RE: Statements against new.net?
From: Vadim Antonov [mailto:avg@kotovnik.com] Sent: Wednesday, March 14, 2001 12:46 PM
On Wed, 14 Mar 2001, Mathew Butler wrote:
If it is machines communicating there's no need to do any mnemonics. In fact, it is still humans communicating, with the aid of the machines.
So... we have two design constraints:
1) people need to be able to locate and revisit somethings in the network
2) any meaningful hierarchial labeling of the real world is quite impossible, and runs into problems of scaling, adversity, and entrenched notions of ownership.
My proposal is to create a special hierarchy (similar to tpc.int) which can _only_ be used to register numeric "names" on first-come first-served basis. The "current" DNS then can go down in flames, for all i care. Actually, I think this is inevitable, since some day someone will find a way to win a lawsuit against the whatever central naming authority is.
Anyone who thinks numeric IDs do not work when "better" alphanumeric IDs are possible needs to take a look at the ICQ. It is _very_ successful in case you didn't notice. And so is telephony.
Two points, ICQ has an address manager add-on and my contact manager makes it so I don't have to memorize phone numbers. I scroll down select and talk. New SprintPCS systems even eliminate that, you speak the name and it dials for you. Suddenly, you get into your 40's and there is more to remember than you want to work at. I'm sure you know what I mean. What about that number that you absolutely have to have, every six months? I just hacked a print server because I couldn't remember the passwd, that was last used over three years ago. I don't even know my insurance agent's name, but when someone wrecks my car, I absolutely HAVE to have his number. Long-term human memory is much better at names than numbers and is MUCH better at general class names than specific identifiers. It has to do with refresh rates, just like DRAM.
fact: for the majority of world population ASCII strings are only marginally better than numbers in being "mnemonic" - and it is much easier to pronounce numbers in a native language.
Okay, so you would propose yet another layer of virtualization? Let us count the layers we have already; 1) Layer 2 to IP, used by switches and the like. Services are divorced from IP addrs. Where you route is not where you think you are routing. 2) NAT, Site virtualization. You could renumber the underlayment of the NAT'd space and the outside world will never know ... 3) Straight IP virtualization, used by resonate and F5, as well as local directors, the answering host need never be the same host twice. 4) DNS, separates you from the IP addr layer altogether. If you put design dates on each of those you will probably find that they are pretty much developed in the order I listed. Each case was to implement a technical solution to a policy issue, in a futile attempt to build technical barricades between the technologist and the politicians. Give it up, you will be assimilated. You have been in retreat for years. You just didn't realize it. Vadim, you're an analyst too, how many layers of abstraction can we have before the system becomes unusable, unwieldy, non-performing, and more difficult to maintain than the tower of Babel? Speaking of which, your other point about ASCII names is also moot, with iDNS. The real answer was to stop the incursion of trademark crowd into the DNS. You can thank Dave Crocker, Kent Crispin, and their IAHC for that smooth move. Now if you think that they'd stop just because you have retreated behind yet another layer of abstraction, you are indeed naieve. They will come and hunt you out. The inclusive root zone efforts, like that of the ORSC and PacRoot, are actually trying to keep the root intact. We saw the probability of outfits like new.net, years ago. We also recognised what it meant. We spoke the warnings, we spoke them again at the Nov00 ICANN meeting in MDR. However, what really triggered the race was when the ICANN BoD assigned the BIZ TLD, knowing full well that the Atlantic Root had been registering domains there for years. That told the new.net folks that it is okay to create conflicting delegations. After all, the ICANN is doing it ... why can't they? There is no law that regulates that. There's a lot of other stuff behind that, but, I think that you get the point.
On Wed, 14 Mar 2001, Roeland Meyer wrote:
Two points, ICQ has an address manager add-on and my contact manager makes it so I don't have to memorize phone numbers.
And so does any web browser and even all popular e-mail software. The point is: you don't _remember_ e-mail addresses with their FQDNs, you look them up in the address book.
Long-term human memory is much better at names than numbers and is MUCH better at general class names than specific identifiers.
Long-term memory is _much_ better remembering gestalts than precise ASCII strings. I'm exchanging e-mail with my colleague nearly every day, but i can't remember what exactly variant of spelling is used for his name (there's at least sixteen ways to spell his name in English, each as good as any other :).
It has to do with refresh rates, just like DRAM.
It has to do with the way the redundancy is handled in the brain. Long-term potentiation is not a terribly reliable process.
Okay, so you would propose yet another layer of virtualization? Let us count the layers we have already;
1) Layer 2 to IP, used by switches and the like. Services are divorced from IP addrs. Where you route is not where you think you are routing. 2) NAT, Site virtualization. You could renumber the underlayment of the NAT'd space and the outside world will never know ... 3) Straight IP virtualization, used by resonate and F5, as well as local directors, the answering host need never be the same host twice. 4) DNS, separates you from the IP addr layer altogether.
Actually i do not propose any new layers. The "layer" in question exists already, in form of address books, hyperlinks and search engines.
If you put design dates on each of those you will probably find that they are pretty much developed in the order I listed. Each case was to implement a technical solution to a policy issue, in a futile attempt to build technical barricades between the technologist and the politicians. Give it up, you will be assimilated. You have been in retreat for years. You just didn't realize it.
Actally i am not in retreat. I just have a funny habit of doing different things, seeing new things and trying to know what other people are thinking. What i learned so far - if technology aims to change human nature, it fails. It is very naive to assume that brotherhood of technologists will stay cooperative when real money gets in. I do not like it any more than any other techie, but let's face reality. The control of domain name space is passing from technologists to lawyers and politicos.
Speaking of which, your other point about ASCII names is also moot, with iDNS.
iDNS is a crock. A great way to subvert SSL (well, you rely on eyeball recognition of URL; now, with iDNS you may have lots of ways to create identically-looking but _different_ URLs). Though, admittedly, the fault is not in the iDNS idea itself, but in the Unicode. And, yes, you cannot even say if two domain names are the same if one is upper-case, and another lower-case - because conversion depends on language. Next bright idea, please? :)
The real answer was to stop the incursion of trademark crowd into the DNS. You can thank Dave Crocker, Kent Crispin, and their IAHC for that smooth move.
You can't stop them. They are the guys who are making laws. The only way to actually stop them is to organize revolution. Can i opt out? :)
Now if you think that they'd stop just because you have retreated behind yet another layer of abstraction, you are indeed naieve. They will come and hunt you out.
What i am proposing is to remove the contention point. When "names" do not have intrinsic value, nobody'll fight over them. Do you see many scandals around people who own cool IP addresses? :) Now, the lawers will keep hunting trademark violators - but with nothing as tangible as single name, they will have to prove the intent to defraud; for now courts think that just acquiring a well-known brand name (thus depriving "rightful" owner of its use) is an ample proof of such intent.
The inclusive root zone efforts, like that of the ORSC and PacRoot, are actually trying to keep the root intact. We saw the probability of outfits like new.net, years ago. We also recognised what it meant.
It means that the ICANN soapbox is only fine because Microsoft has bigger fish to catch. Now imagine they ship an OS with a resolver with "additional" functionality - conviniently pointing to _their_ registry if "public" root didn't yield the result. You cannot charge them with unfair competition because this is just an additional convinience to their customers, and besides they already do similar things with keyword search and messaging. If i understand correctly, no O.S. vendor has a contract with ICANN specifically prohibiting expansion of search capabilities. I think the present new.net scandal is bound to attract their attention.
We spoke the warnings, we spoke them again at the Nov00 ICANN meeting in MDR. However, what really triggered the race was when the ICANN BoD assigned the BIZ TLD, knowing full well that the Atlantic Root had been registering domains there for years. That told the new.net folks that it is okay to create conflicting delegations. After all, the ICANN is doing it ... why can't they? There is no law that regulates that.
Because the current DNS has a single contention point, it is very vulnerable. It can be very easily taken over by a large corporate entity.
There's a lot of other stuff behind that, but, I think that you get the point.
The Internet is successful precisely because it is decentralized. There is absolutely no reason to make the few "natural" central points vulnerable by having them to dispense what is considered intrinsically valuable property. (Thanks God, NAT made IP address allocations somewhat less critical). And if you think .COM fight is nasty... in other places conflicts like that are sometimes resolved by means of sending goons with guns. I personally was threatened over a domain name dispute, because of my affiliation with one popular community resource. Fortunately, that time that was merely a bluff. --vadim
Do you see many scandals around people who own cool IP addresses? :)
IIRC, there was an "issue" around the assignment of 16.1.16.1; I don't think lawyers had been invented back then, so the scope of the scandal remained relatively small. (The coolness factor was the binary representation, of course.) Stephen
At 23:39 14/03/01 -0800, Stephen Stuart wrote:
Do you see many scandals around people who own cool IP addresses? :)
IIRC, there was an "issue" around the assignment of 16.1.16.1; I don't think lawyers had been invented back then, so the scope of the scandal remained relatively small.
Lets see, the US gov't mandated phone number portability. How long will it be before they mandate IP address portability? Then everyone will want their /32 to be portable. Even Junipers handling of 2.4M prefixes: http://www.lightreading.com/document.asp?site=testing&doc_id=4009&page_number=10 will begin to buckle. -Hank
(The coolness factor was the binary representation, of course.)
Stephen
IIRC, there was an "issue" around the assignment of 16.1.16.1; I don't think lawyers had been invented back then, so the scope of the scandal remained relatively small.
(The coolness factor was the binary representation, of course.)
Sorry, it was the hex representation, of course. Stephen
On Wed, Mar 14, 2001 at 11:21:57PM -0800, Vadim Antonov had this to say: [snip]
Actually i do not propose any new layers. The "layer" in question exists already, in form of address books, hyperlinks and search engines.
one word - inaccuracy. Have you tried to do a search for any even moderately popular or public term lately? The last thing people want to do is have to sift through 50,000 or more results for the exact site they're looking for - this is _why_ we have domain names: so people can go exactly where they're trying to go. Search engines are horribly inaccurate for trying to reach any single particular page, unless it's so bizarre that you only get a dozen search results. I would definitely not advocate search engines to replace the current DNS system, unless a whole new generation of search engines was created that could effectively deduce exactly where the user _really_ wanted to go, accurately, every time (which is what DNS currently does). -- Scott Francis scott@ [work:] v i r t u a l i s . c o m Systems Analyst darkuncle@ [home:] d a r k u n c l e . n e t PGP fingerprint 7ABF E2E9 CD54 A1A8 804D 179A 8802 0FBA CB33 CCA7 illum oportet crescere me autem minui
On Thu, 15 Mar 2001, Scott Francis wrote:
On Wed, Mar 14, 2001 at 11:21:57PM -0800, Vadim Antonov had this to say: [snip]
Actually i do not propose any new layers. The "layer" in question exists already, in form of address books, hyperlinks and search engines.
one word - inaccuracy. Have you tried to do a search for any even moderately popular or public term lately?
Have you ever tried looking in the dictionary for the meaning of a word, and found multiple definitions? You are arguing against LANGUAGE, which is not strictly deterministic.
The last thing people want to do is have to sift through 50,000 or more results for the exact site they're looking for - this is _why_ we have domain names: so people can go exactly where they're trying to go.
What Vadim is trying to explain to you is that this does not scale(or at least not with the current system.) When I type in the world "apple" do I want information on the fruit, the computer company, or the record company(or something else that contains/is related to the string "apple"?) Add to this the complexity of multilingualism, where a string of characters can have a reasonably deterministic meaning or set of meanings in one language, and a completely different set of meanings in another.
Search engines are horribly inaccurate for trying to reach any single particular page, unless it's so bizarre that you only get a dozen search results. I would definitely not advocate search engines to replace the current DNS system, unless a whole new generation of search engines was created that could effectively deduce exactly where the user _really_ wanted to go, accurately, every time (which is what DNS currently does).
So tell me when I type in the word "apple" where exactly do I want to go?
On Thu, Mar 15, 2001 at 01:19:03PM -0800, Patrick Greenwell had this to say:
What Vadim is trying to explain to you is that this does not scale(or at least not with the current system.) When I type in the world "apple" do I want information on the fruit, the computer company, or the record company(or something else that contains/is related to the string "apple"?)
see below - folks should NOT be encouraged to expect that the computer can read their mind. As Dominus of #perl is famous for saying, "YOU CAN'T JUST MAKE SHIT UP AND EXPECT THE COMPUTER TO KNOW WHAT YOU MEAN, RETARDO!" (apologies to mjd). Obviously, this applies more to programming, but I think the general principle holds true for any interaction with computers - people need to be taught not to expect telepathic machines (not until we can build them anyway). You type exactly what you mean, and you should get there. This is what DNS currently accomplishes (with the exception of domain squatting, but that's another story).
Add to this the complexity of multilingualism, where a string of characters can have a reasonably deterministic meaning or set of meanings in one language, and a completely different set of meanings in another.
Oh, give it up on the multilingual thing already. I have been hearing this for years now, and yes, it sucks in some ways that nearly everything having to do with the Internet was originally developed in English (including programming languages). HOWEVER - trying to re-engineer the entire ball of wax to incorporate the multitude of localized languages is not technically feasible. We can make our best effort by allowing people to register domains in other languages, but an attempt to make DNS multicultural would mean rewriting the underlying systems to support that functionality as well. This would lead to a cascade that would eventually have us rewriting Perl, bash and HTML to support any arbitrary language the user wanted to speak. (please don't throw XML into this - I'm making a general point, to which I'm sure somebody will come up with specific instances of exceptions).
Search engines are horribly inaccurate for trying to reach any single particular page, unless it's so bizarre that you only get a dozen search results. I would definitely not advocate search engines to replace the current DNS system, unless a whole new generation of search engines was created that could effectively deduce exactly where the user _really_ wanted to go, accurately, every time (which is what DNS currently does).
So tell me when I type in the word "apple" where exactly do I want to go?
you DON'T type in the word "apple" and expect to go anywhere specific. This is EXACTLY the point I have been trying to make - people should not expect to be able to type 'apple' either in a browser or a search engine, and always reach some arbitrary site. www.apple.com OTOH should resolve to Apple Computers or whoever owns that domain. If you don't know the name of the specific site you're looking for, THEN it's time to dig up a search engine. But if I had to go to a search engine everytime I wanted to read slashdot or userfriendly, the same marketers that are causing the current crop of problems would quickly figure out how to get their own unrelated sites to return at the top of any search results for any reasonably common word. (porn search, anybody?) If we remove DNS or a similar unique naming convention, the only way people have to navigate is by hoping that their search terms are specific enough to have the site they really want to reach appear somewhere in the top 100 results (i.e. "apple computer corporation" should hopefully return www.apple.com but may also return fansites, technical reviews, magazine sites, etc.). -- Scott Francis scott@ [work:] v i r t u a l i s . c o m Systems Analyst darkuncle@ [home:] d a r k u n c l e . n e t PGP fingerprint 7ABF E2E9 CD54 A1A8 804D 179A 8802 0FBA CB33 CCA7 illum oportet crescere me autem minui
On Thu, Mar 15, 2001, Scott Francis wrote:
If we remove DNS or a similar unique naming convention, the only way people have to navigate is by hoping that their search terms are specific enough to have the site they really want to reach appear somewhere in the top 100 results (i.e. "apple computer corporation" should hopefully return www.apple.com but may also return fansites, technical reviews, magazine sites, etc.).
Removing DNS is kinda the wrong thing. Do *you* want to run NIS? :) In any case, what I've seen here screams out "Distributed directory service!" Ie, if I pulled up a browser and typed in "apple" then it'd first match an all the categories an "Apple" was found in, and then let the user navigate that way. .. which, people could argue is already being done through people like Yahoo!, but I'd think something a little less centralised and a little more end-user controlled would be more useful. In any case, the first question which pops into my head is "How do you then stop a porn site entering in wrong information to get the $$$?" (.. and my answer to that is the porn store shouldn't be allowed to list because of mis-representation, but hey, I'm just a youngin..) Adrian -- Adrian Chadd "The fact you can download a 100 megabyte file <adrian@creative.net.au> from half way around the world should be viewed as an accident and not a right." -- Adrian Chadd and Bill Fumerola
Removing DNS is kinda the wrong thing. Do *you* want to run NIS? :)
The proposal here is not to _remove_ DNS, it is needed to translate end-point IDs into transport-level addresses, but rather create a separate NS hierarchy which has only numeric "names"; and create some infrastructure around so anyone can come and get a numeric domain. It can even be made "free" by being subsidized by providers. My estimate is about one man-year to get it (and self-registration) up and running. If that structure is independent from ICANN, it will provide a ground for experimentation, _and_ safety for those who don't want to see their business or personal pursuits being harmed because of the present registry mess. Actually, services like that already exist, but they are vulnerable to the same name contention issues. I.e. what i am saying is that there's a need for contention-free and stable zone of namespace. The only way to eliminate contention is to make names devoid of intrinsic value. Numeric names are also not a subject to trademark law, and (not being choosen from a finite dictionary) are not scarce. --vadim
create a separate NS hierarchy which has only numeric "names"; and create some infrastructure around so anyone can come and get a numeric domain.
One possible solution to this is LDAP. A catalog server could build a cache of O and CN objects and associate them various locator attributes (like IP addresses, domain names and SRV RRs). This wouldn't even qualify as theoretical really, it would be pretty easy to do. But then we'd be back into delegation authority, naming conflicts, certs and everything else. Plus we'd have a bunch of new problems like normalized data ("John Doe", "Doe, John" or "J. Doe"?). I think an expansion of the TLD catalog will eventually solve the problem. ICANN is moving that direction (ploddingly slow but it is motion). Probably ought to see how that plays out before we invent something that is worse than DNS. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
At 02:22 PM 3/16/01 -0800, you wrote: Can someone point to working examples for this please? The last LDAP/DNS system I checked was Verisign's and they appeared to take the LDAP query, convert it to query whois and then convert the result back into an LDAP response. The storage portion was not native LDAP.
One possible solution to this is LDAP. A catalog server could build a cache of O and CN objects and associate them various locator attributes (like IP addresses, domain names and SRV RRs). This wouldn't even qualify as theoretical really, it would be pretty easy to do.
Best Regards, Simon Higgs -- It's a feature not a bug...
On Fri, Mar 16, 2001 at 08:55:09PM -0800, Simon Higgs wrote:
Can someone point to working examples for this please? The last LDAP/DNS system I checked was Verisign's and they appeared to take the LDAP query, convert it to query whois and then convert the result back into an LDAP response. The storage portion was not native LDAP.
Actually there are native LDAP interfaces for the Verisign registry and Verisign registrar. For a couple of other registrars, we wrote a GPL'ed whois->ldap gateway. Documentation of the project, examples of how to use local LDAP clients, a sample web interface that calls LDAP, and the gateway code is at http://www.ldap.research.netsol.com. Regards, Mark -- Mark Kosters markk@netsol.com PGP Key fingerprint = 1A 2A 92 F8 8E D3 47 F9 15 65 80 87 68 13 F6 48
participants (10)
-
Adrian Chadd
-
Eric A. Hall
-
Hank Nussbacher
-
Mark Kosters
-
Patrick Greenwell
-
Roeland Meyer
-
Scott Francis
-
Simon Higgs
-
Stephen Stuart
-
Vadim Antonov