[IP] more on Release 1-0 on piece on ICANN
Begin forwarded message:
From: Dave Crocker <dcrocker@xxxxxxxxxxxxxxx>
Date: December 3, 2004 2:51:51 AM EST
To: dave@xxxxxxxxxx, Ip <ip@xxxxxxxxxxxxxx>
Cc: Esther Dyson <edyson@xxxxxxxxxxxxx>
Subject: Re: [IP] Release 1-0 on piece on ICANN
Reply-To: Dave Crocker <dcrocker@xxxxxxxxxxxxxxx>
Sorry, I hit send too soon:
On Thu, 2 Dec 2004 17:41:39 -0500, David Farber wrote:
The DNS was set up back in the 70s (before it had a name) at a time
The DNS was invented in 1982. It was beginning to be a useful part of
the Internet by about 1985.
I won't go into most of the problems that has produced, but there is
one that extends outside the domain-name community, and that is that
domain names are so easily available that their use in committing
fraud
is becoming a growing problem.
This implies that it is more difficult to create names in other parts
of commerce. It isn't.
The rules for using personal or business names are equally open and
easy.
Along with grandmothers, political
activists and honest entrepreneurs, fraudsters and criminals can buy
an
online identity - that is, a domain name such as sleazyfisher.com or
sterlingstartup.net - for a few dollars.
This is no different than con artists have been doing with business
names for a very long time before the Internet.
The solution, I believe, is to create a system where the registries
can
compete with TLDs that stand for something and whose SLD-holders are
bound by some contract to specific standards of behavior.
Oh? Are we really all that assured that awyers who belong to the
appropriate associations are, themselves, the model of good ethics, and
that doctors who belong to the relevant associations are all highly
competent?
The idea that trust can somehow facilitated by defining discrete
portions of the name space, like .trusted or .pure, as being specially
endowed is certainly appealing, but I am not aware of any empirical
evidence that it has real utility.
Associating differential semantics with differential names is generally
thought to be a poor design choice in computer systems. Separate from
whether the purported trustworthinesses will be valid, software on the
usage side of the DNS will certainly get complex. So, where is the
real-world experience that would justify doing this?
The role of reputation and accreditations services for certifying
accountability and even trustworthiness associated with a domain name
is a important, but complex, emerging business area. For the moment,
it is far better to let that area develop as an independent service,
than it is to tie it do specific parts of the domain name space.
Architecturally, this will call for a separate trust module, that can
work for any name, not just special ones.
In short, ICANN should consider a fundamental overhaul of the system
-
not next year, but this year.
The idea of a "fundamental overhaul" of an infrastructure system in
use by roughly 1 billion people should be viewed rather skeptically.
Operations folks tend to get very queasy when having to shift much
smaller installed bases.
Take the example of the e-mail community, which is developing a
system
where authentication of mail servers is coupled with reputation
systems
and recipient choices about what mail to accept. It's time for the
possibility of similar approaches to work for visits to websites.
The email community is fishing (not phishing) around for useful
authentication mechanisms to *add* to the service, not to *overhaul*
it.
Work on accreditation and reputation is so new, it really has not quite
reached the stage of "infancy".
So we should be judicious in our using it as an exemplar.
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
www.brandenburg.com
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/