change Atlantic's rullership of .net? What do we do when it changes?

    You're inventing the same mechanisms and just putting different names on it.

  3. Single Root is Required! by Caballero · · Score: 2
    Don't you people understand why a single root IS required?

    Let's make this clear. Right now there is one root. It means there's one name space. If I look up slashdot.org, I'm sure I get this site. Now, lets say there are other root servers that some "new" organization runs. What happens when this new organization puts in an entry for slashdot.org that points somewhere else?

    The answer is that you no longer have any faith that any address you use is going to work for yourself. Even if it works for you, if you give an address to someone else you don't know what root server they're using and whether or not it works. Your email address becomes useless, because you can't be sure it actually works for any other user. You can also get into all the criminal activity if users connect to fake sites.

    Before someone makes the argument, that the various root servers will just "agree" on how they share the name space, that ends up being the same as having a single root! The "agreement" just happens in the single version of the root server data file.

    So, the fact is, that a single consistant root really is needed unless you want to go back to IP addresses for everything.

    Now, I do agree that ICANN should be moving faster in granting new domains. They've had a hard time creating policies, and frankly creating policies that work for a VERY diverse group of people is extremely tough. But people should try to understand the TECHNICAL issues instead of just bashing on ICANN as a new form of government.

    1. Re:Single Root is Required! by HiThere · · Score: 2

      ICANN needs a single root so that they can continue to collect such fees as they choose. E.g., the fee to reserve the next right to a URL, once the current owner allows it to lapse.

      I accept that the structure that you are proposing might require a single root. That's a good argument for modifying it, not a good argument for using it.

      I can't assure myself that I'm the only person using my name. It's unreasonable for a url user to assume, merely from the url that it's the same one. The solution is to cross-check this against another key, e.g., a pgp key. Then if multiple possible url's resolved, you could choose the one that matched the one that you had visited before. If you hadn't visited any of them, you could do a brief scan to select the one you meant, and register their key.

      This just a quick off - the - top - of - my - head approach. There are almost certainly more elegant ways. But centralized control is an inherently bad idea, and should (almost) always be designed around.

      Caution: Now approaching the (technological) singularity.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    2. Re:Single Root is Required! by kindbud · · Score: 2
      Don't you people understand why a single root IS required?

      A single namespace is required. Each root zone operator can decide what TLDs to publish delegations for. But ICANN confuses the namespace with their own version of the root zone file. So do you.

      What happens when this new organization puts in an entry for slashdot.org that points somewhere else?

      What happens when the sole root operator decides slashdot.org is subversive, and yanks the domain altogether?

      Now, I do agree that ICANN should be moving faster in granting new domains. They've had a hard time creating policies, and frankly creating policies that work for a VERY diverse group of people is extremely tough.

      But they are creating policies for moneyed interests, not a diverse group. The operators of the other roots are operating on behalf of a diverse group, precisely because they are themselves a diverse group.

      But people should try to understand the TECHNICAL issues instead of just bashing on ICANN as a new form of government.

      But they are trying to be a new form of government. They are trying to assert authority where none has been granted to them. Their charter calls for them to create technical policies aimed at maintaining internet stability. Yet they themselves loaded a colliding .biz TLD, which has now created a fractured namespace. They are responsible for introducing ambiguity, not Atlantic Root. Their .biz has been in operation since before ICANN was chartered, and ICANN's board knew it when they approved the plan to usurp it.

      If ICANN is a governmental agency, then the previous registrants and registry under the pre-existing .biz are entitled to compensation under the doctrine of emminent domain. Yet nothing of the sort is forthcoming from ICANN. This is not governance, this is not stability, this is capricousness and tyranny.

      It may interest you to know that OpenNIC has recently called for a vote to determine which .biz to carry in the root zone they operate. Atlantic Root's .biz is winning by a wide margin. The same sort of deliberations are taking place in other root-zone-operating organizations.

      --
      Edith Keeler Must Die
    3. Re:Single Root is Required! by ka9dgx · · Score: 3
      A single root for the entire Domain Name Space is NOT required. It is only required for each TLD. If I want to get uniform handling of .COM, .NET, etc.. I just have to respect the conventions that have been agreed on so far by telling my DNS serves to use the existing root servers, for those TLDs. This is consistent with existing TLDs and doesn't break anything.

      When I want to support a new TLD such as .BIZ, or whatever, and I don't agree with ICANN, I just update my root.db to reflect my own choice for that TLD, which does break things, but only for that TLD.

      So, you can have your cake (interoperable .COM, etc) and choose your own icing (.BIZ, etc) instead of letting ICANN tell you what to do.

      --Mike--

  4. DNS Server choice by ka9dgx · · Score: 2
    "you're at the mercy of your dns provider's choice of root servers."

    True, but you do have the choice of DNS providers, I've almost never used the one from my ISP, but rather the servers I keep alive at work. You can pick a name server and use it from anywhere in the world, regardless of what your ISP wants you to do.

    --Mike--

    1. Re:DNS Server choice by Inti · · Score: 2
      Transparent caching proxies, such as most of the major ISPs use these days, are also a complication in this regard. If you are behind a caching proxy, and your proxy does not use OpenNIC DNS, then you will get a 404 from the proxy, regardless of what nameserver your computer uses. Of course, one could strip the HTTP host header, and the proxy would be forced to fall back to IP number, but that isn't a good solution, given how common name-based virtual hosting is these days.

      Anyway, some OpenNIC people have had problems with this. ISPs are usually totally uncoorperative. The only solution is usually to switch to a "mom-and-pop" local corner-store type ISP. Hey, they almost always have better service, anyway.


      Claim your namespace.

  5. Make your own root domain server! by ka9dgx · · Score: 2
    I've build my own root.db for my DNS servers to feed off of. It's simple to do, even a Windows user like myself can deal with it. It's tempting to add my own domains, which I may do at some time in the future, but for now it was just to get some independence from ICANN.

    I've got the file saved as "rebeldb.root" in my c:\bind directory, and updated named.boot with the following info at the bottom...
    ;
    ; prime the DNS with root server 'hint'
    information
    ;
    ;cache . db.cache
    cache . rebeldb.root
    ;

    So there it is, you too can declare independance from ICANN, and decide for yourself who you trust to be the authority for each domain. Let the vanity TLD games begin.

    I don't use Microsoft's DNS server, so your milage may vary, I suspect this should work with newer versions of BIND.
    --Mike--

  6. Well, Duh by zpengo · · Score: 2
    The following policy was released by ICANN today (9th July), reiterating their commitment to 'A Unique, Authoritive Root for the DNS'.

    Uh, shouldn't that be their commitment to 'ICANN as the Unique, Authoritative Root for the DNS'?

    Funny how that works. Ask the authorities, and the authorities will tell you, "Of course we should be the authorities!" No bias there, eh?

    --


    Got Rhinos?
  7. Re:Protecting themselves from New.net by bakunin · · Score: 2

    Well, OpenNIC peers the original .biz (which is run by Atlantic Root Network) from the pacific Root. It's not an internal TLD for us.

    The vote on whether to accept ICANN's new .biz is running on our members' Forum right now and it does look like the original will win out in our root.

    Thanks to ICANN, their great fear of fracturing the namespace is to come about due to their own actions. There's nothing like consistency, is there?

    -robin

  8. Another option? by satch89450 · · Score: 2

    The Internet was pretty well served by the Internet Society, and the engineering details by the Internet Engineering Task Force. Why did the United States government decide THEY had to pick an agency, when the Internet Society is the place that represents ALL the people?

    That, of course, meant that the Internet Name Task Force (INTF) (to pick a name) would not be beholden to US trademark law...

  9. Re:Protecting themselves from New.net by GlassUser · · Score: 2

    Yeah, but new.net is killing themselves. A program I installed (bearshare, a gnutella interface) shoved it around the back, I didn't notice. My DNS queries were ALL screwed up, servers wouldn't resolve at random, it kept giving me DNS errors. Then I tried to uninstall it. Big mistake. TCP became nonfunctional.

    --
    funny munging
  10. Re:Hilarious Excerpts by wmulvihillDxR · · Score: 2

    Even more funny excerpts:

    Traditionally, the responsibility for performing the central coordinating functions of the global Internet for the public good, including management of the unique public DNS root, has been carried out by the Internet Assigned Numbers Authority (the IANA). ICANN's core mission is to continue the work of the IANA in a more formalized and globally representative framework, to ensure the views of all the Internet's stakeholders are taken into account in carrying out this public trust.

    And by "stakeholders" we mean those who have the biggest pieces and the most cash.

    --
    Check out Althea for a stable IMAP email client for X. Now with SSL!
  11. Resolution by spellcheckur · · Score: 2
    From the ICANN page: The DNS was originally deployed in the mid-1980s as an improved means of mapping easy-to-remember names (e.g., "example.com") to the IP addresses (e.g., "128.9.176.32") by which packets are routed on the Internet.

    Oh, you mean like this:

    %nslookup example.com.

    Name: example.com


    %nslookup 128.9.176.32

    Name: venera.isi.edu
    Address: 128.9.176.32
  12. Re:DNS/ICANN by AnotherBlackHat · · Score: 2
    IPs don't have the same functionality that domain names do. Instead of IP addresses, we could use secure hashes of public keys (like a P.G.P. finger print) and IPs which are signed by the public key. Since it's cryptographically hard to forge, no one would have to trust anybody.

    These would be hard for a human to remember, (20-30 random characters) but they have the other advantages of DNS, and a few extra;

    They are guaranteed to be unique,

    A single computer (IP address) can support multiple names
    - and -

    Hi-jacking a domain is nearly impossible,

    Anyone who wanted to could become a listing service (competition)

    They can be cached essentially forever

  13. NewDotNet problems, namespace overlap? by BillX · · Score: 2
    It sounds like they're cringing in response to the NewDotNet trojan DLL that's altering peoples' DNS configurations to use new.net's proprietary TLD extensions (.shop, .mp3, .family, etc.), which are then sold off to unsuspecting registrants [more on this below]. What worries me about some of these new registrars is they seem to be intentionally stepping into namespaces already in use by older new registrars (Alternic, OpenNIC...). As if there aren't enough domain-name lawsuits already, what happens when the SAME domain name can be owned by several people at once, and typing the domain name brings you to a different site depending on your ISP or what dodgy shareware you've installed?

    On a personal note, I just got an email yesterday from someone trying (unsuccessfully) to get a refund from this 'bogus name registrar' (new.net) because they did not adequately disclose that their domain names are currently invalid on most systems, and apt to stay that way, or that they are selling off names that may be *already taken* by other sites on other DNSes. (Also, in part, because the new.net trojan causes one of her favourite internet programs to pagefault on startup, but that's a separate rant.) Personally, I think they should submit a refund to ALL of their customers.

    To top it all, this unhappy customer informs me that they are charging $50 USD for 2 years. An utter rip, IMHO, considering their domain-names aren't valid on systems that don't have their Trojan horse installed and aren't on one of their bed-partner ISPs. (For reference, I paid $35 to register my *real* domain [cexx.org] for 2 years, and have the guarantee that it will be valid on *any* system running *any* internet-ready operating system, and won't display a porn site to Earthlink/Juno/NetZero customers.)

    --

    --
    Caveat Emptor is not a business model.
  14. Re:Protecting themselves from New.net by Masem · · Score: 3
    More likely, they're trying to fend off the problem that .biz is already in active use by an alternive system (I think opennic), particularlly now that ICANN's version of .biz is now open to registeration. (None of NewNet's names conflict with ICANN's system, though it includes ones that were considered buy ignored). If an ISP is using Opennic's as well as ICANN's root servers, what happens when a .biz address is requested? ICANN has a reasonable question in terms of that situation, but only because they let that situation happen (they were fully aware of the alternate .biz domain when they approved it).

    --
    "Pinky, you've left the lens cap of your mind on again." - P&TB
    "I can see my house from here!" - ST:
  15. Anybody read the NYT article? by unitron · · Score: 3
    The public thinks that they, the public, should control and direct the internet and how it is run.

    Yeah, that'll work.

    --

    I see even classic Slashdot is now pretty much unusable on dial up anymore.

  16. One possible trigger for this reaction... by Chagrin · · Score: 3

    http://new.net/ is currently selling domains under a wide array of TLDs (like ".xxx", ".shop", or ".mp3" etc.). They suggest to ISPs to add additional entries to their named.conf, of course, but for end users you can change your "search" in your resolv.conf and add new.net: domains like "www.guitar.mp3" will resolve correctly under "www.guitar.mp3.new.net".

    --

    I/O Error G-17: Aborting Installation

  17. ICANNs FAULT by Garry+Anderson · · Score: 3

    Most of the current problems are due to the authorities perverted and twisted sense of protectionism towards big business trademarks.

    What makes it bad - they know how solve this trademark and domain name problem.

    The solution has been ratified by honest attorneys - even the honourable G. Gervaise Davis III, United Nations World Intellectual Property Organization panellist judge.

    There is only one conclusion that could be drawn, for it not being used.

    By not using solution, trademarks have priority, this stops free speech.

    Fact: domain names were not designed to be trademarks - ask Paul Mockapetris, creator of Domain Name System. He was asked, "What do you wish you had invented?" - His reply, "A directory system for the Internet that wouldn't be controlled by the politicians, lawyers and bureaucrats."

    Nor can they be used as such - reason: Most trademarks share same or similar name with many others e.g. Caterpillar tractors claimed 'cat' is 'their' trademark on the Internet - even though there are 1746 'cat' trademarks - IN THE U.S. ALONE. Conflict is IMPOSSIBLE to avoid.

    They ALL legally have to protect their 'cat' trademark. For only one business to use, gives it dominant position over all the others. This is against 'unfair competition' laws.

    What about free speech rights? The 'cat' was on this earth long before these tractors.

    I thought the US Government were pretty hot on that - something you call the First Amendment, I believe.

    The only logical conclussion that I can come to is - they want it that way. Amongst many other things, the legal profession get rich and corporations can abuse their trademark powers.

    Please visit wipo.org.uk - for the easy solution.

    WIPO.org.uk comments to World Intellectual Property Organization .

  18. This link works better by AdamInParadise · · Score: 3

    http://www.paradigm.nu/icann/icannstage.html

    --
    Nobox: Only simple products.
  19. Some Points by Zeinfeld · · Score: 3
    First off, those bashing on ICANN need to understand that new.net are not in the business of live and let live. What they really want to happen is for ICANN to include their TLDs into the ICANN managed root.

    Do we want new.net to be the sole registrar for 30 pretty desirable TLDs just because they have a lot of venture capital from Idealab! to spend?

    What ICANN is doing is stating up front that they are not going to recognise this type of tactic as legitimate.

    People have always been able to set up their own roots, I do it myself on my home machine where I root the .test TLD for systems I don't want to register in the external Internet space.

    Setting up your own TLD is a bit like setting up your own internal telephone area codes however. It is not a good thing if there are two competing companies handing out 1-800 numbers.

    This leads to an important security issue, multiple DNS roots leaves companies open to the risk of having their DNS names hijacked. If I buy the name xyz.kids from the ICANN appointed registrar some smart alex could register xyz.kids at new.net and steal some of my trafic.

    In the worst case there is no authoratative root and the site a domain name will resolve to will differ randomly depending on the ISP you select. To be frank the people who claim this is a good idea either have no idea what they are talking about or are paid shills of some alternate registrar looking to muscle in and make some quick cash.

    If DNS addresses or IP addresses cease to have the uniqueness properties relied upon in the IP protocol then we no longer have an Internet, all we have is a patchwork of partially interoperable networks.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  20. This policy raises a question by President+of+The+US · · Score: 3

    Why do they need to vigorously defend their position in a community that gets to choose who they point their DNS servers at?

    Their policy seems to be "We're not the only game in town, but we should be." Competition is one of the best principles of a free economy/society. Their position that "competition causes instability" is far stupider than any FUD Microsoft or any other monopolist would come up with. Think of it - "windows should be the only desktop OS because it would cause instability to have incompatible OS's proliferating among PC users". How fast would the anti-trust lawyers be on that?

    Their argument is weak. If they could force admins to point their DNS at them or shut down "rogue" DNS for .com/.net/.org/.whatever else they decide to sell, they would. The fact that they cannot, that there is freedom to operate a whole new .com root DNS outside of their control, that anyone who does not feel that ICANN is playing fair can use that DNS -- this is the dangerous "instability" that they speak of. Democracy is chaotic; tyranny is usually more ordered.
    -----------------------

    --
    -----------------------
    Stay in school, kids! Peace out, Dubya
  21. But they're NOT needed! by Greyfox · · Score: 4
    The ICANN just happens to be the biggest faction at the moment, but there's no reason you couldn't set up some root servers. It's easy to do. For that matter, you don't even really have to stick with the DNS protocol. You could hack gethostbyname et al and set them up to use LDAP or whatever you want to use. They have no enforcement power or any real authority except over their computers.

    I'd like to see a distributed DNS system based on cryptographically signed keys. Hmm. I'll have to think about how one would implement one of those...

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  22. Re:Hilarious Excerpts by Inti · · Score: 4
    Here's one from the NYT article:

    • "I've found people want democracy, but they're often unwilling to do the work, whether it's looking at voting records or taking the most basic measures to protect their own privacy," said Ms. Dyson, who serves on a committee that is trying to increase public representation in Icann. "Frankly sometimes you don't need democracy, you need a market where people understand what's being offered and choose what they want."
    Esther Dyson, though no longer Chair of the ICANN board, sums up ICANN's approach to namespace governance. God, these people make me crazy. If you think that the namespace should, in fact, be accountable to its users, and not ruled by fiat, then start using an alternate root now. I recommend the OpenNIC.


    Claim your namespace.

  23. Protecting themselves from New.net by jeffy124 · · Score: 4
    ICANN is trying to protect themselves from services such as New.net. New.net provides the ability to register domains under TLDs like .free, .games, and many others that ICANN has either rejected or taking their sweet time with. They provide a browser plugin for when people try to surf those sites so that their DNS servers are used as opposed to normal ones. Even without the plugin, you can still access those sites by appending new.net to the address: sitename.games.new.net

    ICANN is trying to block and fight back at these types of services and re-establish themselves as the organization in charge of TLDs.

    --
    The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
  24. Hilarious Excerpts by zpengo · · Score: 5
    Here are some funny excerpts from the report:
    • ICANN was subsequently selected by the United States Government from among several proposals submitted precisely because it was open, consensus-based, and rooted in the Internet community. (Consensus my left butt cheek)
    • This commitment to a unique and authoritative root is a key part of the broader public trust - to carry out the Internet's central coordination functions for the public good - that is ICANN's reason for existence. (Is this a technological organization or a religious movement?)
    • "As Internet names increasingly have commercial value, the decision to add new top-level domains cannot be made on an ad hoc basis by entities or individuals that are not formally accountable to the Internet community." (Now, if only we could get ICANN to be accountable to the Internet community...)
    • The success of the Internet and the guarantee of Internet stability rest on the cooperative activities of thousands, even millions, of people and institutions collaborating worldwide towards a common end. (...yet ICANN holds all the cards).
    • ICANN - in deference to its public trust - will continue to collaborate with these citizens of the Internet community to advance the notions of a unique root system as a prerequisite to Internet stability, and to ensure that community-based policies take precedence. (Translation: We only give TLDs to the highest bidder; Anything else would cause instability.)
    Yeesh.
    --


    Got Rhinos?
  25. public interest by spellcheckur · · Score: 5
    From the article:
    These decisions of the alternate-root operators have been made without any apparent regard for the fundamental public-interest concern of Internet stability.

    ICANN has the best interests of the public in mind?
    Next you'll be telling me the RIAA has the best interests of the artists in mind.