[105548] in North American Network Operators' Group
Re: ICANN opens up Pandora's Box of new TLDs
daemon@ATHENA.MIT.EDU (Jeroen Massar)
Fri Jun 27 04:50:51 2008
Date: Fri, 27 Jun 2008 10:50:39 +0200
From: Jeroen Massar <jeroen@unfix.org>
To: Balazs Laszlo <lbalazs@lib.unideb.hu>
In-Reply-To: <4864A4B1.2060505@lib.unideb.hu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig506FE2484A53F50C44D080A6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Balazs Laszlo wrote:
> michael.dillon@bt.com i'rta:
>>> There are probably some variations based on the zone, languages,=20
>>> IDN'ability, etc., but it certainly is a good idea to be=20
>>> bankofamerica.* for reasons that I think are obvious to most of us.
>>> =20
>>
>> To make it hard for your customers to figure out whether a URL
>> is legitimately owned by the bank? To make it easier for evil guys
>> to steal from your customers by registering bonkofamerica.*
> Maybe somebody start a trusted service under a new TLD,
> and you can block all the others.
<background sound=3D"Darth Vader Breathing.ogg">
For three seconds I thought it was maybe a nice idea for this DNS thing=20
to be cleansed, just stick everything under this new 'trusted' TLD, but=20
then I realized that it can't work, as who is going to decide on what is =
'trusted' or not? There is a root (even per TLD and per domain) where=20
delegations come from, as such, there is a central authority and thus a=20
couple of people who say 'trusted' and 'untrusted', or actually 'good'=20
and 'evil'. This was also the whole point of having ccTLDs, so that=20
every country at least could have their own share of the tree (hoping=20
that the root had truly trusted people who would not just kick a part of =
the tree out (Russia would like to kick out .es now I guess ;)
If you want trust, a trust-metric (eg PGP) could partially work. Still,=20
that is not true trust, as it is only an attestation that at the point=20
you said 'good' or 'evil' you found it to be like that. The internet=20
(un)fortunately has this great dynamics factor, as such, now it might be =
good, all of a sudden some Russian hackers own www.ipv6.elmundo.es=20
(which will then report on Russian winning and Spain loosing) and even=20
though everybody trusts that site for the purpose of 'good domain' and=20
maybe 'good reporting' it will actually be evil. Countering this is=20
going to be extremely difficult, as you need to get everybody who trusts =
it to update their opinion. Or how do you get a committee to decide=20
'that site/side is evil'. Difficult.
Currently people just trust Google and Mozilla and a various of other=20
vendors to do this for them. This seems to work in some ways, but still=20
on mostly static lists inside the browser, which only updates once in a=20
while thus not very quick either. And how good is Google in not doing=20
evil in just putting all the Russian sites on the list and blocking them =
off? You don't know.
Evil is just what one perceives, and what is good for you, might not be=20
good for others. If you are 'good', it is just because some people you=20
know like you, while when you are 'evil' it is just because you are on=20
the 'wrong' side.
Thus no, I don't see '.trusted' actually being trusted, as it simply=20
will exclude businesses which are not trusted by the other ones who=20
control .trusted and thus will be very nice for the anti-competition=20
laws that exist.
Only real solution that I currently see seems to be:
- pick a search engine you think you can trust (to degrees of etc)
- type in what you are looking for, hit search
if the ranking of a site is not high enough then either
the site is not trusted enough because there are no links there
or because tracking software didn't find enough people going there
and all the other factors they use they just fail.
- let the search engine warn you "that site might be evil"
- go to the page. Don't care about the URL though, the search
engine already and all their trust made sure it is a 'good' site.
- Use it.
That of course only covers web, but that is what most general population =
folks are using anyway.
Thus DNS is here only used for where it was supposed to, converting a=20
hostname into an IP address, in the background, with the user not caring =
about what the hostname is. As such the only thing what matters about=20
host/domainnames will be how pretty they look, nothing more, nothing less=
=2E
I still don't get why ever movie needs their own domainname, which means =
that there have to be a lot of sites actually referring to that new=20
domain to be actually able to find the movie in the first place, that=20
while the company that produces it could easily put a subpage on their=20
website or eek a subdomain, and it will all work like a charm including=20
keeping ones PageRank intact and local without having to pay any amount=20
of cash. Then again, domaincapers will register it and get a few hits=20
for it, because people apparently still trust in typing in URL's...
Greets,
Jeroen
</background>
--------------enig506FE2484A53F50C44D080A6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIZKnfKaooUjM+fCMRApJLAKCx6KSpa59RHvxHiC3p/KJXBKYM5gCgoH4l
5oecNWnnbS0w2YQfND6yPJE=
=MPde
-----END PGP SIGNATURE-----
--------------enig506FE2484A53F50C44D080A6--
