On Fri, Mar 30, 2007 at 09:18:07PM -0500, Gadi Evron wrote:
There is a current on-going Internet emergency: ...
Having just read and deleted somewhere between 100 and 400 messages on this, I don't really want to add to the noise. I hope there's some signal here. One thing is clear, that Gadi wants DNS completely re-vamped. He says that it as an infrastructure for abuse. Come on! DNS is a lookup mechanism. It is the infrastructure for EVERYTHING. So, yes, it is the infrastructure for the abuse. It is ALSO the infrastructure for doing things right. It may even be the infrastructure for the solution. [Vixie thinks it's DNSSEC - but the problem is, the data being inserted IS authentic data, filed in a registry.] More likely, though, as this is a social problem, the solution is completely outside the technical realm. ICANN is working on the "domain tasting" issue, as a quick lookup shows. PIR has proposed a "restock fee". An independent report to ICANN advises that Versign should do the same thing. Will this stop domain tasting? It will, at least, make it less profitable. Will this stop the "pirates"? No, of course not, as said at last fifty times in this thread. But if this catches on world- wide, they may choose a different mode of ingres into our lives than this "fast-flux" route. Will legislation solve anything? Probably not. Who legislates for the entire world? Although I did note that the WTO did smack the USA down for some things recently, and they had to sit there and take it. [Well, with some ineffective loud complaints.] So maybe there is someone who can really enforcce international law. I wouldn't know. [Who DOES make international law? Is it just treaty and precedent? Ooops, OT!] Gadi wants a separate root server that he can trust. I think we've already seen the evil of separate roots, except those who claim it's our saviour. I fail to see the relevance, here, at all. Besides, the root is in so many countries today, why aren't we trusting it? [Except for the poorly run or separated copies.] Gadi wants to be able to blacklist domain names immediately when called for by ... oh, wait, we haven't figured that out yet. It would have to be someone who is always right before I would accept it. And He hasn't said a thing about domain names yet. I kind of liked Doug Otis' suggestion of a mandatory waiting period for all domain registrations. Even if we didn't take the time to check all registered domains for illegal payment methods or known name-terrorists [;-)], it would certainly end the fast-flux capability. Of course, everyone would complain; but if it were universal, it would be accepted. Would someone come up with a way around it? Have they come up with a way around the firearm waiting period? Of course. But it's harder. But it's also not clear that, long-term [once they get bored with fast-flux, or the easily mined value of it has gone] it really has any merit. I don't want to say that none of Gadi's own ideas have merit, because they do. [As long as one doesn't make a spectacular leap from one of those to a totally unrelated idea with no visible support.] Perhaps there should be someone somewhere to whom the bewildered DNS user [everybody!] can turn when there is a domain [not DNS, but a domain] that is being abused. The someone could look into it and see whether it's purely an abuse domain, and if so, recommend that it be terminated. As much as I like this idea, it has the possibility for turning into the Inquisition. It would need checks and balances - for none of us mere humans could possibly find out all the uses of a domain, or how it was paid for, or all the things for which it is used. So we would have to go with the best information we can find, and that may not be enough. Ther would have to be checks and balances and appeals and all the trappings of the more civilised sort of justice that allow people and companies accused of violations of the law to keep doing it for years before a resolution is found. But this is what frustrates all of us, Gadi no less than any. And speaking of such companies, before "fixing" DNS, shouldn't we be forcing the company whose software generates a whole industry in fixing its bugs to correct itself? Why is that not the issue? There were too many other issues that I had wanted to address, but I think this is getting too long already. I do want to repeat, this is a social problem, and needs social solutions, most likely ones that take a bite out of the easy money causing the various abuses discussed in this thread. -- Joe Yao Analex Contractor