Discussion:
what problem are we solving? (was Re: ICANN opens up Pandora'sBox of
(too old to reply)
David Schwartz
2008-06-28 19:52:14 UTC
Permalink
Yes. It completely marginalizes the remaining positive qualities of the
Domain Name System as a way to find things, in the name of giving people
"more options."
That never existed and never made any sense. DNS is a naming scheme.
Entities choose names that are expressive, not informative.

You may have a hard time remembering the name of the Chinese restaurant
around the corner from you because it's not named "The Chinese Restaurant
Around the Corner from Joe Greco", but naming businesses for your
convenience is just not reasonable. What's convenient for you is not what's
convenient for me.

You should name the restaurant, for your purposes, with a name that is
convenient for you. I'll do the same. If you and I have to exchange the name
of a place, we need to map our convenient names to a proper name. But we
don't normally have to use proper names, they're inconvenient.

These type of mappings have to be competitive because different people have
different requirements. If you want an easy way for you to find a company
based on what you consider its name to be, find one that works for you.

But DNS works differently, it maps *authoritative* names to businesses. It's
more like how you map a business name to the responsible entity when you
file a lawsuit. It has no business trying to be easy for humans to use and
understand if that compromises its use for its actual purpose.
Let me start by saying that I believe that the trends in the DNS have been
going the wrong way for well over a decade. The insistence on the part of
many that the namespace be flattened is just a poor choice.
People are now
used to trying "<foo>.com" to reach a company. In some cases, this makes
fair sense; I can see why "ibm.com" or "seagate.com" are that way, even
though in some cases there are namespace collisions with other trademarks.
In others, it's ridiculous - why the heck do I get someplace in California
when I go to "martyspizza.com", rather than our local very excellent pizza
place? (sadly this example is less effective now, they managed to get
"martyspizza.net" a few years back).
I agree. People should not do that. They should use some kind of mapping
service that works for the kinds of mappings they expect. DNS is not that
service, cannot be that service, and never will be that service.

DNS is a technical service to map slow-changing authoritative names to their
current numbers.
We never had any business allowing small, local businesses to register in
.com, or non-networking companies to register in .net, or
non-organizations
in .org... but a whole generation of Internet "professionals"
"knew better"
and the end result at the end of the road is that DNS will end up being
almost as useless as IPv4 numbers for identifying the more obscure bits of
the Internet.
Which is fine since that's not what DNS is for.

DNS maps slow-changing authoritative names to fast-changing numbers.

I do agree that people do in practice use DNS this way. And I do agree that
making it work worse for them is not the best thing in the world. But making
a bad solution a bit worse is not a particularly big deal. People have
almost completely stopped even exchanging URLs with each other manually. The
exchange links specifically mapped through URL mapping services so that
they're easier to communicate, or they put a link on a web page or in an
email.

DS
Joe Greco
2008-06-29 02:31:33 UTC
Permalink
Post by David Schwartz
Yes. It completely marginalizes the remaining positive qualities of the
Domain Name System as a way to find things, in the name of giving people
"more options."
That never existed and never made any sense. DNS is a naming scheme.
Entities choose names that are expressive, not informative.
You may have a hard time remembering the name of the Chinese restaurant
around the corner from you because it's not named "The Chinese Restaurant
Around the Corner from Joe Greco", but naming businesses for your
convenience is just not reasonable. What's convenient for you is not what's
convenient for me.
I never said it was. I'm not arguing for me to be able to rename someone
else's business.
Post by David Schwartz
You should name the restaurant, for your purposes, with a name that is
convenient for you. I'll do the same. If you and I have to exchange the name
of a place, we need to map our convenient names to a proper name. But we
don't normally have to use proper names, they're inconvenient.
These type of mappings have to be competitive because different people have
different requirements. If you want an easy way for you to find a company
based on what you consider its name to be, find one that works for you.
I do not "consider its name to be" some random thing. I consider it to be
what it calls itself. There are already rules for that sort of thing
outside of the Internet, for example, I am not allowed to create a company
name that duplicates a company name that already exists. The problem is
that while I can go and register a "Mycompany LLC" in Wisconsin and a
"Mycompany LLC" in Illinois, there is only one "mycompany.com" available,
though "mycompany.wi.us" and "mycompany.il.us" are both available and do
not collide.
Post by David Schwartz
But DNS works differently, it maps *authoritative* names to businesses. It's
more like how you map a business name to the responsible entity when you
file a lawsuit. It has no business trying to be easy for humans to use and
understand if that compromises its use for its actual purpose.
That's one hell of an if, and it doesn't seem to even be true. If you read
805 and other foundation documents, it seems clear that the goal was to
*replace* a difficult-to-use mail relaying and routing scheme for mail
addresses with something that was easier for ... ah, yes, users to use.
Post by David Schwartz
Let me start by saying that I believe that the trends in the DNS have been
going the wrong way for well over a decade. The insistence on the part of
many that the namespace be flattened is just a poor choice.
People are now
used to trying "<foo>.com" to reach a company. In some cases, this makes
fair sense; I can see why "ibm.com" or "seagate.com" are that way, even
though in some cases there are namespace collisions with other trademarks.
In others, it's ridiculous - why the heck do I get someplace in California
when I go to "martyspizza.com", rather than our local very excellent pizza
place? (sadly this example is less effective now, they managed to get
"martyspizza.net" a few years back).
I agree. People should not do that. They should use some kind of mapping
service that works for the kinds of mappings they expect. DNS is not that
service, cannot be that service, and never will be that service.
That's not true. Perhaps you should go read RFC1480. (Before you make any
comments, you should be aware that I *have* read 1480, and that one of the
hosts used as an example in that document is currently running 50 feet away
from me).

For example, I *ought* to be able to find the Police Department for the City
of Milwaukee at something reasonable, such as "police.ci.milwaukee.wi.us".
If I then needed the police for Wauwatosa, "police.ci.wauwatosa.wi.us", or
for Waukesha, "police.ci.waukesha.wi.us".

1480 is about trying to provide localization services that could ultimately
result in a namespace containing vastly fewer collision issues. But to
understand what I'm talking about, you really have to get rid of the ".com"
mentality first.

To extend that principle, companies that have an exclusively local presence
probably don't need to be occupying space in a TLD. That's the Marty's
Pizza example.
Post by David Schwartz
DNS is a technical service to map slow-changing authoritative names to their
current numbers.
Which are also generally slow-changing.
Post by David Schwartz
We never had any business allowing small, local businesses to register in
.com, or non-networking companies to register in .net, or
non-organizations
in .org... but a whole generation of Internet "professionals"
"knew better"
and the end result at the end of the road is that DNS will end up being
almost as useless as IPv4 numbers for identifying the more obscure bits of
the Internet.
Which is fine since that's not what DNS is for.
DNS maps slow-changing authoritative names to fast-changing numbers.
No, DNS is intended to map logical names, which are, among other things,
supposed to be usable and useful to humans. "[W]e wish to create
consistent methods for referencing particular resources that are similar
but scattered throughout the environment." That 25-year old statement
is still a nice summary of the purpose of DNS.

The idea is that you can try for consistency, and where consistency is
reasonable and possible, some of us still believe that it could exist.
Post by David Schwartz
I do agree that people do in practice use DNS this way. And I do agree that
making it work worse for them is not the best thing in the world. But making
a bad solution a bit worse is not a particularly big deal. People have
almost completely stopped even exchanging URLs with each other manually. The
exchange links specifically mapped through URL mapping services so that
they're easier to communicate, or they put a link on a web page or in an
email.
I don't see what you're saying as supporting ICANN's actions. If DNS is
irrelevant for these purposes, then why bother "making a bad solution a bit
worse." Just let it become, over the next 25 years, some mid-level
directory resource that users see less and less of, until it's almost as
irrelevant as IP address.

(*I* don't buy that, but then again, I'm making the argument that we've
really screwed up with DNS)

... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
Peter Beckman
2008-06-29 17:21:07 UTC
Permalink
Post by Joe Greco
For example, I *ought* to be able to find the Police Department for the City
of Milwaukee at something reasonable, such as "police.ci.milwaukee.wi.us".
If I then needed the police for Wauwatosa, "police.ci.wauwatosa.wi.us", or
for Waukesha, "police.ci.waukesha.wi.us".
To extend that principle, companies that have an exclusively local presence
probably don't need to be occupying space in a TLD. That's the Marty's
Pizza example.
martyspizza.brookfield.wi.us works great. At what point in Marty's
expansion does Marty's Pizza get to move to a TLD? The RFC leaves
management decisions to an alluded to but unnamed group.

Plus, WTF: John-Muir.Middle.Santa-Monica.K12.CA.US
Cut and Paste or die trying. I doubt parents will remember or type that.
Besides, sophisticated search engines are making Domain Names less
relevant anyway. I can find Marty's Pizza in Brookfield via Google or
Yahoo in a matter of seconds. Let the search engines organize the web,
not DNS.

Schools are going short and sweet, just like businesses, using the
existing TLDs. martyspizza.net is fine. So is johnmuirsl.org. No need
for 30 more or 3000 more TLDs.

Beckman
---------------------------------------------------------------------------
Peter Beckman Internet Guy
***@angryox.com http://www.angryox.com/
---------------------------------------------------------------------------
Jim Popovitch
2008-06-29 20:20:16 UTC
Permalink
Let the search engines organize the web, not DNS.
OK, (assuming you believe that), why keep dns around. Why not go back
to just IP addrs and hosts files for those that need them.

-Jim P.
Gadi Evron
2008-06-29 20:42:08 UTC
Permalink
Post by Jim Popovitch
Let the search engines organize the web, not DNS.
OK, (assuming you believe that), why keep dns around. Why not go back
to just IP addrs and hosts files for those that need them.
Because the Internet is not governemned, common misbelief aside. It's a
mess of capitalism and anarchism. In fact, The Internet is the only
functioning anarchu.

I see no reason why search engines won't, they already do, whether we want
to admit it or not, for the home user they ARE the Internet.

Gadi.
Post by Jim Popovitch
-Jim P.
Paul Wall
2008-06-30 17:38:04 UTC
Permalink
Gadi,

I tried to find even the smallest token of operational relevance on
your postings on this thread, and I'm coming up short.

Could you please do us a favor and stop posting until such a time when
you're able to comply with the list's AUP?

Paul (not a member of MLC, my opinions only)
Laurence F. Sheldon, Jr.
2008-06-30 17:45:32 UTC
Permalink
Paul Wall wrote:
[bagged and tagged]

P,K,B.
Peter Beckman
2008-06-29 21:32:51 UTC
Permalink
Post by Jim Popovitch
Let the search engines organize the web, not DNS.
OK, (assuming you believe that), why keep dns around. Why not go back
to just IP addrs and hosts files for those that need them.
DNS is useful in masking IP address changes, and for humans navigating the
Internet.

DNS is not useful for organizing the web. Additional TLDs isn't going to
help organize the web. Search engines and portals organize the web. DNS
will be increasingly less useful as the Internet continues to expand and
grow, and normal non-geek non-nanog humans will increasingly rely on
search engines and portals to find what they need, not domain names.

Beckman
---------------------------------------------------------------------------
Peter Beckman Internet Guy
***@angryox.com http://www.angryox.com/
---------------------------------------------------------------------------
Jay R. Ashworth
2008-06-30 21:26:10 UTC
Permalink
Post by Peter Beckman
Plus, WTF: John-Muir.Middle.Santa-Monica.K12.CA.US
Cut and Paste or die trying. I doubt parents will remember or type that.
No one does either. They search for it, or pick it out of an email.

But *I can read that domain name and know what it points to*.

More importantly, it is possible for me to learn that k12.ca.us is
picky about whom it hands it's subdomains to, and therefore I can have
a reasonable guess that (DNS spoofing aside) that domain actually
belongs to a school.

Cheers,
-- jra
--
Jay R. Ashworth Baylink ***@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274

Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
Joe Abley
2008-06-29 18:14:58 UTC
Permalink
Post by Joe Greco
For example, I *ought* to be able to find the Police Department for the City
of Milwaukee at something reasonable, such as
"police.ci.milwaukee.wi.us".
If I then needed the police for Wauwatosa,
"police.ci.wauwatosa.wi.us", or
for Waukesha, "police.ci.waukesha.wi.us".
About as much as I ought to be able to reach the Canadian army at
army.mil, or the Canadian Citizenship and Immigration department at
cic.gov.

There is no single namespace that makes sense for everybody. For every
single person who says "I ought to be able to do X to find Y" there
will be someone else for whom Y would be a surprising result for X.

The boat sailed on enforcing regulations for appropriate registrations
under particular TLDs long ago. I remember when registering a .NET
name for a small, south-western Ontario ISP in about 1995 being told
"sorry, that TLD is for ISPs only" and having to prove that I was, in
fact, working for an ISP before I could get the delegation. Imagine
that happening now?

The DNS had its origins in a desire to use names instead of addresses,
because names are easier to remember. But really, the fact that naive
users type raw URLs into browsers is an indication that we have more
work to do, not that naive users will always need to be exposed to raw
URLs. We are already at the point where a significant proportion of
the Internet population types names into Google or Yahoo! or Microsoft
Live Search, and never reference URLs in the raw unless they are
accessed through bookmarks. An increasing number of people use
Facebook more for e-mail than they use e-mail for e-mail. If this is a
trend, then perhaps we can imagine the day where the average Internet
user pays about as much attention to domain names as they do to IP
addresses today.

All these conversations about what should or should not be possible in
the namespace are pointless. The degrees of freedom are too enormous
for any single person or organisation to be able to make even a
vaguely accurate guess at what the stable state should be.

The only decision that is required is whether new generic top-level
domains are desired. If not, do nothing. Otherwise, shake as much
energy into the system as possible and sit back and let it find its
own steady state.


Joe
Rob Pickering
2008-06-30 08:08:35 UTC
Permalink
one might legitimately argue that ICANN is in need of
some serious regulation....
that can happen at that national level or on the international
level.
It is very likely that "serious regulation" particularly at an
"international level" would have a way more degenerate effect on DNS
operations than adding a bunch of new entries into the root.

Be careful about what you legitimately argue for...

I'm still having a hard time seeing what everyone is getting worked
up about.

Can anyone point to an example of a reasonably plausible bad thing,
that could happen as a result of doubling, tripling, or even
increasing by an order of magnitude the size of the root zone.

Sure, nefarious use of say .local could cause a few problems but this
is pretty inconceivable given that:
1) most estimates I've seen of the cost of setting up a TLD start at
around $500,000 (probably a bit over the credit limit on a stolen
credit card #).
2) These are easily fixed by adding known large uses like to this to
the formal reserved list.
3) I'm sure that these will in any case be caught well before
deployment under the proposed filtering process.

So, other than a change in the number of various DNS related money
chutes and their net recipients, what are the actual operational
issues here?

--
Rob.
James Hess
2008-07-01 05:43:54 UTC
Permalink
I'm still having a hard time seeing what everyone is getting worked up about.
Maybe it's not that bad. The eventual result is instead of having a
billion .COM SLDs, there are a billion TLDs: all eggs in one basket,
the root zone -- there will be so many gTLD servers, no DNS resolver
can cache the gTLD server lookups, so almost every DNS query will now
involve an additional request to the root, instead of (usually) a
request to a TLD server (where in the past the TLD servers' IP would
still be cached for most lookups).

Ultimately that is a 1/3 increase in number of DNS requests, say to
lookup www.example.com
if there wasn't a cache hit. In that case, I would expect the
increase in traffic seen by root servers to be massive.



Possible technical ramifications that haven't been considered with
the proper weight,
and ICANN rushing ahead towards implementation in 2009 without having provided
opportunity for internet & ops community input before developing such
drastic plans?


Massive further sell-out of the root zone (a public resource) for
profit? Further
commercialization of the DNS? Potentially giving some registrants
advantageous treatment at the TLD level, which has usually been
available to registrants on more equal terms??
[access to TLDs merely first-come, first-served]

Vanity TLD space may make ".COM" seem boring. Visitors will expect
names like
"MYSITE.SHOES", and consider other sites like myshoestore1234.com
"not-legitimate"
or "not secure"


The lucky organization who won the ICANN auction and got to run the
SHOES TLD may price subdomains at $10000 minimum for a 1-year
registration (annual auction-based renewal/registration in case of
requests to register X.TLD by multiple entities) and registrants under
vanity TLD to sign non-compete agreements and other pernicious
EULAs and contracts of adhesion merely to be able to put up their web
site,

As a subdomain of what _LOOKS_ like a generic name.


And, of course, http://shoes/ reserved for the TLD registrant's
billion-$ shoe store,
with DNS registration a side-business (outsourced to some DNS
registrar using some "domain SLD resale" service).


The possibilities that vanity TLD registry opens are more insidious
than it was for someone to bag a good second-level domain.
Sure, nefarious use of say .local could cause a few problems but this is
I'd be more concerned about nefarious use of a TLD like ".DLL", ".EXE", ".TXT"
Or other domains that look like filenames.

Seeing as a certain popular operating system confounds local file access via
Explorer with internet access...

You may think "abcd.png" is an image on your computer... but if you
type that into your
address, er, location bar, it may be a website too!




".local" seems like a pretty good TLD name to be registered,
compared to others,
even many that have been established or proposed in the past, more general
than ".city" (unincorporated areas with some sort of name also can use .local)

short, general and simple (just like a gTLD should be),


not highly-specific and elaborate like ".museum"



--
-J
David Conrad
2008-07-01 13:08:43 UTC
Permalink
Post by James Hess
Sure, nefarious use of say .local could cause a few problems but this is
I'd be more concerned about nefarious use of a TLD like ".DLL",
".EXE", ".TXT"
Or other domains that look like filenames.
Like .INFO, .PL, .SH, and, of course, .COM?

People keep making the assertion that top-level domains that have the
same strings as popular file extensions will be a 'security disaster',
but I've yet to see an explanation of the potential exploits. I could
maybe see a problem with ".LOCAL" due to mdns or llmnr or ".1" due to
the risk of someone registering "127.0.0.1", but I've yet to see any
significant risk increase if (say) the .EXE TLD were created. Can
someone explain (this is a serious question)?
Post by James Hess
Seeing as a certain popular operating system confounds local file access via
Explorer with internet access...
I gather you're implying MS Windows does this?
Post by James Hess
You may think "abcd.png" is an image on your computer... but if you
type that into your address, er, location bar, it may be a website
too!
Is there a browser (Internet Explorer? I don't run Windows) that
looks on the local file system if you don't specify 'file://'?
Wouldn't that sort of annoy the folks who run (say) help.com?

Regards,
-drc
Jay R. Ashworth
2008-07-01 17:14:39 UTC
Permalink
Post by David Conrad
Post by James Hess
Seeing as a certain popular operating system confounds local file access via
Explorer with internet access...
I gather you're implying MS Windows does this?
Start->Run.

Type in the full filename of a binary on your path. (FDISK.COM)

Type in the basename of a website. (FDISK.COM)

Cheers,
-- jra
--
Jay R. Ashworth Baylink ***@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274

Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
Tony Finch
2008-07-01 16:53:53 UTC
Permalink
I could maybe see a problem with ".LOCAL" due to mdns or llmnr or ".1"
due to the risk of someone registering "127.0.0.1"
RFC 1123 section 2.1 says TLDs can't be purely numeric.

Tony.
--
f.anthony.n.finch <***@dotat.at> http://dotat.at/
BISCAY: WEST 4 OR 5, OCCASIONALLY 6 LATER. SLIGHT OR MODERATE BECOMING ROUGH.
THUNDERY SHOWERS. MODERATE OR GOOD.
Jean-François Mezei
2008-07-01 21:44:45 UTC
Permalink
Post by David Conrad
People keep making the assertion that top-level domains that have the
same strings as popular file extensions will be a 'security disaster'
Microsoft, in its infinite wisdom and desire to not abide by standards
it has not set decided that instead of relying on the Mime type (content
type:) field in the HTTP response to determine how this particular
content should be rendered,, it would look at the letters following the
last dot in the URL.

There were many viruses which were transmitted this way, with URLs
ending in .EXE which meant that Microsoft blindly executed the contents
fed over the web. Often, the content type: field would point to a
image/jpeg type and standards compliant browsers would simply handle
this as a picture with invalid contents.

I am now sure if Microsoft continues to based data type decisions on
what it interprets as a file extension in a URL or not. But it should
not stop the world from moving on because to those who abide by
standards, such things are not a problem.

However, the issue of http://museum/ is an interesting one. This may
affect certain sites who would have to ensure their resolver firsts
tests a single node name and only add the local domain name if the first
test failed. There may be sites/systems that just automatically tag on
the domain name if they just see what looks like a node name.

Marshall Eubanks
2008-07-01 13:32:00 UTC
Permalink
Post by James Hess
I'm still having a hard time seeing what everyone is getting worked up about.
Maybe it's not that bad. The eventual result is instead of having a
billion .COM SLDs, there are a billion TLDs: all eggs in one basket,
There is the question of the fee structure. If the fee is really > $
100,000 USD, then
this will damp down the numbers considerably.

Here is a way to estimate this - by my estimate, there are something
like 1 million worldwide companies with
revenues > $ 5 million USD / yr. The companies I have dealt with
making ~ $ 5 million / year are hesitant to spend $ 100 K on
_anything_, but maybe TLDs will be seen as the thing to have. So, I
could imagine 1 million TLDs at this price level, maybe, but not many
more, and maybe substantially less.

How many .com domains are there ? I have a _2001_ report of 19
million. I would guess maybe 50 million by now.

Would adding 1 million TLDs really be worse for the DNS system than 50
or 100 million dot com domains ?

Of course, this depends on the crucial question of the fee. If it
drops to $ 100 USD, then I could certainly imagine a similar number to
the number of dot com domains, i.e., many millions.

This seems like a good place to ask if any of that ICANN money is
going to the root domains...
Post by James Hess
the root zone -- there will be so many gTLD servers, no DNS resolver
can cache the gTLD server lookups, so almost every DNS query will now
involve an additional request to the root, instead of (usually) a
request to a TLD server (where in the past the TLD servers' IP would
still be cached for most lookups).
Ultimately that is a 1/3 increase in number of DNS requests, say to
lookup www.example.com
if there wasn't a cache hit. In that case, I would expect the
increase in traffic seen by root servers to be massive.
Possible technical ramifications that haven't been considered with
the proper weight,
and ICANN rushing ahead towards implementation in 2009 without
having provided
opportunity for internet & ops community input before developing such
drastic plans?
Massive further sell-out of the root zone (a public resource) for
profit? Further
commercialization of the DNS? Potentially giving some registrants
advantageous treatment at the TLD level, which has usually been
available to registrants on more equal terms??
[access to TLDs merely first-come, first-served]
Vanity TLD space may make ".COM" seem boring. Visitors will expect
names like
"MYSITE.SHOES", and consider other sites like myshoestore1234.com
"not-legitimate"
or "not secure"
I personally doubt it, for the same reason that there is shoes.com but
not
nike.shoes.com.

To me, the notion that people will find the shoes they want on the web
by starting at http://www.shoes seems
archaic, very 1995.

What there may be is a raft of trademark lawsuits - for example,

Shoes.com, Inc. a subsidiary of Brown Shoe Company (NYSE:BWS)

presumably has some sort of trademark rights to "shoes.com". Nobody
has rights
to "shoes," so expect some fights here (as a potential example,
between the future owners of "shoes" and companies like Nike, and
maybe also shoes.com. IANAL, but I suspect that Brown Show might be
able to claim that ".Shoes" might infringe on the "shoes.com" mark).


Regards
Marshall
Post by James Hess
The lucky organization who won the ICANN auction and got to run the
SHOES TLD may price subdomains at $10000 minimum for a 1-year
registration (annual auction-based renewal/registration in case of
requests to register X.TLD by multiple entities) and registrants under
vanity TLD to sign non-compete agreements and other pernicious
EULAs and contracts of adhesion merely to be able to put up their web
site,
As a subdomain of what _LOOKS_ like a generic name.
And, of course, http://shoes/ reserved for the TLD registrant's
billion-$ shoe store,
with DNS registration a side-business (outsourced to some DNS
registrar using some "domain SLD resale" service).
The possibilities that vanity TLD registry opens are more insidious
than it was for someone to bag a good second-level domain.
Sure, nefarious use of say .local could cause a few problems but this is
I'd be more concerned about nefarious use of a TLD like ".DLL",
".EXE", ".TXT"
Or other domains that look like filenames.
Seeing as a certain popular operating system confounds local file access via
Explorer with internet access...
You may think "abcd.png" is an image on your computer... but if you
type that into your
address, er, location bar, it may be a website too!
".local" seems like a pretty good TLD name to be registered,
compared to others,
even many that have been established or proposed in the past, more general
than ".city" (unincorporated areas with some sort of name also can use .local)
short, general and simple (just like a gTLD should be),
not highly-specific and elaborate like ".museum"
--
-J
V***@vt.edu
2008-07-01 16:02:57 UTC
Permalink
Post by Marshall Eubanks
How many .com domains are there ? I have a _2001_ report of 19
million. I would guess maybe 50 million by now.
The last numbers I saw was 140M .coms. However, due to the incredible
amount of churn due to domain-tasting by spammers, 50M *stable* .coms
is probably a reasonable guess...
Jay R. Ashworth
2008-07-01 17:13:31 UTC
Permalink
Post by James Hess
Maybe it's not that bad. The eventual result is instead of having a
No, no, no, no, no.

A billion people don't have half-a-mil each to set up TLD registries.

Cheers,
-- jra
--
Jay R. Ashworth Baylink ***@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274

Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
V***@vt.edu
2008-07-01 17:22:40 UTC
Permalink
Post by Jay R. Ashworth
Post by James Hess
Maybe it's not that bad. The eventual result is instead of having a
No, no, no, no, no.
A billion people don't have half-a-mil each to set up TLD registries.
With the US dollar continuing to tank, half-a-mil US$ *will* soon
be within reach of a billion people. ;)
Tony Finch
2008-06-30 18:19:45 UTC
Permalink
one might legitimately argue that ICANN is in need of
some serious regulation....
that can happen at that national level or on the international
level.
Doesn't ICANN already work like an international regulator?

Tony.
--
f.anthony.n.finch <***@dotat.at> http://dotat.at/
SHANNON ROCKALL: MAINLY SOUTHERLY 5 TO 7, OCCASIONALLY GALE 8 AND BECOMING
CYCLONIC FOR A TIME, DECREASING 4 IN NORTH ROCKALL. ROUGH OR VERY ROUGH. RAIN
THEN SHOWERS. POOR BECOMING GOOD.
Martin Hannigan
2008-07-01 04:01:34 UTC
Permalink
Post by Tony Finch
Doesn't ICANN already work like an international regulator?
No. They are more like the IETF than the ITU, but not quite the IETF. It's hard to describe. The origins are Berkman Center for Internet and Soceity at Harvard, and what is in existence today is a far cry from the original social desire of folks that are still there today who, based on my knowledge and perception, have been mostly disenfranchised.

But not quite a regulator.

-M<
Jay R. Ashworth
2008-07-01 14:13:08 UTC
Permalink
Post by Martin Hannigan
Post by Tony Finch
Doesn't ICANN already work like an international regulator?
No. They are more like the IETF than the ITU, but not quite the IETF.
It's hard to describe. The origins are Berkman Center for Internet
and Soceity at Harvard, and what is in existence today is a far
cry from the original social desire of folks that are still there
today who, based on my knowledge and perception, have been mostly
disenfranchised.
But not quite a regulator.
They're sort of like Telcordia, formerly Bellcore, in my perception:
they promulgate standards that everyone follows... because everyone
needs some standards to follow.

Clearly, they do not have the force of regulations, or we wouldn't have
people operating root zones with things in them which aren't sanctioned
by ICANN ('sanctioned'. Another one of those auto-antonymic words I
love, like 'academic'... :-)[1].

Cheers,
-- jra
[1] Don't assume from that that I'm anti-expanded-root[2]
[2] Please don't start this R-war on this list again. :-)
--
Jay R. Ashworth Baylink ***@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274

Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
Tony Finch
2008-07-01 15:31:41 UTC
Permalink
Post by Tony Finch
one might legitimately argue that ICANN is in need of some serious
regulation.... that can happen at that national level or on the
international level.
Doesn't ICANN already work like an international regulator?
Yes they do. And out of the other side of their mouth, they deny they
are a regulator.
So you say the solution for bad regulation is more regulation.

Tony.
--
f.anthony.n.finch <***@dotat.at> http://dotat.at/
FAIR ISLE FAEROES: SOUTHEAST 5 TO 7. MODERATE OR ROUGH. OCCASIONAL RAIN.
MODERATE OR GOOD, OCCASIONALLY POOR.
Laurence F. Sheldon, Jr.
2008-07-01 20:30:26 UTC
Permalink
Post by Tony Finch
So you say the solution for bad regulation is more regulation.
Been the liberal-socialist mantra for eons.
--
Requiescas in pace o email Two identifying characteristics
of System Administrators:
Ex turpi causa non oritur actio Infallibility, and the ability to
learn from their mistakes.
Eppure si rinfresca

ICBM Targeting Information: http://tinyurl.com/4sqczs
Brandon Butterworth
2008-06-29 11:34:05 UTC
Permalink
Post by Joe Greco
The problem is
that while I can go and register a "Mycompany LLC" in Wisconsin and a
"Mycompany LLC" in Illinois, there is only one "mycompany.com" available,
though "mycompany.wi.us" and "mycompany.il.us" are both available and do
not collide.
1. register .local [1]
3. n * profit!


brandon

[1] I know
Rob Pickering
2008-07-01 14:28:56 UTC
Permalink
Post by James Hess
Maybe it's not that bad. The eventual result is instead of having
a billion .COM SLDs, there are a billion TLDs: all eggs in one
There are simply not going to me billions, millions, or even probably
tens of thousands of TLDs as a result of this. It's still a complex
several months long administrative process that costs some multiple
of $100,000.

As far as I can work out, minus the press noise, the difference is
that creating a TLD will take half a year rather than half a decade
or more.
Post by James Hess
basket, the root zone -- there will be so many gTLD servers, no DNS
resolver can cache the gTLD server lookups, so almost every DNS
query will now involve an additional request to the root, instead
of (usually) a request to a TLD server (where in the past the TLD
servers' IP would still be cached for most lookups).
Maybe, maybe not.
Post by James Hess
Ultimately that is a 1/3 increase in number of DNS requests, say
to lookup www.example.com
if there wasn't a cache hit. In that case, I would expect the
increase in traffic seen by root servers to be massive.
There will probably be a significant increase if there is a very wide
takeup of new TLDs, yes.

Conversely load on some of the existing gTLD servers may decrease if
the number of domains in active use is spread across a larger number
of independent TLDs.
Post by James Hess
Possible technical ramifications that haven't been considered with
the proper weight,
and ICANN rushing ahead towards implementation in 2009 without
having provided opportunity for internet & ops community input
before developing such drastic plans?
Massive further sell-out of the root zone (a public resource) for
profit? Further
commercialization of the DNS? Potentially giving some registrants
advantageous treatment at the TLD level, which has usually been
available to registrants on more equal terms??
[access to TLDs merely first-come, first-served]
Don't think that is operational and in any case the current system is
weighted towards entities who have had domains for eons when they
were able to be the first comers, it's very unfair and unequal in the
sense that it works against the interests of newer registrants.
Definitely not operational though.
Post by James Hess
Vanity TLD space may make ".COM" seem boring. Visitors will expect
names like
"MYSITE.SHOES", and consider other sites like myshoestore1234.com
"not-legitimate"
or "not secure"
The lucky organization who won the ICANN auction and got to run the
SHOES TLD may price subdomains at $10000 minimum for a 1-year
registration (annual auction-based renewal/registration in case of
requests to register X.TLD by multiple entities) and registrants
under vanity TLD to sign non-compete agreements and other
pernicious EULAs and contracts of adhesion merely to be able to put
up their web site,
As a subdomain of what _LOOKS_ like a generic name.
And, of course, http://shoes/ reserved for the TLD registrant's
billion-$ shoe store,
with DNS registration a side-business (outsourced to some DNS
registrar using some "domain SLD resale" service).
The operational issue is?

Actually your shoe shop still now has a greater number of choices
(.com or .shoes) and I can bet that if your scenario comes to pass
with a very aggressive and restrictive registrar of .shoes, some
enterprising soul will register .boots, .sneakers or .shoeshop etc to
make their living on those parts of the market that don't like .shoes
policies.
Post by James Hess
The possibilities that vanity TLD registry opens are more insidious
than it was for someone to bag a good second-level domain.
Questionable and certainly not operational.
Post by James Hess
Post by Rob Pickering
Sure, nefarious use of say .local could cause a few problems but
this is
I'd be more concerned about nefarious use of a TLD like ".DLL",
".EXE", ".TXT" Or other domains that look like filenames.
Or .com. Oddly enough I just now found a Windows box and typed
"command.com" in a browser URL bar and it did what I expected, when I
typed the same thing at a cmd prompt it did something different and I
expected that too.
Post by James Hess
Seeing as a certain popular operating system confounds local file
access via Explorer with internet access...
You may think "abcd.png" is an image on your computer... but if you
type that into your
address, er, location bar, it may be a website too!
To the extent that possibility already exists, there is a reason that
web URIs have both a host and path component. I don't see why new
TLDs substantially change this. If applications insist on confusing
the two then bad things will always happen but that is an app issue.

--
Rob.
Daniel Hagerty
2008-07-01 16:16:20 UTC
Permalink
Post by Rob Pickering
Or .com. Oddly enough I just now found a Windows box and typed
"command.com" in a browser URL bar and it did what I expected, when I
typed the same thing at a cmd prompt it did something different and I
expected that too.
1. Copy \windows\system32\cmd.exe to the desktop.

2. Run internet exploder.

3. Type "cmd.exe" in the address bar and observe what happens.

I don't know about you, but given ie's default download location, and
your (apparently common) erroneous expectation, this looks ripe for
social engineering to me.
m***@bt.com
2008-07-01 14:30:51 UTC
Permalink
Post by David Conrad
People keep making the assertion that top-level domains that
have the same strings as popular file extensions will be a
'security disaster', but I've yet to see an explanation of
the potential exploits. I could maybe see a problem with
".LOCAL" due to mdns or llmnr or ".1" due to the risk of
someone registering "127.0.0.1", but I've yet to see any
significant risk increase if (say) the .EXE TLD were created.
Can someone explain (this is a serious question)?
Many years ago there was a wonderful web browser named Lynx.
It could do all kinds of nifty things and you could build an
entire information systems interface with it, including things
like a menu that allowed you to select an executable program
that would be run on the same remote system that was running
Lynx.

People who lived through this era have a vague memory that
executables and URLs are in sort of the same namespace. Of course
that's not true because executable files are referred to as
lynxexec:script.pl instead of http://script.pl
Post by David Conrad
Post by James Hess
Seeing as a certain popular operating system confounds local file
access via Explorer with internet access...
I gather you're implying MS Windows does this?
Not mine.

--Michael Dillon
Loading...