On Mon, Nov 05, 2007 at 11:52:02AM -0500, Patrick W. Gilmore wrote:
authority for a TLD is bad, because most people don't have a choice of TLD. (Or at least think they don't.)
I don't think that's the reason; I think the reason is that someone who needs to rely on Name Error can't do it, if the authority server is set up in such a way as to hand out falsehoods.
But if I want to put in a wildcard for *.ianai.net, then there is nothing evil about that. In fact, I've been doing so for years (just 'cause I'm lazy), and no one has even noticed. It is my domain, I should be allowed to do whatever I want with it as long as I pay my $10/year and don't use it to abuse someone else.
I'm not sure I agree. I think that it's probably true that, if you have a wildcard that actually resolves so that everyone can use the services they thought they were trying to talk to, there's no basis for complaint (to the extent one thinks wildcards are a good idea). But if you're doing wildcarding so that people get all manner of strange results if they happen not to be arriving on port 80, then I think it's evil in any case. I _also_ think it's evil to serve wildcards on authority servers for largeish (100s, anyway) zones, in almost every case. If the domain gets big enough that you have that many hosts, then others' ability to diagnose surprises depends partly on their ability to get meaningful answers about what things are and are not out there on the net. For very small domains, perhaps there is some argument that the user community is so small that the benefit outweighs the costs. But in truth, if I had my 'druthers, I'd go back in time and eliminate the wildcard feature from the outset, at least for the public Internet. (I can see an argument in split-view contexts, note.) And no, it isn't "your domain". This is one of the pervasive myths of the namespace -- one that has been expanding as privatisation of the DNS has become the norm. The truth is that namespaces are rented, and are subject to all manner of terms and conditions. If you don't believe me, read your contract with your registrar. There are current conditions about labels' relations to other labels, for example, in all gTLDs (these are the UDRP policies). There are rules about what you may and may not register in .aero or .pro, and what you must and must not do with the resulting domain once you've been approved. Many country codes have rules about residency, and if you move you will find you lose your domain as well. Policy -- or, I suppose, politics -- is what constrains TLDs from enforcing more stringent additional rules. I can't make up my mind whether a "no wildcard, ever" policy would in fact be a good one to have. But it is surely open, and something that could be imposed on gTLD regisrtations with sufficient support inside ICANN. (There are some rather tricky regulations in this area, though.)
Hijacking user requests on caching name servers is very, very bad, because 1) the user probably doesn't know they are being hijacked, and 2) even if the user did, most wouldn't know how to get around it. So you're back to the TLD authority problem, there is no choice in the matter.
This is the response I expected, but I have to say that I'm frustrated by the answer, even during the alternate hours when I agree with it. What we're really saying in this case (and I mean "we", because I say similar things often enough) is that consumer choice is an uninteresting lever, because most consumers are mindless sinks who'll take whatever's given to them. If that's the case, why is everyone furious when various kinds of heavy regulations are proposed? We can't have libertarian paradise and guaranteed correct behaviour simultaneously. Libertarians claimed historically that this dilemma could be solved by market mechanisms. If the market mechanism won't actually work, though, what alterantive correction do you have to propose beyond "some government sets the rules, and enforces them"? Isn't that regulation? A -- ---- Andrew Sullivan 204-4141 Yonge Street Afilias Canada Toronto, Ontario Canada <andrew@ca.afilias.info> M2P 2A8 +1 416 646 3304 x4110