From Karl Auerbach's CaveBear Blog
Yesterday the following announcement from Verisign appeared on the NANOG mailing list:
VeriSign Naming and Directory Services will
change the serial number format and "minimum" value in the .com
and .net zones' SOA records on or shortly after 9 February 2004.The current serial number format is
YYYYMMDDNN. (The zones are generated twice per day, so NN is usually either 00 or 01.) The new format will be the UTC time at the moment of zone generation encoded as the number of seconds since the UNIX epoch. (00:00:00 GMT, 1 January 1970.) For example, a zone published on 9 February 2004 might have serial number "1076370400". The .com and .net zones will still be generated twice per day, but this serial number format change is in preparation for potentially more frequent updates to these zones....
There should be no end-user impact resulting from these changes (though it's conceivable that some people have processes that rely on the semantics of the .com/.net serial number.) But because these zones are widely used and closely watched, we want to let the Internet community know about the changes in advance.
There is no reason to believe that ICANN was forewarned of this change.
This announcement generated more than 50 comments on NANOG's mailing
list. At the end of of the day the consensus seemed to be that if properly
contained within Versign's own TLD slave servers, that this change would not
have a negative impact on the net.
There are a couple of assumptions in that consensus conclusion - the most
important being the assumption that the only servers that use the zone
created by Verisign are Versign's own servers for .com and .net.
There is good reason to question that assumption - I know that I have heard
unsubstantiated rumors over the years that several large organizations run their
own copies of the .com and .net zones in their own servers.
It has been pointed out to the IETF that one of the major components of web-surfing
delays is DNS resolution time. Two large ISPs, AOL and Earthlink, have
been actively advertising about the fast response of their services. It
would make a great deal of business sense for AOL or Earthlink to run such
mirrors so that they could ensure that their users receive fast DNS responses.
What might happen if that assumption does not hold true? Let's posit
the hypothetical that AOL or Earthlink mirrors the .com and .net
zones on its own servers for use by its own users. This mirroring has, in
fact, been part of those rumors I mentioned. Now, if my hypothetical were
true, Verisign's change could cause AOL or Earthlink to become unsynchronized
from the correct contents of .com or .net. That would be
"instability" in spades for a lot of internet users.
Sure, I am positing a hypothetical example. But fiction, particularly
when driven by strong business incentives, often becomes reality. Did
anyone bother to verify beforehand whether Versign's unilateral change was
really, truly, and sincerely confined exclusively to Versign's own herd of slave
servers?
In addition, there is usually a right way and a wrong way to do things.
The "right way" (or in IETF terms, the "Best Current
Practice") to make a zone file "serial number" go backwards has
been set forth by the IETF - in section 7 of RFC2182.
Now, who or what is the body that is tasked with the job of ensuring the
stability of DNS? In an acronym: ICANN.
We can't fault ICANN that it was not informed in advance.
But we can fault ICANN if it does not immediately respond, as it did in the
case of Verisign's "Sitefinder" with a stop demand, a formal technical
inquiry, and a formal written report.
Now, it is obvious to many of us that Verisign, which does have many very
capable technical people on its staff, is capable of making this change without
harm. But to come to that conclusion we have to accept, on nothing more
substantial than blind faith, the assumption that the only existing slave
servers are Versign's. And we have to make the further assumption that
Versign's smart and capable people will actually make the change in the right
way and not take shortcuts. We've seen examples of what
bad things can happen when skilled people take shortcuts.
But just because something is obvious to a few skilled techies does not mean
that there ought not to be a prior review and issuance of an opinion by ICANN,
the body that has been established for the specific purpose of ensuring the
stable operation of DNS.
Postscript: Verisign's new method, because it uses a 32-bit time
measured in terms of seconds since January 1, 1970 GMT, reminds us that an
event more formidable than Y2K, 19-Jan-2038, 03:14:07 AM GMT, is only 34 years away. Given the rapid ossification of the Internet, is 34 years really beyond the event horizon?) [CaveBear Blog]
From CircleID
Harvard Law School's distinguished Berkman Center for Internet & Society has published a preliminary study, "Public Participation In ICANN." ...The problem with the preliminary study is that it fundamentally misunderstands the role of ICANN in Internet governance. Specifically, ICANN's duty is not and should not be to simply carry out the will of the "Internet user community." Instead, ICANN's duty is to carry out the responsibilities the organization agreed to in... [CircleID]
An organization which purports to be "the voice of world business" is proposing a de facto U.N. takeover of ICANN. The proposal by a senior official of the International Chamber of Commerce (ICC) would place ICANN under the U.N. umbrella and give a strong role to U.N. agencies and to various national governments, including those that suppress free speech and free enterprise. In a move of breathtaking arrogance, the ICC refused to even invite ICANN or U.S. government representatives... [CircleID]
This could be a completely interesting showdown. Something that absolutely must be watched.
An organization which purports to be "the voice of world business" is proposing a de facto U.N. takeover of ICANN. The proposal by a senior official of the International Chamber of Commerce (ICC) would place ICANN under the U.N. umbrella and give a strong role to U.N. agencies and to various national governments, including those that suppress free speech and free enterprise. In a move of breathtaking arrogance, the ICC refused to even invite ICANN or U.S. government representatives... [CircleID]
Sonia Arrison, director of technology studies at Pacific Research Institute, says it's time to rethink the concept of an Internet gatekeeper.
[...]To be sure, ICANN has a board of distinguished experts, including Internet legend Vint Cerf. But while the organization is key in helping to establish complex technical standards, it often finds itself steeped in controversy over what many see as its overzealous urge for policymaking.
Part of ICANN's stated purpose is to develop policy through "private-sector, bottom-up, consensus-based means," but as most people know, consensus is often impossible and issues must be settled in other ways. [...]
In a move that will likely encourage further discrimination against any company that doesn't happen to be named 'Verisign,' ICANN has been given the green light to continue
A federal judge denies a preliminary injunction filed against the organization that oversees the Internet's domain name hierarchy and address space. [CNET News.com]
From DNRC Board Member Karl Auerbach
Bret Fausett quite reasonably argues that ICANN's
TLD (Top Level Domain) "test bed" is dead.
I was trained in the hard sciences - mainly chemistry and physics. And I spent some of my undergraduate years doing research on high input-power chemical lasers. I also spent time in the soft sciences where I did research on patterns of urban mobility. In all of this work we used a technique called "the scientific method" - it involves observation, formulation of hypothesis, predictions based on the hypothesis, and experiments to test those predictions (and indirectly the hypothesis.)
ICANN never really followed any process, much less one as structured those used in the hard sciences, to focus its observations of the behavior of new TLDs. ICANN's information gathering was never better than ad hoc. And there were neither hypotheses, predictions, nor experiments. ICANN's TLD test bed process was not scientific; quite the opposite: it was chaotic and arbitrary.
Nor was ICANN's test bed process particularly useful for the creation of a body of data that might be useful for an unscientific after-the-fact inquiry. ICANN's data gathering, even when it was performed, was mainly of business information that has no apparent relationship to the stability of the internet's domain name system. No records were made of actual DNS activity and behavior as the new TLDs were being deployed. No measures were made of the accessibility or usability of those new TLDs.
(It wasn't that there was not interest - Louis Touton and I wanted to quantitatively monitor the cross-fade of queries away from the old .org servers and onto the new ones as part of the Verisign-to-PIR transition of .org. However, that effort was too low on ICANN's list of priorities and thus a golden opportunity to observe DNS behavior in the wild was lost. Such data would have been invaluable when trying to comprehend the impact of a future planned or unplanned operational transition of a large DNS zone.)
To give but one example of something that we ought to have investigated: There are thousands upon thousands of web page forms out there on the net that have Javascript or cgi-bin programs that do not accept top level domain names with four or more characters. The people who operate the TLDs with such names have pointed out repeatedly that this limitation has substantially hindered the usability and acceptance of their offerings. Yet, ICANN does not even have this problem listed as something that is to be investigated in the "testbed", and after several years, ICANN has not even a qualitative estimate of the extend of this problem, much less initiated a curative initiative to try to inform the web community that these limitations on web forms are overly restrictive.
ICANN's TLD "test bed" has little value except as a body of anecdotal data.
I agree with Bret that we should abandon the pretense that there is a "test" in progress or that there ever really was a "test".
It is high time for ICANN to move forward on new Top Level Domains - and not merely of the kind that, even in the absence of real tests, have shown little, if any, evidence of cognizable benefit to the community of internet users.
[CaveBear Blog]A wonderful piece by DNRC Board Member Karl Auerbach
The people who want ICANN to create .travel are saying that ICANN's delay is "insufferable".
I have discussed the hubris of the .travel proponents in the past.
It is indeed insufferable that ICANN is delaying new TLDs - ICANN has demonstrated no reason why top level domains should not be created at a rapid rate. It is time for ICANN to adopt an combination auction/lottery system as has been proposed by several observers. See http://dcc.syr.edu/miscarticles/NewTLDs-MM-LM.pdf
The .travel people seem to believe, however, that they have some divine right to their own top level domain. They are incorrect.
Certainly they have a right derived from the continued existence of their application of year 2000. But each of the 39 other applicants who were not selected that year have that same right. There is no reason for any of us to believe that .travel will benefit the community of internet users. Rather .travel will be of value merely to one particular industry segment. If we are to allocate top level domains to industry segments, then there are certainly more deserving industries - farming, teaching, labor, and public health and safety all come to mind as being more socially valuable than the travel business.
Yes, ICANN's TLD policy is a disaster. But the damaged victim of that policy is not .travel. No. The real damage has been to the public who have been deprived of a meaningful and useful expansion of the internet name space.
[CaveBear Blog]More from Karl Auerbach
I see that ICANN's GNSO issued a resolution regarding the Verisign Registry Site Finder "service".
Verisign's action is very serious. Verisign's act repudiates the end-to-end principle, the foundation upon which the Internet is constructed. Verisign's act implies the end of coherent governance of the Internet and the abandonment of the net to monopolistic manipulation.
In contrast to the seriousness of Verisign's action, the GNSO's resolution is weak, equivocal, and timid.
In an article today, Verisign's CEO asserted that what Verisign has done is benign and that only a noisy few are concerned.
With timid and euphemistic resolutions such as the one passed by the GNSO, no one ought to be surprised if people begin to believe Verisign's words and "Site Finder" becomes the established status quo.
[CaveBear Blog]Once again, in a blinding display of openness and transparency, ICANN decides to overrun users and possibly even national interests (we don't know because they haven't told us....) in a secret plan to redelegate dot MD.
Read more from ICANNWatch.
Bankrupt .MD Operator Protests ICANN Action on .MD Redelegation [ICANNWatch]
Bruce Young tells a story of an Internet user who gets into trouble because "his" domain name was registered in the name of a web hosting provider that went bankrupt later on...As far as registrars are concerned, ICANN is currently doing its homework on domain name portability. As far as web hosting companies are concerned, though, these suggestions only look appealing at first sight. Upon... [CircleID]
House Committee to Hold Whois Hearings, Kowtow to IP Interests [ICANNWatch]
It looks as if ICANN is going to require applicants for new TLDs to agree (in advance) not to negotiate a changed contract with ICANN. We agree that streamlining the process is in everyone's interest. Along those lines, we are proposing a substantially thinner contract that ICANN and new registries could use. Existing registries should also be allowed to sign up to this contract, if they wish. [CircleID]
The Communications subcommittee of the US Senate Committee on Commerce, Science, and Transportation is holding a hearing on ICANN today, July 31, 2003. at 2:30pm EDT. You can listen in via http://www.capitolhearings.org/ (scan down for the appropriate item for Room SR-253). I'm not sure where the written materials will be posted - I'll post the URL when I find out. I was a witness at the two prior hearing, one in 2001 and another in 2002 - it's quite an experience. My submission to this year's hearing is online at http://www.cavebear.com/rw/senate-july-31-2003.htm What's going to be said by the witnesses? I don't know. But I have some guesses: ICANN will once again try to make us believe that it is responsive to the public. NTIA will once again threaten to pull the contractual plug on ICANN. CDT will present its usual - an extremely competent and extremely reasonable position, wrapped in... [CaveBear Blog]
CDT Associate Director Alan Davidson will testify July 31 at a Senate hearing on domain name management and the Internet Corporation for Assigned Names and Numbers (ICANN.) CDT supports ICANN's coordination of key Internet naming and numbering systems, but believes it demands greater public accountability and continued government oversight. CDT is also issuing a new report on July 31 suggesting how to measure ICANN's performance over time. July 30, 2003 [Center for Democracy and Technology]