<<< Date Index >>>     <<< Thread Index >>>

Re: [alac] Redirection of non-existing domain names, again



One more change: Let's replace "the board" in the last sentence by
"ICANN".  This may quite well be something staff should act about,
too.

On 2003-09-16 12:54:17 +0200, Thomas Roessler wrote:
> From: Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
> To: Vittorio Bertola <vb@xxxxxxxxxxxxxx>,
>       Esther Dyson <edyson@xxxxxxxxxxxxx>
> Cc: Wendy Seltzer <wendy@xxxxxxxxxxx>,
>       Roberto Gaetano <alac_liaison@xxxxxxxxxxx>, alac@xxxxxxxxx
> Date: Tue, 16 Sep 2003 12:54:17 +0200
> Subject: Re: [alac] Redirection of non-existing domain names, again
> Mail-Followup-To: Vittorio Bertola <vb@xxxxxxxxxxxxxx>,
>       Esther Dyson <edyson@xxxxxxxxxxxxx>,
>       Wendy Seltzer <wendy@xxxxxxxxxxx>,
>       Roberto Gaetano <alac_liaison@xxxxxxxxxxx>, alac@xxxxxxxxx
> X-Spam-Level: 
> 
> Here's an update.  I'm wondering if we should also mention the
> general uproar about this.  But probably comments@xxxxxxxxx is
> already feeling that.
> 
> Just reading the slashdot thread; this actually turns up some
> technical consequences I hadn't been thinking about before, like
> secondary MXs that point nowhere (these are bound to break some day,
> but break en masse now), and problems in diagnosing lame
> delegations.
> 
> Anyway, here we go:
> 
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> 
> The At-Large Advisory Committee would like to bring to the board's
> attention concerns about Verisign's surprising roll-out of the
> "SiteFinder" service for .com and .net.  
> 
> SiteFinder works by re-directing queries for non-existing domain
> names to the IP address of a search service that is being run by
> Verisign.
> 
> This practice raises grave technical concerns, as it de facto
> removes error diagnostics from the DNS protocol, and replaces them
> by an error handling method that is tailored for HTTP, which is just
> one of the many Internet protocols that make use of the DNS. We will
> leave it for others to explain the details of these concerns, but
> note that returning resource records in a way which is countrary to
> the very design of the DNS certainly does not promote the stability
> of the Internet.
> 
> These concerns are not mitigated by Verisign's efforts to work
> around the consequences of breaking the Internet's design on a
> service-by-service basis: These workarounds make specific
> assumptions on the conclusions that Internet software would be
> drawing from nonexisting domain names; it is not clear that these
> assumptions are always appropriate.
> 
> The work work-arounds deployed depend on the global reachability of
> Verisign's redirection infrastructure; no caching of results is
> available any more.  Unreachability of at least part of the
> infrastructure has already been observed few hours after the service
> was initially deployed, confronting Internet users with misleading
> network timeout error messages instead of quickly-delivered and
> accurate "no such domain name" errors.
> 
> When working as intended, the service centralizes error handling
> decisions at the registry that are rightly made in application
> software run on users' computers.  Users are deprived of the
> opportunity to chose those error handling strategies best suited for
> their needs, by chosing appropriate products available on a
> competitive marketplace. Software makers are deprived of the
> opportunity to compete by developing innovative tools that best
> match the user's needs.
> 
> We urge the board to take whatever steps are necessary to stop this
> service.
> 
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> 
> On 2003-09-16 05:36:51 -0400, Esther Dyson wrote:
> 
> > FWIW, I think our job is to register our concerns in public, as
> > we are doing, and send Roberto to the board... the issue is
> > things that are actually going on (and some kind of notion of the
> > public interest needs to be surfaced quickly).
> 
> By the way, I'd expect that the GNSO council will also take this up
> at its next meeting.
> 
> > I would add at the end: ...stop this service and consider its 
> > implications."  or something.
> 
> That's too close to "study it for years, then stop it" for my taste.
> I'd rather leave it as a single action item.
> 
> -- 
> Thomas Roessler  <roessler@xxxxxxxxxxxxxxxxxx>
> At-Large Advisory Committee: http://alac.info/
> 

-- 
Thomas Roessler  <roessler@xxxxxxxxxxxxxxxxxx>
At-Large Advisory Committee: http://alac.info/