Slashdot Mirror

← Back to Stories (view on slashdot.org)

Peter Sunde Wants To Create Alternative To ICANN

Posted by Soulskill on from the icann-see-why dept.

An anonymous reader writes "According to Peter Sunde's Twitter feed, he has been suspicious of ICANN for a long time. The non-profit corporation is tasked with managing both the IPv4 and IPv6 address spaces as well as handling the management of top-level domain name space including the operation of root nameservers. Sunde has lost a domain in the past because of the way ICANN acted. It was taken without any consultation on their part, instead the organization relied on information from recording industry group IFPI to change the domain ownership. But it seems for some reason his frustration has come to a head recently, and he has put a call out for help to create a competing root server."

28 of 276 comments (clear)

  1. You can't compete with root. by LostCluster · · Score: 4, Insightful

    The ROOT domain system is just that, it's trusted because well, if we didn't trust somebody at #1 this whole thing wouldn't work. You can't have a competing .com, .net, .org registry... sure, you could declare your own TLD and be root of that but, well, we don't trust you as much as we trust ICANN because, well, they've been root for a while now and haven't blown it that badly.

    1. Re:You can't compete with root. by bbtom · · Score: 3, Insightful

      If redirecting NXDOMAIN to partnered search results pages and killing a bunch of anti-spam scripts and endorsing ridiculously stupid shit like .eco, .xxx, .jobs and .tel happen wasn't enough for ICANN to have "blown it", complying with a Department of Homeland Security request to remove a bunch of domains that contained material that infringes copyright should be the nail in the coffin for the useless stuffed shirts at ICANN.

      ICANN is really a perfect example of where a bunch of wise-beard Unix hacker types could do a better job than the corporate whores currently doing it could. Or better yet, a proper distributed alternative to DNS.

      --
      catch (HumourFailureException e) { e.user.send("You, sir, are a humourless idiot."); }
    2. Re:You can't compete with root. by Daniel+Dvorkin · · Score: 3, Insightful

      ICANN is really a perfect example of where a bunch of wise-beard Unix hacker types could do a better job than the corporate whores currently doing it could.

      Almost everything in the world currently being done by corporate whores could better be done by wise-beard Unix hacker types; the tiny number of things that couldn't, aren't worth being done at all.

      --
      The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
    3. Re:You can't compete with root. by Nursie · · Score: 3, Insightful

      "You can't have a competing .com, .net, .org registry"

      Sure you can. Did you young folks never hear of AlterNIC ?

      (OK, you young folks might be an exaggeration, you have a slightly lower UID and I'm only 32, but still)

      All you have to do is persuade people to use your name servers instead of the normal ones. There's an infrastructure cost associated with that of course, but there it is. ICANN might kick and scream and maybe even sue, but there's nothing to stop the net being usurped by an enterprising newcomer. It would lead to namespace fragmentation and all sorts of interesting user effects, but it's a possibility.

      I quite like the idea of us geeks using one lot and the general public using another. They can have their own internet with the facebooks and packet shaping and the september that never ends. And we'll have ours and reset it to 1995 style...

    4. Re:You can't compete with root. by lordmetroid · · Score: 2, Insightful

      If an internet controlled by one government wasn't bad enough, you want several governments to be able to have a simple access to the censorship button. I will root for Peter Sunde's effort and make an internet controlled by its users.

  2. Sour grapes? by Meshach · · Score: 1, Insightful

    Sounds like Peter Sunde is bitter at his lost domain. If it ain't broke don't fix it.

    --
    "Maybe this world is another planet's hell"
    Aldous Huxley
    1. Re:Sour grapes? by Gonoff · · Score: 3, Insightful

      If it ain't broke don't fix it.

      I think he feels that it is broke.
      I think a big problem is that ICANN gives too many questionable organisations too much say into what happens. I include in that list, MPAA RIAA and their alternatives in the remaining 96% of the planet, various spooks and one particular national government.
      I suspect people here can think of many more names...

      --
      I'll see your Constitution and raise you a Queen.
    2. Re:Sour grapes? by LordLimecat · · Score: 2, Insightful

      Wait, so a bunch of spooks and RIAA and MPAA folks have their claws into the ICANN, and the ICANN just revoked access to "one of Sunde's domains" (mysteriously unnamed!!!), but Pirate bay remains online.

      We're supposed to extrapolate from this that there is a domain of Sunde's that the MPAA / RIAA want offline MORE than pirate bay? Riiiiiiight. How about telling everyone what domain it was so we can judge for ourselves whether or not ICANN is acting in bad faith; I may not trust the MPAA / RIAA, but Im not entirely sure I want to take the word of the guy running pirate bay, either.

    3. Re:Sour grapes? by Skal+Tura · · Score: 4, Insightful

      How about this? The Pirate Bay is too public to pull of a stunt like this, but some less known domains (like the ones seized a few moments ago) spurr less activism against it, so they can slowly roll it in and make it a norm. (like the antiterrorism bullshit going around)

      --
      Pulsed Media Seedboxes
    4. Re:Sour grapes? by Skal+Tura · · Score: 3, Insightful

      the IFPI organization doesn't have any more right to the domain than sunde did.

      Leaving it unrenewed is their friggin' problem, not anyone elses. No average joe can go bitch "that dude stole my domain!", "It says here you didn't renew it", "So what, it's mine! I forgot!", why should MAFIAA have that right?

      --
      Pulsed Media Seedboxes
    5. Re:Sour grapes? by jythie · · Score: 2, Insightful

      Welcome to how precedent works ^_^ look for victims no one will bother defending and the legal framework is there for when you go after the ones that have defenders.

    6. Re:Sour grapes? by cheekyjohnson · · Score: 3, Insightful

      But that doesn't mean letting self proclaimed pirates be in charge

      What's wrong with being a 'pirate'? I fail to see how that's relevant to this.

      --
      Filthy, filthy copyrapists!
  3. Re:Do it! Do it now! by gclef · · Score: 5, Insightful

    Messy. Question: which root do you ask for google.com? All of them? What if they reply with different addresses...which one's right? The fact that there aren't good answers to these questions is a big part of why we've tried to avoid splitting the DNS roots.

  4. Decentralized naming is hard by Josh+Triplett · · Score: 3, Insightful

    On the one hand, I absolutely want to see control over domain names taken out of anyone's hands (not just ICANN's).

    However, decentralized naming is a *hard* problem. Only one entity can control a given domain name, and something, either human or automated, must decide who gets that domain name. Whether by fiat or general consensus, some process must exist to handle the case where multiple people want the same name. ("First come first served" does not suffice unless you have fees or some other measure to prevent mass registration, and decentralized control makes those measures difficult.)

    (Numbers, by comparison, prove quite trivial; just use public keys. But people don't like typing in long numbers, they like typing in *names*.)

  5. We'll call it UCANNT... by moxley · · Score: 4, Insightful

    We'll call it UCANNT *rimshot*

    Universal Co-op for Assigned Names, Numbers and Timeservers

    Seriously though, I do think a backup system would be a good idea....It's needed in order to stop the growing attempts (that I think we're going to see a lot more of) to control, censor, filter, and police the internet....Due to the practicalities involved in how the system works, I am not certain how plausible it would be to have two competing systems while everything is working smoothly, and there are other points where the system could be messed with, but having a framework in place might not be a bad idea with the political realities we live in...

  6. Re:Do it! Do it now! by gclef · · Score: 4, Insightful

    Skip the government part (though, honestly, I see no reason why they'll operate the way you think they will)...what about businesses? For example: Apple.com. There are several companies that can claim honest ownership of the "apple" name as a business title (apple computers, apple records, etc). If each of them buys the apple.com name in a different root, which one's "right"? All of them have reason to argue they are...do you expect users to have to surf to all of them one by one to find the "right" apple.com? Seriously? So now the users have to know about all possible DNS roots? yuk.

    You seem to be assuming that the DNS with multiple roots will have very few name collisions except for government-caused ones...I don't think that's a safe assumption at all.

  7. Re:Static IPv6 addresses for everyone. by Demonantis · · Score: 2, Insightful

    It was called internic and it could easily come back because of this. Especially for sites the government is trying to block. The next most likely thing would be multiple DNS networks and everyone just gets used to having to switch depending on what they want to go to. Could easily be rectified at the browser level by "dialing in" that session's DNS ip. Eventually the most bipartisan DNSs would get used the most. ISPs would actively pursue an effective DNS system to maintain their consumer base in areas with no monopoly. There is nothing limiting there being many DNSs other then the fact that consumers would have to learn more about how the internet actually makes the magic happen and the general confusion that would ensue from that. Plus all the phishing of domain names.

  8. Re:Do it! Do it now! by gclef · · Score: 2, Insightful

    DNSSec, won't solve the multiple-root problem, though. If each root has a separate trust entry point, and the sub-entries are correctly signed, you won't be able to tell which one's accurate, just that the answers are verified by the root. You'll still be left with very confused users.

    This happens today with SSL, it's just harder to see: if two different SSL registries issue certs for "google.com", which one's right? If you trust both of them, then the answer is "both." The same will be true for the multiple DNS roots if they use DNSSec: you'll be able to tell for certain that the answer is correct from the point of the root, but which root is *right* will be far less clear.

  9. Re:Do it! Do it now! by interkin3tic · · Score: 2, Insightful

    An alternative name registry service would do wonders to cripple the whole "internet censorship" bandwagon that has been going on recently. Blacklists? Rendered at the very least 2X as difficult to implement on a national scale, simply because the clients you are attempting to prevent from accessing content can reach that content by using the alternate name resolution service.

    For five minutes or less before the proponents of the blacklist say "This goes for those guys too."

  10. Re:Static IPv6 addresses for everyone. by Mitchell314 · · Score: 3, Insightful

    Look, there's no way you're going to convince me to remember one IP6 address, let alone a bunch of them. That's 32 hexadecimal digits.

    --
    I read TFA and all I got was this lousy cookie
  11. Re:Do it! Do it now! by c0lo · · Score: 2, Insightful

    It would make measures like the Australian blacklist falderall all that much more difficult to actually pull off, and would render efforts like COICA similarly difficult.

    Do it. Do it now.

    If it is for making the Big Brother's job slightly more difficult, until yet-another-TDL-DNS gets created, maybe you can trust some OpenNIC DNS-es? Just asking.

    --
    Questions raise, answers kill. Raise questions to stay alive.
  12. Re:Do it! Do it now! by OverlordQ · · Score: 2, Insightful

    If they dont, and neither points to a known placeholder, "ASK", allow the user to try both and then pick the appropriate one.

    How is this supposed to work? I could register facebook.com put up a phishing page that looks exact the same and then if we used your system, how does the user know which one is right?

    --
    Your hair look like poop, Bob! - Wanker.
  13. Re:Do it! Do it now! by gclef · · Score: 2, Insightful

    But they all (intentionally, and by design) respond with the *same* *data*. The fact that there are 13 of them doesn't change the fact that there is only one root *zone*. What's being proposed is having different root zones, and so the assumption that the different roots will answer with the same information goes out the window.

  14. Re:Static IPv6 addresses for everyone. by Anonymous Coward · · Score: 1, Insightful

    Know your IP address like you know your phone number. Cut these clowns off at the legs. Free the net to the people who know how to use it and won't download viruses to their own computers thinking it's antivirus software... Take charge by taking responsibility from those who don't care and don't know!

    I love it!
    Don't go to mybank.com anymore. Go to http://FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/
    BUT BEWARE! http://FFFF:FFFF:FFFF:FFFF:FFFF:FFEF:FFFF:FFFF/ is a phishing site - you don't want to go there.

  15. Re:Do it! Do it now! by Anonymous Coward · · Score: 2, Insightful

    You would be making the mistake anyone who wants an alternate root gives a crap about any commercial organisation.
    We as humans deal with name space collisions every day, with our very own names, I think if we can handle it in real life, we can deal with it on here.
    As with all open source things, you are free not to participate, but you can always join later.

  16. Re:There already is one by juliandemarchi · · Score: 2, Insightful

    I would like to encourage anyone interested in the alt-dns system like Peter, to join OpenNIC (http://www.opennicproject.org). It has great ideals, and is openly and democratically run. Anyone can join this great project and contribute to it. OpenNIC has been around since 2000, and is still going well!

  17. OpenNIC by Anonymous Coward · · Score: 2, Insightful

    Instead of starting another alt-root DNS system, would it not be better to work cooperatively with an already heavily establish alt-root system, such as OpenNIC (http://opennicproject.org), they've proven previously that, unlike ICANN, they have a working democratic system to their DNS management!

  18. Re:Static IPv6 addresses for everyone. by Anthony+Mouse · · Score: 2, Insightful

    The centralised nature of DNS has been a huge flaw in the Internet for a long time, and it should really be replaced. The problem is coming up with a better solution.

    OK, how about this:

    You take the existing SSL certificate authorities and the existing certificates for websites, which contain their domain names. You create a new "root" which is really a distributed collection of root servers in which anyone may participate. Website operators send their SSL certificates to any one of the root servers (ideally one trusted enough to propagate it), showing that their domain has been verified by a certificate authority as belonging to them. The website operator also signs the IP address of the website with the website's public key and a timestamp (so that updated IP addresses have newer timestamps) and sends the signed IP address(es) to the root server. The root server propagates the website's certificate and the signed IP address to all of the other root servers. If the certificate is signed by a CA which is trusted by the root server, it then starts handing out the signed IP address in response to queries for that domain name (we can even use the existing DNS protocol for this). If a CA starts maliciously signing certificates for websites for people who don't really own them, "your" root server can stop trusting that CA (and if it doesn't, you can get a new root server).

    The advantage of this design is that you can't remove websites from the system except by the CA revoking their SSL certificates, which if it happens will just create a market for "bulletproof" certificate authorities. The website is using its own key to sign its IP address and once that signature is distributed to all the thousands of distributed root servers, there is no central location to remove it. At best a different CA under the influence of a censorial government could be coerced into signing a certificate for the domain name to the government instead of the owner, but all that requires is for your root server in the case of conflict between CAs for the same domain to prefer the bulletproof/incorruptible CAs to the corruptible ones.

    At that point you can eliminate ICANN's role in DNS and replace it with a covenant between all the certificate authorities not to issue a certificate for a domain already issued by another certificate authority to anyone other than the same party, the consequence for violating the covenant being that the various distributed root servers will stop trusting that CA.

    Since anyone sufficiently trustworthy can be a CA and anyone can run a root server because all the root servers are doing is caching a bunch of signed certificates and signed IP addresses, you get fully-distributed secure DNS with no ICANN.