IETF vs. ICANN

Ian Lance Taylor writes: "Two IETF drafts were filed today which fire a shot across ICANN's bows. They say that anybody who introduces a new version of an existing TLD is destabilizing the DNS--even ICANN. These are still only drafts, mind, not standards. They both acknowledge input from Karl Auerbach, the member of ICANN's board who was elected by North America. The drafts are Alternative Roots and the Virtual Inclusive Root and Root Server Definitions." The IETF drafters are attempting to define a system where non-ICANN TLDs can easily be added. ICANN is set to push their one root concept of operations where ICANN gets absolute authority over internet naming. All ICANN PR is geared toward presenting the ICANN-only plan as being necessary for "internet stability".

Domain Name Scam

ICANN's monopoly on Internet naming created artificial shortages that resulted in the same kind of asinine market conditions which prevail in cities that issue taxi medallions. Cypersquatting and speculation on dot-com names are prime examples. I'm going to register whatkindofidiotpaysamilliondollarsforadomainname.c om and offer to sell it for half a million dollars. But seriously - isn't there a better way to administer the Internet than the ICANN dictatorship?

How to unravel the ICANN

The ICANN's fundamental assumption is that there is only one (set of) root name servers, all of which contain the same data set.

This, however, is not how DNS itself works. The way DNS itself works is like this:

• The client sends to a resolver a request like, www.go.shop.
• The DNS resolver looks in its cache. It sees if www.go.shop is in its cache. If not, then it looks for a name server for www.go.shop. If a nameserver for www.go.shop does not exist, it next looks for a name server for go.shop in its local cache. If a nameserver for go.shop does not exist, it looks for a nameserver for shop in its local cache. If a name server for shop does not exist, the DNS resolver asks one of the root namservers (as listed in its local cache) what to do.

  To get around the idea of there being only one nameserver, one has to implement a nameserver to, in addition to setting the root namservers when creating a new cache, setting the name servers for alternate non-ICANN TLDs and placing those names and IP addresses in the cache.

  This way, when one goes to www.example.com, they ask the ICANN nameservers where to go. When one goes to www.go.shop, they ask the DNS servers that the DNS administrator has specified where to go. Anyone with a reasonable amount of clue can set up their won DNS cache and be in control of what TLDs they wish to resolve.

  This is very similiar to how USENET works. To create a newsgroup in one of the "big seven" (comp., soc., talk., rec., news., sci., and misc.) hierarchys, you have to get approval from David Lawrence. To create a newsgroup under the "alt" hierarchy, there is much less red tape involved. Less news servers (traditionally) carry the alt. newsgroups, but there is more freedom under the alt. hierarchy.

  There are also a number of other Usenet hierarchys which have even less propergation than the "big seven" and the "alt" Usenet hierarchys.

  DNS can be set up in a similiar fashion. The amount of code that needs to be changed is fairly trivial (there is a technical concern about what to do if the "root servers" for shop. give you a referral to different name servers that actually serve the shop domain instead of a referral to an appropriate subdomain, but that is easily enough handled compared to the amount of effort involved in making a caching nameserver). The only thing that has stopped this is mainly Paul Vixie's notion that non-ICANN TLDs are somehow evil.

  - Sam
  

Re:I may be an old fart but...

Read the memos. Their entire point is that when it comes to domain names, (say it with me now, all you "Highlander" fans) there can be only one.

The point is that at the end of the day, a domain name has to resolve to an IP address. If the same name resolves to two addresses depending on where you are, that's a Bad Thing. Unfortunately, that's exactly what is going to happen now that ICANN has decided to issue a .biz TLD. Existing DNS servers that don't look to ICANN for guidance already issued a .biz TLD and it is reasonably well-populated. There's every reason to believe that problems will ensue and that the lawyers will get to make a lot of money quarreling over the rights to assmasters.biz and others.

The suggestion in the memo is a good one: abstract the existing DNS away one more layer. All the roots have to play nicely together. ICANN doesn't get to introduce .biz because someone else already has. The thus-far successful first-come, first-served policy would dictate who gets a new .TLD just as it has dictated who gets SLD.com.

It's a simple solution. The memos (which are far from being official IETF positions) are needed because name issuance has become a business. A very, very big business. Tens if not hundreds of millions of dollars can be made -- if the artificial scarcity of domain names is maintained. ICANN has/had a public trust: to administer the root domain fairly. They have perverted that into a profit-making venture. They have, not to put too fine a point on it, forfeited their privilege as the ultimate arbiters of domain naming. The Virtual Inclusive Root proposal of these memos sidesteps ICANN.

Mr. Higgs has written a very clear pair of documents that deserve to be taken seriously, and to have their content codified into one or more RFCs requiring root solvers to treat other root solvers as peers. This is a problem that will have to be engineered away, presenting the US government with a _fait accompli_. The moneyed interests that have hijacked ICANN will never permit foreigners and weirdos to horn in on their cash train through legislative action and the US government will never permit other nations to have an equal say in such legislative action. The IETF way has always been "rough consensus and running code". Now more than ever, we need that.

Internet-Drafts are an open process

Note: Anyone at all can publish a document as internet-draft. These documents are the work of Simon Higgs, who has been a proponent of "alternative roots" for many years.
Their publication says ABSOLUTELY NOTHING about how the IETF community as a whole views these matters.

Single point of failure necessary for stability?

Whatever happend to the decentralized nature of the internet? Isn't there a reason we have more than one root server in the first place? Hello? What ARE these people smoking?

As for a single point of CONTROL, if we're not going to let Microsoft be it, and we're not too happy about the federal government trying that out with encryption exports or various "commnications indecency acts"... Why do they think we're going to let THEM do it?

The main problem with alternic type schemes is they need an alternate search engine. But if Google went along with it, there would be NO problem...

The argument "grandma doesn't know how to set her nameserver" is kind of bogus if you stop and think about it: five years ago grandma didn't know what the internet WAS. The web was just geeks creating value for other geeks, and then the rest of the world found it and wandered in to our party. If we're over creating value in one corner and the rest of the world isn't doing as much with their 95%, then the rest of the world will find us. Remember Napster? Geeks are being QUIET about AudioGalaxy, this time around...

Besides, remember usenet BEFORE AOL found it? A lot of people would consider the exclusivity (while it lasts) to be a good thing. Brains being the price of admission, and all. (Not trying to be bigoted, just saying it's not a BAD thing.)

Rob

A better solution: eliminate TLDs entirely

Under the current (ICANN) set of TLDs, anyone who sets up a domain name must classify it as a ".com", ".net", ".org", ... or as one of the country-specific TLDs. Most people recognize that this bureaucratic classification scheme doesn't correspond with our mental classification scheme; for example, as someone else in this thread points out, should a hospital be a ".com" or an ".org"?

Unfortunately, the commonly-proposed solution -- adding more gTLDs -- is not going to help. If health-care organizations get their ".med", then sooner or later, someone is bound to want separate gTLDs for doctors, dentists, and homeopaths. If a ".mp3" gTLD becomes widely used and another music format supplants MP3, then people distributing music in the new format will still set up ".mp3" sites for that purpose. And so on and so on, until users are confused by too many gTLDs, and companies afraid of cybersquatting register their names with 20 gTLDs, not just two or three.

When people learn vocabulary, they learn the words for genuses first, and learn other levels of classification later. That's why a child, seeing a wolf, says "that's a dog", and not "that's a member of the species Canis lupus in the order Carnivora." That's why so many people set up personal domains under the ".com" TLD, even if they have no intention of making these domains commercial ventures -- they recognize ".com" as the default TLD and don't care about its alleged purpose.

Back in the eighteenth century, a number of philosophers tried to construct languages to mirror (their views of) the natural order of things -- their dream was a language where a false statement would be ungrammatical and where related concepts would have similar-sounding words. The people who want to "improve" DNS by adding more gTLDs are falling into the same trap.

We need fewer gTLDs, not more.
--

Does ICANN hate hospitals?

/.
Disclaimer: I'm one of the people that've been petitioning for a .med TLD for years... so those readers who keep up on DNS issues have already heard this rant.

Currently, the hospitals of the world are randomly scattered across the DNS. For example, Fox Chase Cancer Center is fccc.edu, and Holy Spirit Hospital is HolySpiritHospital.Com, and the American Hospital Directory is AHD.Org. All these are non-profits except possibly the last.

The need for a .med domain is so strong that one of the alternative registries has already created the TLD. Unfortunately, ICANN's stranglehold on the industry prevents this alternative registry from seeing wide use (although adoption by hospitals through inclusion of alternative roots in the bind cache is ramping up).

ICANN has refused to discuss the issue except to say that people who supply a solution to the problem (i.e. alternative registries) are the bad guys, destablizing the Internet (ha! I've been using all the major DNS roots simultaneously for years; just add the additional root entries in BIND).

I expect that when the .med finally comes about, the people currently trying to serve the public good by providing the TLD will be marginalized if not driven out of business.

--Charlie

Re:How Dare They?

Oh, please.

Although the Internet allows a high degree of decentralized activities, coordination of the assignment function by a single authority is necessary where unique parameter values are technically required.

The phrase "single authority" is never good.

If not a single authority, then what? What happens when one authority says www.slashdot.org is 1.2.3.4 and another says it's 4.3.2.1? What happens when i register my-domain.com through Registry A but someone else beats me to it at Registry B? I can't put that domain in my ads, and i certainly can't use it as my email address.

Imagine if you saw an ad for 1-800-FLOWERS, but when you went to call it, you got Joe's Crab Shack because you and the placer of the ad used different "telephone authorities". Imagine if you met some hot chick at the local bar and gave her your number, but when she went to call it, she got someone else.

You need an "supreme court" of the namespace or else the namespace is useless.

--

Re:How Dare They?

Yeah, sorta like ICANN.

--

Re:Dynamic Alternates...

For instance, if cnn.news was resolved twice,

Completely disregarding the technical side of that concept, and even disregarding how that would work for email, napster, automatic indexing spiders, etc, you wind up with a big problem:

It's no longer a Universal Resource Locator. One of the great things about a URL is that it refers to a single, discrete point somewhere. It can be on your harddrive (file:), on a LAN (MyServer//), or on the internet (ftp:, http:).

And as for the fellow up above who said "Just add the nameserver to the url", often DNS does not *have* a URL associated with it. For instance, setting up your POP3 or Napster server, you just enter a Domain name.

Also, adding an extra bit of text to the domain name to get it to resolve correctly has already been written into the fundimental archetecture of DNS. It's called a TLD... that's what these things are FOR. Namespace collision is the problem, but a combination of politics and no clear orginzational responsibility is the cause.

--
Evan

Dynamic Alternates...

I'm sitting here thinking about the problem, and I've decided that for my Internet use it would be acceptable for a Pop-up window to appear asking me which Root server should be primary for a given site (only to appear when a conflict exists between the root servers).

For instance, if cnn.news was resolved twice, once by ICANN, and once by otherDNS (ficticious) then I could simply choose from a popup which site I want, and depending on it's importants it could cache the results for the session, or flag it permanently.

Re:Question Authority

I think the idea of wresting control from ICANN is great... Permitting new TLDs would be a great idea, and the new TLDs could be run by anyone, as long as they can prove they meet certain criteria. In this way, no collisions are necessary. It would, however, create a legal nightmare as players scrambled to open new TLDs and new rounds of squatting began. But ICANN refuses to be open about their process, so we'll never *really* know what standards are being met.

But collision of domains would be disastrous. It amounts to taking control of the internet from ICANN and giving it to AOL. AOL could easily decide to point microsoft.com somewhere else. Stink.

Just because there are shades of gray, it doesn't mean we can't tell black from white

But it can keep you from getting the web sites you want. If there were a second slashdot.org that pointed to microsoft's site, how would you get the slashdot you wanted? DNS would be worthless.

Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.

Re:Uh... what's wrong with a distributed root, the

Mr connerbd,

You are hereby notified to cease and desist from any further such posts.

As you must be aware, any more discussion of distributed root servers would violate your Windows XP NDA.

Without going into particulars, your public disclosure could jeopardize critical intellectual property that would subject you to immediate and severe litigation that would cause your molars to disintegrate.

I am referring, of course, to the new Windows XP name server cache, which is meant to enhance the end user experience with increases in efficiency by caching frequently desired URLs, including advanced aliasing, such as

aol.com -> msn.com

that provides a richer experience and the innovation that our customers have come to expect. Of course the same product includes our advanced Pr0nKiller/anti-terrorist MShopping Cart that will be pre-announced by our Chief Software Architect.

Good day.

Sternly,
Geoffrey P. Foggbottom, JD

Required Reading

Here are some more informative RFCs regarding TLDs and related servers: RFC2795 [ietf.org], RFC3092 [faqs.org], RFC2551 [faqs.org], RFC2100 [faqs.org].

How Dare They?

How dare anyone challenge the monopoly? Don't they realize that by bothering ICANN, they're only suppressing innovation?

From the ICANN "one root" doc:

This document reaffirms ICANN's commitment to a single, authoritative public root for the Internet Domain Name System (DNS) and to the management of that unique root in the public interest according to policies developed through community processes.

I bet they'd change their story if it were decided that the "single, authoritative public root" out to be someone other than them.

Although the Internet allows a high degree of decentralized activities, coordination of the assignment function by a single authority is necessary where unique parameter values are technically required.

The phrase "single authority" is never good.

Over the past several years, some private organizations have established DNS roots as alternatives to the authoritative root. Frequently, these "alternative" roots have been established to support for-profit top-level domain registries that have been unable to gain entry into the authoritative root as managed in the public interest by the IANA or ICANN.

'Don't listen to the "other" guys. We're looking out for you.' Yeah, right.

Because these alternative roots substitute insular motives for the community-based processes that govern the management of the authoritative root, their decisions to include particular top-level domains have not been subjected to the same tests of community support and conformance with the public trust.

Sound anything like Microsoft's "Open Source is unsafe" theory?

In other news . . .

IBM buys all rights to all acronyms that contain the letter 'I'. The company then proceeded to sue the ICANN, the IETF, SGI and the RIAA unless they removed the 'I' from their acronym within 24 hours.

ICANN promptly issued a statement that the would be switching to AYTBTU (All your TLD belong to us) and the RIAA says that they will fight the move in court. Their spokesperson stated

"They can't do that because we along with the MPAA control everything in the would that we can trick the government into believing is intelectual property".

SGI also joined in the response saying: "We got 'Open' and 'GL' but no one here ever thought of just the letter 'I'.

Market analysts are predicting that other companies would soon follow this lead and begin copyrighting various letters of the alphabet.

Stated one:

This is a dangerous precident. Imagine if someone copyright's the letter 'M'. That person would take out IBM and Microsoft in one sweep!"

Several bystanders who heard this quote rushed to the courts in order to claim the letter 'M'

More information as it becomes available

"One World, one Web, one Program" - Microsoft promotional ad

17576 TLDs

Why don't they just make a TLD for every possible three-letter combination? That way, people/companies will put their website in the correct category, instead of registering their name under every possible com/org/net/biz/web TLD. It would become too cost-prohibitive otherwise (considering current pricing).

This will solve the TLD problem once and for all -- plenty of supply for TLDs and new domain names for everyone...

(Of course then ultimate TLD will be .tld itself.)

Uh... what's wrong with a distributed root, then?

This has got to be ICANN fud. I haven't read the RFCs, but there's no reason you can't make the "root" system a p2p distributed database. This is not a power grid where economies of scale are proving to be a more efficient way of working than deregulated competition; it's more like a telephone grid.

I guess there's not too much else to say, except for acknowledging that politics will make a mess of things...

/Brian

Re:I may be an old fart but...

Look at the way it is today, if everybody was forced to use only *.com whoever had a .net, .org, etc. just lost their domain; would the internet only have a third of it's servers??? No, most likely 90% of the servers would still be there, because companies are not just registering one tld they are registering all they can get their hands on.

Using your example, look at slashdot, there's a .com & .org, going to the same place, slashdot is stepping on two-thirds of the space already. Right now tld's are completely useless: they add confusion to the consumer (or websurfer), make me type extra characters for no good reason, currently they're only really good for lining registers pockets with money by having the same company register the one domain 50 billion different ways.

If we did this there would actually be a point to adding additional tld's since you'd sit in whichever one made the most sense; instead of getting every one you can get your hands on, no matter if it made any sense at all.

And just be a bastard, why don't you just include that tld information into your domain??? slashdotcom.com there you have your two-thirds of domains back :)

I may be an old fart but...

My opinion on the whole TLD mess is that there should only be one domain.[net|org|com|.*] Instead of having slashdot.org & slashdot.com that whoever registers it has to pick a tld and the rest of the tld's with that domain are unavailable.

What this would get me is the confidence that I can say a .net is most likely a network provider, a .org is an organization, etc. Since you'd pick which tld is going to be most appropriate for you business.

Also we don't have lawsuits between joeblow.biz & joeblow.com, etc. since they couldn't exist because they'd have a domain clash.

While I'm on a roll (rant), I'd even like it better if you actually had to show you truley belonged in a certain tld (you have to provide network services to be in the .net tld).

I have no idea how to reverse the mess with all the different organization that are in the mess of having conflicts, but I know it could be implented for any new domains.

Of course that's me being an old curmudgeon

Re:How Dare They?

How dare anyone challenge the monopoly? Don't they realize that by bothering ICANN, they're only suppressing innovation?

Lie of the 70's = The check is in the mail
Lie of the 80's = Trickle down economics
Lie of the 90's = I have not had sex with that woman/man/computer/etc.
Lie of the 00's = Monopoly promotes innovation

--
All your .sig are belong to us!

Cartoons !!!

Check out theses nice ICANN cartoons:
http://www.paradigm.nu/icann/ [paradigm.nu]

Internet DRAFTS, not RFCs

One point nobody seems to have picked up yet, the documents in question are no more than Internet Drafts, they are the personal opinion of the author. The obligatory preface states explicity that they do not represent IETF policy, are not guaranteed to become standards and will be consigned to the bit bucket in six months time.

The documents do not therefore represent a fight between the IETF and ICANN, nor do they represent the position that the IETF would take. They are simply one person's personal view.

The threads reflect the common misconception that DNS is a yellow pages directory. It is not, it is a name service that maps names that are intended to have a meaning fixed over the long term to Internet Protocol addresses that for various reasons are subject to change over relatively short periods of time.

The IETF has developed a yellow pages type protocol - CNRP. With CNRP you can type in 'sex' and the client will search as many catalogue servers as you like for pr0n. Queries can also be made more specific, tailoring your search for strip clubs to your geographic locality, fetishes etc.

With CNRP it is possible for multiple people to bind to the same index term. With DNS the entire engineering purpose is lost if that happens.

The Internet Drafts contain a massive logical falacy. They assume that conflict between 'alternative' roots can be avoided. This is not the case. Most of the new.net domains are also hosted by other irregular roots. In many cases the other alternate roots were up and running earlier than new.net. The idea that 'destabilization' can be avoided by a central actor presupposes that that actor exists and is respected to some degree.

Use of the alternative roots is negligible to nil. Nobody uses an alternative root for hyperlinks in public web sites or for email. The only possible use for the alternative roots is as a poor substitute for CNRP - as a service lookup. Since DNS is designed to support the type of use made of it that hyperlinks and email do and is not designed as a yellow pages the only people to be incommoded should ICANN issue a TLD that collides with an irregular one are the operators of the root and the people who paid them money thinking they would buy names.

Question Authority

For all the hype surrounding domain names, they really aren't anything more or less than a nickname. A simple, easy to remember word or phrase (nickname) is associated with a hard to remember IP address.

The idea that we need a central authority to dictate nicknames is ludicrous. The idea that if nicknames collide, the internet is "destabolized" is equally silly. If more than one agency want to run a nickname listing service, then fine. If that means that when I type in "sex.com" into a browser, I go to 64.28.67.150 and when you type it in, you go to 209.81.7.23 so what? It's my choice which listing service I use.

There are over 40 million registered top level domains. NSI gets anywhere from $6-$35 per year for each one. That's $240,000,000 to $1,400,000,000 dollars anually, and they don't even maintain the servers. If this is a public trust, then I'd like to see a public audit of the books.

Just because there are shades of gray, it doesn't mean we can't tell black from white.

Stabilizing?

Therefore, any new TLD which conflicts with a pre-existing TLD is destabilizing, no matter where it comes from.

Well, that may be true... But it seems to imply that everyone wildly creating new TLDs on their creaky 486 Linux box is a stabilizing thing; therefore anybody who creates the same TLD somewhere else is destabilizing the net. This is one way of looking at things, but why should it imply that the first person to get there has some particular right to run that TLD?

I do not believe that ICANN "owns" all TLDs, or should have rights to them own them in the future. I'm simply pointing out that anyone can stake out a TLD, whether they have the resources to maintain it or not. Calling this "stabilizing" is a bit misleading.

I don't see a problem with ICANN

I really don't see what all the hubbub is about. Currently you can buy a domain name of your choosing for $35/yr, I can't think of anything else that gets you anywhere close to that kind of cost/benefit ratio. The money goes to maintain DNS servers that pretty much never go down, that level of reliability is critical for the Internet to function. I've had enough trouble just dealing with ISP DNS servers, a bunch of competing TLD servers are going to cause all kinds of problems if there isn't a centralized controlling presence.

As for the dearth of top level names, I still don't see why anyone would care. .com, .org, and .net stopped being meaningful a long time ago and there really aren't too many reasons not to buy a .com. If your chosen name has already been taken, switching to a different TLD is kind of a piecemeal solution. In terms of branding, corporate or personal, you want as simple a domain name as you can get.

There are also the international TLDs to worry about; it seems that these definately require a strong centralized authority to dish out. The Internet may provide the illusion of a united world, but things are still very much focused on individual countries and the international TLDs reflect that. Currently each country is given their own TLD which they can treat as national property, that system makes sense to me. Their sovereignty should not be affected by some random reseller.

In my mind ICANN provides a much needed layer of stability and control over the Internet. For the Internet to work well, there needs to be some entity that provides such a stabilizing influence.

Postel

Postel's probably turning in his grave. Granted, there are a lot more computers and networks on the internet, but looks what ICANN and Verisign are, and what Postel was. I miss the old days.

I think we have to understand that this is not a fight we are going to win. We have lost control of the internet. It is in the hands of the companies now. But now what?

I think it's time to look at alternatives to "The Internet." It is well within our means to simply use the Internet as a transport method and develop our own networks and interconnect them if we choose. Ok, so some of our ISP's don't want us VPNing, but we can switch ISP's usually.

The question is, is it time to walk away from the public, develop technology, and let the public come to us (again)?
--
Darthtuttle
Thought Architect

Re:ICANN ... not.

The internet was founded on the idea of routing around damage. How do we route around the cancer that ICANN is becoming?

You really should check out OpenNIC (http://www.opennic.unrated.net/). It's a (seemingly) democratic organization that recognizes the ICANN root, legitimate alternate roots, and its own namespace. What this means is that you can join immediately, your DNS won't be "broken," and you can have a say in how the DNS namespace will be organized. I've only recently signed up, so I don't know yet whether this is the solution, but at least I feel like I'm no longer part of the problem.

P.S. The astute reader will note that I have registered "mozhon.net" in the ICANN root. I can only say that it was done some time ago, before I understood my options. I will not renew it.