Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Thu, 16 Oct 2003 22:58:36 -0400
From: Henry Minsky <hqm@xxxxxxxxxx>
Subject: Re: [IP] more on VeriSign to revive redirect service
To: dave@xxxxxxxxxx
There is an interview with Stratton Sclavos,CEO of Verisign, at
http://news.com.com/2008-7347-5092590.html
Here are some highlights of the Q&A which particularly make my blood boil.
This guy either has such a warped understanding
of how Internet protocols are developed and operate that he is incompetent
to be in charge of the root DNS for .com
, or else he is a cynical liar. I believe the latter is the more likely.
His comments about a "cultural divide" are true, but not
in the way he intends. The cultural divide is between the fair, decent,
ethical, and technically responsible people and
the people such as himself.
*
*
*After a couple of weeks on the hot seat, VeriSign CEO Stratton
Sclavos is turning up the fire on his company's severest critics.*
*The Site Finder controversy
/You temporarily suspended Site Finder in reaction to widespread
criticism. What's the next step? /*
The reason Site Finder became such a lightening rod is that it goes
to the question of are we going to be in a position to do innovation
on this infrastructure or are we going to be locked into obsolete
thinking that the DNS was never intended to do anything other than
what it was originally supposed to do?
Still, a lot of people in the Internet community were quite
surprised by Site Finder--and then you had complaints surfacing that
it was not complying to approved standards.
Let's break the argument down: The claim that Site Finder was
nonstandard and that we should have informed the community we were
doing something nonstandard--excuse me: Site Finder is completely
standards-compliant to standards that have been out and published by
the IETF (Internet Engineering Task Force) for years. That's just a
misnomer. The IAB (Internet Architecture Board) in its review of
Site Finder said the very same thing--that VeriSign was adhering to
standards.
What we're seeing are predetermined opinions masquerading as
processes where the outcome is predetermined.
The second claim, that we brought it out without testing--Site
Finder had been operational since March or April and we had been
testing it with individual companies and with the DNS traffic at
large. Ninety-nine percent of the traffic is pure HTTP, and so it
handles it the way it should. Just so you know, our customer service
lines went from 800 or 900 calls on the first day to almost zero
right now. Every customer who had a Site Finder issue, the
remediation took less than 12 hours.
...
*You temporarily suspended Site Finder in reaction to widespread
criticism. What's the next step? *
The reason Site Finder became such a lightening rod is that it goes
to the question: Are we going to be in a position to do innovation
on this infrastructure, or are we going to be locked into obsolete
thinking that the DNS was never intended to do anything other than
what it was originally supposed to do?
*
You're hinting at a cultural divide? *
I think that there is. I don't think it's an intentional divide, but
it's drifting apart of the day-to-day usage from the folks who did
great steward's work in the early days and were asked to define all
the standards to make it work.
*And those are the people who still dominate the standards bodies? *
They're speaking out of both sides of their mouth right now. It's
not OK to say standards are important, unless we don't like someone
who implemented it. And it's not OK to say these services at the
core should not be built out, unless you're one of the small guys
and nobody really cares. How do we build a commercial business with
ground rules that seem to shift based on personal agenda and emotion
versus any particular logical data set?
...
*This isn't the first time people have called for ICANN to evolve.
What's the holdup?*
It's very difficult to have the people who built the infrastructure
originally also be the reformers of it. That is one of the
challenges they will run in to. It's mostly a collection of very
technical people and a lot of lawyers. What you don't have are a lot
of people who understand how to build products and promote markets.
We'd prefer ICANN to become more of a trade association that
promotes the growth of the network rather than a regulatory body
that seems to have a very difficult time getting anything done.
His definition of "standards-compliant" is a cynical and deceptive one.
Sure, the SiteFinder is complying with the standard, in that it is
returning well formatted packets. However the content of those packets are
lies. They are lying by saying that domains exist when they do not, in
order to fool web browsers into loading the commercial content that
Verisign wants to get to web surfers.
It is analogous to saying that if I put a detour sign in the middle of the
freeway to direct traffic to my shopping mall, that I am obeying the
traffic sign protocols.
The comment about "ninety-nine percent of the traffic is pure HTTP" is a
shorthand way to sum up why it is not possible to communicate with
Verisign's executives, and why they must be stopped and soon.
Because it wouldn't matter if one hundred percent of the traffic on the
internet were HTTP, it still is not a reason to break DNS in order to
insert advertising. The "service" they claim to be providing should be
provided by the browsers, giving everyone a chance to implement their own
solution to the problem of mistyped domain names. Then many possible
solutions to this issue can be innovated. By breaking DNS to lie about the
existence of domain names, they actually prevent anybody else from
providing any solution. This is the exact opposite of innovation. And they
are smart people at Verisign, they clearly and obviously know all this,
and yet they are lying to every one about it. And that, in a nutshell is
what makes me more furious about this than any other Internet legal issue
has in a long long time, maybe ever, or at least since Network Solutions
took the .com database offline and made it their own private property.
There was a story I heard once, about a company (Novell ?) which
implemented their own file transfer protocol over the network. They did
not use exponential backoff on retransmit, which made their protocol look
much faster than TCP/IP. It would in fact hog all the bandwidth, bumping
out all the more polite and well behaved protocols. This was great for
them, but in fact as the network approached saturation, the system would
fail catastrophically, for reasons obvious to Internet protocol designers.
At some meta-level, this is what is happening to the Internet itself now.
Verisign is itself like the bad protocol, which does not play well with
others. It is taking advantage of an opportunity which gives it a short
term advantage, while degrading the entire network protocol infrastructure.
The great advantage that carpetbaggers like Sclavos have is that the
non-technical community does not understand that good protocols do not
happen by accident, and they are exquisitely hard to design. The deceptive
simplicity of the core network protocols makes them terribly vulnerable to
every new huckster selling some snake-oil "improvement", and the only
defense against this is the hard-won experience and technical judgment of
the Internet engineering community.