Internet Governance; ICANN and Accountability 64
Contention writes: "The following policy was released by ICANN today (9th July), reiterating their commitment to 'A Unique, Authoritive Root for the DNS'. The document contains a stern warning to anyone '[working] under the philosophy that if they get there first with something that looks like a TLD and invite many registrants to participate, then ICANN will be required [...] to recognize in perpetuity these pseudo TLDs, inhibiting new TLDs with the same top-level name' while at the same time encouraging clearly marked, experimental alternate DNS roots." So ICANN says, unsurprisingly, that ICANN is needed to govern the domain system. Meanwhile, the Markle Foundation released a study of internet governance and accountability issues today. Read the study, or the NYT article about it.
ICANN will soon be irrelevant anyways... (Score:1)
As soon as Microsoft roles out UDDI [uddi.org] in all of their products, DNS users will be about as relevant as modern day trailer trash. So, who gives a rats ass what ICANN is doing since their going to be obsolete.
Prove me wrong.
A New TLD (Score:1)
...and the internet navigates around breaks... (Score:1)
Federal Reserve 1913 - ICANN 1998 (Score:1)
If you want a better understanding of what the Government is trying to do with ICANN, look at the history or the Fed. How did a nation founded on a tax revolution end up paying over 50% to the government? (or, are we really paying it into the banking system?)
The ICANN take-over is the latest model for Government "tax" collection. Taxing people rights to exist... or, for their ideas to exist online.
But they can't handle it ... (Score:1)
You can read about it here: http://www.nic.cx/cx.home.cfm [www.nic.cx]
The IANA page still lists the wrong contact information: http://www.iana.org/root-whois/cx.htm [iana.org]
If they are unable to keep their existing database in order, how can they possibly manage new top-level domains ?
It's not just ICANN (Score:1)
Simply substitute "social stability" wherever you see "Internet stability", and there you go.
Re:Single Root is Required! (Score:1)
Why can't it delegate the policies to the domain owner along with the right to create sub-domains?
For example, it has been suggested that .eu (European Community) should take the opportunity to be more strict about what organizations could own .com.eu names etc. and so 'add value' over existing alternatives such as .uk or .com. I don't happen to agree with this suggestion for .eu, but is a perfectly reasonable requirement in the general case.
Perhaps the fact that such basic concept distinctions are still not being made - here, between authority for names and authority for other things - is a consequence of the lack of formal definitions underpinning documents such as RFC 2826? (Exercise for the reader: go through 2826 and figure out when they mean fully-qualified name vs. partial (domain) name).
There must be rigorous specifications around that could be used - I used to use The ANSA Naming Model [ansa.co.uk] some years ago, but there must be more recent equivalents - anyone got any pointers?
cheers
alex
Re:Some Points (Score:1)
catfood.pets.new.net
and
catfood.pets
it is (amazingly enough)
catfood.pets.new.
Profound? Well, not exactly - the point is that by putting the naming authority (Newnet) explicitly into the name at the appropriate place - the top - the battle for 'highly desirable' names will be avoided provided ICANN avoids upsetting people by allocating TLDs which have general significance in the real world - .good, .holy, .cheap etc. itself. Instead, its only function would be to delegate to other authorities and let them allocate the 'desirable' subdomains if they want.
Specifying DNS (Score:1)
For example, say you have two websites, run by Siteowners Bob and Tom, who each want the domain "blah.com," and Siteowner Bob gets into the ICANN-run DNS before Siteowner Tom. So Tom goes to (and I'm pulling this name from nowhere -- I doubt it exists) CheeseDNS. The (hypothetical) newest versions of browsers are written under the assumption that there are multiple DNS' out there, and that functionality is written into them.
So to get to Siteowner Bob's blah.com, you might type:
icann://www.blah.com
... whereas to get to Siteowner Tom's blah.com, you might type:
cheese://www.blah.com
... or something to that effect.
This would probably necessitate maintaing an active list of DNS' -- that could be kept by ISPs, or some regulating body (hopefully not ICANN -- preferably some newly-created regulating body whose members are voted on REGULARLY, to avoid problems like the ones we're having with ICANN.
Like I said, this issue is not my area of expertise, so by all means tell me why it will or will not work.
inigima
Re:This link works better (Score:1)
Re:But they're NOT needed! (Score:1)
Dan Bernstein [cr.yp.to] is working on something like that. See his website [cr.yp.to] for his ideas on how to do it, at the end of the page following his rant about DNSSEC.
Re:A single root is the problem, not the solution. (Score:1)
There is a separate set of problems with adding more root servers, because the more servers for a zone (including the root), the harder it is to keep them in sync.
Are some sites' days numbered then? (Score:1)
Re:Single Root is Required! (Score:1)
To respond to a few of your other statements:
1) OpenNIC is not, and does not want to be, _the_ root operator. We want to be _a_ root operator, and we encourage anyone who doesn't want their DNS root to run the way we do to set up their own and discuss root peering with us. A global DNS run by a collaboration between hetrogenous operators is the best possible structure for something as varied as the Net.
2) Yep, we just decided we were a root and, lo!, we were.
3) The complaint against ICANN is not that they did this (the U.S. government did it, not ICANN, for one thing), but that they did it without the consent of the users and that they refuse to cooperate with others. There are independant roots who don't cooperate either, and they're in much the same box as ICANN except, of course, that their users generally choose to use their system. (New.net is the more ICANN-like exception to this, since their agreements with Earthlink and such do mean the users had no real choice.)
4) As the only person with root on the box that tabulates our votes, I can assure you there was no tampering, but that's not really sufficient, is it? We are working on a PGP signed voting mechanism, but as the Software Libre world is well aware, these things take time to build for a volunteer project. We are concerned about this, and we are working on it. It'd be great if you wanted to help on that.
I don't know who the "Atlantic" is you're saying controls
From the above, you can see that I do think OpenNIC (if not the other independant roots) is a very different beast from ICANN. We have a 100% voluntary participation and a true democracy, rather than a captive usership and just enough of the trappings of community to disguise the fascist operation underneath. So, I think there are differences.
-robin
Re:Once again, empty words.... (Score:1)
and to reply to your question, If you only had a million or 2 poeple on the net like the good old days that would be ok
Re:DNS/ICANN (Score:1)
Re:DNS/ICANN (Score:1)
Your bluff is hereby called. (Score:1)
We do things entirely democratic at opennic --- which is one of the problems that we have with ICANN, in that they are not democratic, and are not even playing by their own rules.
Re:DNS/ICANN (Score:1)
What's the biggie?
Oh yeah, it would neuter ICANN....
Kierthos
(no! it's not an anagram!)
Re:Uh... (Score:1)
>Isn't today July 10th?
Not necessarily.
It may be July 11th in your timezone.
--
Flash cartoons (Score:1)
Re:Some Points (Score:1)
It depends on what the alternatives are. New.net looks a lot better than Network Solutions.
A single root is the problem, not the solution. (Score:1)
If this were a software project, we wouldn't listen to anyone who didn't contribute code.
Show me the patches ICANN.
What TLDs have you created?
What has been done to promote competition?
What have you done for the public?
Instead of wasting time tearing down the others, make them all moot.
If ICANN got off it's ass and approved a few hundred new TLDs,
then no one would care a whit about new.net, alternic, or any of the others.
Re:But they're NOT needed! (Score:1)
I have a dns server that serves the
_Anybody_ can put up an alternate root, though I guess it'll be illegal soon because it could potentially wreck someone's business plan and prevent a couple of really obscenely rich people from becoming insanely rich at the expense and well-being of as ICANN puts it, that "broader community"...
Pseudo TLD's wont work (Score:1)
New.net is trying to peer up with ISPs to get them to modify their hints file or named.conf to alow resolution of all the pseudo TLDS's. Great. So only the peple who use new.net or have dl their nifty patch can see these sites? What if I set up a similar system here in Canada? Then when my swell Windows 9x box looks up asciiporn.xxx, where will it take you? To the UK site asciiporn.xxx.new.net, or to asciiporn.xxx.myisp.ca? Hmmm? It will depend on the order of your search domains. If new.net is first on the list to check unqualified names, I get the UK site. If not, I get the Canadian site. For those of you who think that DNS is broken now, just wait. You and I will be looking up the same "name" and possible get totally different sites, depending on our ISP or what region we are in.
The only way I can see around this is to get a really short domain containing only ONE letter. For example, x.com. Very 21st century. Then, as the holder of that domain, allow others to use *.xxx.x.com or *.kids.x.com. x.com is better than new.net, as using x.com is much easier to imprint in the brain for that average user.
I know that new.net is trying to do this, but in order for this to succeed, you basically need to be a carrier or in the postion to meter out the bandwith to major ISP's, and coerce them into modifying their name resolution. Asking or setting up an alliance wont cut it. You need to be the big dog who calls the shots. Not likely gonna happen with a start-up during the dot-com-crunch.
Re:Single Root is Required! (Score:1)
Re:DNS Server choice (Score:1)
Re:A New TLD (Score:1)
Re:A New TLD (Score:1)
Re:Single Root is Required! (Score:1)
It's easy to bash the standards but you better know what ur doing before you start creating endless loops of
M$ tried this overthrow of DNS called WINS (hahah we all love wins don't we... NOT). Talk about corrupt databases.
Re:DNS/ICANN (Score:1)
New TLDs For the Masses? (Score:1)
Re:DNS/ICANN (Score:1)
Re:DNS/ICANN (Score:1)
now I'm confused (Score:1)
Re:Single Root is Required! (Score:2)
TLD's are NOT roots. They are top level domains. One stop down from the root.
How are you going to get everyone to agree on who should be the TLD servers? You can setup any organization you want. Somehow they'll have to agree, perhaps by voting. Guess what, you've just invented equivalent of ICANN.
Re:Single Root is Required! (Score:2)
How do you know the ballot boxes weren't stuffed? When do we change Atlantic's rullership of .net? What do we do when it changes?
You're inventing the same mechanisms and just putting different names on it.
Single Root is Required! (Score:2)
Let's make this clear. Right now there is one root. It means there's one name space. If I look up slashdot.org, I'm sure I get this site. Now, lets say there are other root servers that some "new" organization runs. What happens when this new organization puts in an entry for slashdot.org that points somewhere else?
The answer is that you no longer have any faith that any address you use is going to work for yourself. Even if it works for you, if you give an address to someone else you don't know what root server they're using and whether or not it works. Your email address becomes useless, because you can't be sure it actually works for any other user. You can also get into all the criminal activity if users connect to fake sites.
Before someone makes the argument, that the various root servers will just "agree" on how they share the name space, that ends up being the same as having a single root! The "agreement" just happens in the single version of the root server data file.
So, the fact is, that a single consistant root really is needed unless you want to go back to IP addresses for everything.
Now, I do agree that ICANN should be moving faster in granting new domains. They've had a hard time creating policies, and frankly creating policies that work for a VERY diverse group of people is extremely tough. But people should try to understand the TECHNICAL issues instead of just bashing on ICANN as a new form of government.
Re:Single Root is Required! (Score:2)
I accept that the structure that you are proposing might require a single root. That's a good argument for modifying it, not a good argument for using it.
I can't assure myself that I'm the only person using my name. It's unreasonable for a url user to assume, merely from the url that it's the same one. The solution is to cross-check this against another key, e.g., a pgp key. Then if multiple possible url's resolved, you could choose the one that matched the one that you had visited before. If you hadn't visited any of them, you could do a brief scan to select the one you meant, and register their key.
This just a quick off - the - top - of - my - head approach. There are almost certainly more elegant ways. But centralized control is an inherently bad idea, and should (almost) always be designed around.
Caution: Now approaching the (technological) singularity.
DNS Server choice (Score:2)
True, but you do have the choice of DNS providers, I've almost never used the one from my ISP, but rather the servers I keep alive at work. You can pick a name server and use it from anywhere in the world, regardless of what your ISP wants you to do.
--Mike--
Make your own root domain server! (Score:2)
I've got the file saved as "rebeldb.root" in my c:\bind directory, and updated named.boot with the following info at the bottom...
;
;
;cache . db.cache
;
; prime the DNS with root server 'hint'
information
cache . rebeldb.root
So there it is, you too can declare independance from ICANN, and decide for yourself who you trust to be the authority for each domain. Let the vanity TLD games begin.
I don't use Microsoft's DNS server, so your milage may vary, I suspect this should work with newer versions of BIND.
--Mike--
Re:Single Root is Required! (Score:2)
A single namespace is required. Each root zone operator can decide what TLDs to publish delegations for. But ICANN confuses the namespace with their own version of the root zone file. So do you.
What happens when this new organization puts in an entry for slashdot.org that points somewhere else?
What happens when the sole root operator decides slashdot.org is subversive, and yanks the domain altogether?
Now, I do agree that ICANN should be moving faster in granting new domains. They've had a hard time creating policies, and frankly creating policies that work for a VERY diverse group of people is extremely tough.
But they are creating policies for moneyed interests, not a diverse group. The operators of the other roots are operating on behalf of a diverse group, precisely because they are themselves a diverse group.
But people should try to understand the TECHNICAL issues instead of just bashing on ICANN as a new form of government.
But they are trying to be a new form of government. They are trying to assert authority where none has been granted to them. Their charter calls for them to create technical policies aimed at maintaining internet stability. Yet they themselves loaded a colliding .biz TLD, which has now created a fractured namespace. They are responsible for introducing ambiguity, not Atlantic Root [atlanticroot.net]. Their .biz has been in operation since before ICANN was chartered, and ICANN's board knew it when they approved the plan to usurp it.
If ICANN is a governmental agency, then the previous registrants and registry under the pre-existing .biz are entitled to compensation under the doctrine of emminent domain. Yet nothing of the sort is forthcoming from ICANN. This is not governance, this is not stability, this is capricousness and tyranny.
It may interest you to know that OpenNIC has recently called for a vote [unrated.net] to determine which .biz to carry in the root zone they operate. Atlantic Root's .biz is winning by a wide margin. The same sort of deliberations are taking place in other root-zone-operating organizations.
Re:DNS Server choice (Score:2)
Anyway, some OpenNIC people have had problems with this. ISPs are usually totally uncoorperative. The only solution is usually to switch to a "mom-and-pop" local corner-store type ISP. Hey, they almost always have better service, anyway.
Claim your namespace.
Well, Duh (Score:2)
Uh, shouldn't that be their commitment to 'ICANN as the Unique, Authoritative Root for the DNS'?
Funny how that works. Ask the authorities, and the authorities will tell you, "Of course we should be the authorities!" No bias there, eh?
Re:Protecting themselves from New.net (Score:2)
The vote on whether to accept ICANN's new
Thanks to ICANN, their great fear of fracturing the namespace is to come about due to their own actions. There's nothing like consistency, is there?
-robin
Another option? (Score:2)
The Internet was pretty well served by the Internet Society, and the engineering details by the Internet Engineering Task Force. Why did the United States government decide THEY had to pick an agency, when the Internet Society is the place that represents ALL the people?
That, of course, meant that the Internet Name Task Force (INTF) (to pick a name) would not be beholden to US trademark law...
Re:Protecting themselves from New.net (Score:2)
Re:Hilarious Excerpts (Score:2)
Traditionally, the responsibility for performing the central coordinating functions of the global Internet for the public good, including management of the unique public DNS root, has been carried out by the Internet Assigned Numbers Authority (the IANA). ICANN's core mission is to continue the work of the IANA in a more formalized and globally representative framework, to ensure the views of all the Internet's stakeholders are taken into account in carrying out this public trust.
And by "stakeholders" we mean those who have the biggest pieces and the most cash.
Resolution (Score:2)
Oh, you mean like this:
Re:DNS/ICANN (Score:2)
These would be hard for a human to remember, (20-30 random characters) but they have the other advantages of DNS, and a few extra;
They are guaranteed to be unique,
A single computer (IP address) can support multiple names
- and -
Hi-jacking a domain is nearly impossible,
Anyone who wanted to could become a listing service (competition)
They can be cached essentially forever
NewDotNet problems, namespace overlap? (Score:2)
On a personal note, I just got an email yesterday from someone trying (unsuccessfully) to get a refund from this 'bogus name registrar' (new.net) because they did not adequately disclose that their domain names are currently invalid on most systems, and apt to stay that way, or that they are selling off names that may be *already taken* by other sites on other DNSes. (Also, in part, because the new.net trojan causes one of her favourite internet programs to pagefault on startup, but that's a separate rant.) Personally, I think they should submit a refund to ALL of their customers.
To top it all, this unhappy customer informs me that they are charging $50 USD for 2 years. An utter rip, IMHO, considering their domain-names aren't valid on systems that don't have their Trojan horse installed and aren't on one of their bed-partner ISPs. (For reference, I paid $35 to register my *real* domain [cexx.org] for 2 years, and have the guarantee that it will be valid on *any* system running *any* internet-ready operating system, and won't display a porn site to Earthlink/Juno/NetZero customers.)
--
Re:Protecting themselves from New.net (Score:3)
Anybody read the NYT article? (Score:3)
Yeah, that'll work.
Re:Single Root is Required! (Score:3)
When I want to support a new TLD such as .BIZ, or whatever, and I don't agree with ICANN, I just update my root.db [warot.com] to reflect my own choice for that TLD, which does break things, but only for that TLD.
So, you can have your cake (interoperable .COM, etc) and choose your own icing (.BIZ, etc) instead of letting ICANN tell you what to do.
--Mike--
One possible trigger for this reaction... (Score:3)
ICANNs FAULT (Score:3)
What makes it bad - they know how solve this trademark and domain name problem.
The solution has been ratified by honest attorneys - even the honourable G. Gervaise Davis III, United Nations World Intellectual Property Organization panellist judge.
There is only one conclusion that could be drawn, for it not being used.
By not using solution, trademarks have priority, this stops free speech.
Fact: domain names were not designed to be trademarks - ask Paul Mockapetris, creator of Domain Name System. He was asked, "What do you wish you had invented?" - His reply, "A directory system for the Internet that wouldn't be controlled by the politicians, lawyers and bureaucrats."
Nor can they be used as such - reason: Most trademarks share same or similar name with many others e.g. Caterpillar tractors claimed 'cat' is 'their' trademark on the Internet - even though there are 1746 'cat' trademarks - IN THE U.S. ALONE. Conflict is IMPOSSIBLE to avoid.
They ALL legally have to protect their 'cat' trademark. For only one business to use, gives it dominant position over all the others. This is against 'unfair competition' laws.
What about free speech rights? The 'cat' was on this earth long before these tractors.
I thought the US Government were pretty hot on that - something you call the First Amendment, I believe.
The only logical conclussion that I can come to is - they want it that way. Amongst many other things, the legal profession get rich and corporations can abuse their trademark powers.
Please visit wipo.org.uk [wipo.org.uk] - for the easy solution.
WIPO.org.uk comments to World Intellectual Property Organization [wipo.int] .
This link works better (Score:3)
Some Points (Score:3)
Do we want new.net to be the sole registrar for 30 pretty desirable TLDs just because they have a lot of venture capital from Idealab! to spend?
What ICANN is doing is stating up front that they are not going to recognise this type of tactic as legitimate.
People have always been able to set up their own roots, I do it myself on my home machine where I root the .test TLD for systems I don't want to register in the external Internet space.
Setting up your own TLD is a bit like setting up your own internal telephone area codes however. It is not a good thing if there are two competing companies handing out 1-800 numbers.
This leads to an important security issue, multiple DNS roots leaves companies open to the risk of having their DNS names hijacked. If I buy the name xyz.kids from the ICANN appointed registrar some smart alex could register xyz.kids at new.net and steal some of my trafic.
In the worst case there is no authoratative root and the site a domain name will resolve to will differ randomly depending on the ISP you select. To be frank the people who claim this is a good idea either have no idea what they are talking about or are paid shills of some alternate registrar looking to muscle in and make some quick cash.
If DNS addresses or IP addresses cease to have the uniqueness properties relied upon in the IP protocol then we no longer have an Internet, all we have is a patchwork of partially interoperable networks.
This policy raises a question (Score:3)
Their policy seems to be "We're not the only game in town, but we should be." Competition is one of the best principles of a free economy/society. Their position that "competition causes instability" is far stupider than any FUD Microsoft or any other monopolist would come up with. Think of it - "windows should be the only desktop OS because it would cause instability to have incompatible OS's proliferating among PC users". How fast would the anti-trust lawyers be on that?
Their argument is weak. If they could force admins to point their DNS at them or shut down "rogue" DNS for
-----------------------
But they're NOT needed! (Score:4)
I'd like to see a distributed DNS system based on cryptographically signed keys. Hmm. I'll have to think about how one would implement one of those...
Re:Hilarious Excerpts (Score:4)
- "I've found people want democracy, but they're often unwilling to do the work, whether it's looking at voting records or taking the most basic measures to protect their own privacy," said Ms. Dyson, who serves on a committee that is trying to increase public representation in Icann. "Frankly sometimes you don't need democracy, you need a market where people understand what's being offered and choose what they want."
Esther Dyson, though no longer Chair of the ICANN board, sums up ICANN's approach to namespace governance. God, these people make me crazy. If you think that the namespace should, in fact, be accountable to its users, and not ruled by fiat, then start using an alternate root now. I recommend the OpenNIC [unrated.net].Claim your namespace.
Protecting themselves from New.net (Score:4)
ICANN is trying to block and fight back at these types of services and re-establish themselves as the organization in charge of TLDs.
Hilarious Excerpts (Score:5)
- ICANN was subsequently selected
by the United States Government from among several proposals submitted
precisely because it was open, consensus-based, and rooted in the Internet
community. (Consensus my left butt cheek)
- This commitment to
a unique and authoritative root is a key part of the broader public
trust - to carry out the Internet's central coordination functions
for the public good - that is ICANN's reason for existence. (Is this a technological organization or a religious movement?)
- "As Internet names
increasingly have commercial value, the decision to add new top-level
domains cannot be made on an ad hoc basis by entities or individuals
that are not formally accountable to the Internet community." (Now, if only we could get ICANN to be accountable to the Internet community...)
- The success
of the Internet and the guarantee of Internet stability rest on the
cooperative activities of thousands, even millions, of people and institutions
collaborating worldwide towards a common end. (...yet ICANN holds all the cards).
- ICANN -
in deference to its public trust - will continue to collaborate
with these citizens of the Internet community to advance the notions
of a unique root system as a prerequisite to Internet stability, and
to ensure that community-based policies take precedence. (Translation: We only give TLDs to the highest bidder; Anything else would cause instability.)
Yeesh.public interest (Score:5)
These decisions of the alternate-root operators have been made without any apparent regard for the fundamental public-interest concern of Internet stability.
ICANN has the best interests of the public in mind?
Next you'll be telling me the RIAA has the best interests of the artists in mind.