Re: New hijacking - Done via via good old-fashioned Identity Theft
so ... should domains associated with asn(s) and addr block
allocations be subject to some expiry policy other than "it goes into
the drop pool and one of {enom,pool,...} acquire it (and the
associated non-traffic assets) for any interested party at $50 per /24"?
Eric
Re: New hijacking - Done via via good old-fashioned Identity Theft
On 10/6/10 10:34 AM, Owen DeLong wrote:
On Oct 6, 2010, at 6:35 AM, Ben McGinnes wrote:
On 7/10/10 12:08 AM, Eric Brunner-Williams wrote:
so ... should domains associated with asn(s) and addr block allocations
be subject to some expiry policy other than "it goes into the drop pool
and one of {enom,pool,...} acquire it (and the associated non-traffic
assets) for any interested party at $50 per /24"?
Interesting idea, but how do you apply it to ccTLD domains with widely
varying policies. All it takes is whois records being legitimately
updated to use domain contacts using a ccTLD domain to circumvent.
Sounds like more of a stop-gap measure.
Regards,
Ben
Number resources are not and should not be associated with domain
resources at the policy level. This would make absolutely no sense
whatsoever.
hmm. ... "are not" ... so the event complained of ... didn't happen?
Re: Blocking International DNS
ICANN is not the problem. It is itself a problem because over the years instead of being a technical coordinator for names and numbers became the playground and clearinghouse for IP (Intellectual Property) groups, all sorts of color, sizes and shapes of attorneys milking from the "DNS ecosystem" and Internet Governance wanna be politiks. there were two other proposals for the structure of the new entity. ira's left verisign with a great deal of control over outcomes, a situation that continues to the present day. we've no data on how either of the other forms would have functioned, or would function now. -e
Re: Blocking International DNS
Also while different segments may have some level of participation (including folks that claim they represent the users which they do not) by design ICANN is a membership less organization so the multi stake holder model is a lie and the bottom up process when the bottom does not have the same level of resources to participate as some of the big corp/lobby groups, ends being a fiasco. the dissolution of the protocol supporting organization in december 2002 removed it as an entity contributing voting seats to the icann board. the advisory role survived in the technical liaison group, now the target of a proposal that could eliminate it too as a entity contributing non-voting seats to the icann board [1]. and as i've pointed out previously, no later than icann-10, in montavideo, no isp, nsp, asp, ... operational interests were present in the "internet service provider constituency", only the trademark interests of the participating operators, e.g., verizon. some responsibility for the non-effectiveness, even of the public-private-multi-stakeholder-bottom-up-consensus-driven model chosen for the new entity, goes to the industry actors which either withdrew their participation, or limited their participation to non-operational, non-technical participation. btw, i spent quite a bit of my time with the berkman center researchers working on accountability and transparency on just the issue of how users can be represented and i think it a hard problem. -e [1] http://icann.org/en/public-comment/#tlg-review-2010
Re: wikileaks dns (was Re: Blocking International DNS)
... ... The termination of services was effected pursuant to, and in accordance with, the EveryDNS.net Acceptable Use Policy. the claim is that being ddos'd is an aup violation. go figure.
Re: wikileaks unreachable
there exists a free speech application for fast flux hosting networks, and its in connecticut, not china. (during the icann gnso pdp on fast flux hosting the above assertion was generally dismissed) -e On 12/3/10 12:41 PM, Zaid Ali wrote: I see a new T-Shirt "Free speech has an IP address" Zaid On 12/3/10 8:38 AM, "// ravi" wrote: On Dec 3, 2010, at 1:19 AM, Jorge Amodio wrote: and this is based on what facts? Instead of tweeting about how to reach their content, or their IP addresses to bypass DNS [snip happens] http://twitter.com/#!/wikileaks/status/10621245489938433 7 hours ago (Randy, I plan/hope to requote your earlier message ‹ non-commercial use ‹ with attribution) ‹ravi
Re: wikileaks unreachable
On 12/3/10 1:05 PM, Christopher Morrow wrote: On Fri, Dec 3, 2010 at 1:01 PM, Eric Brunner-Williams wrote: there exists a free speech application for fast flux hosting networks, and its in connecticut, not china. (during the icann gnso pdp on fast flux hosting the above assertion was generally dismissed) 'fast flux hosting' == akamai, no? of course that use case was considered. it was offered as the rational for default (unconditional) rapid update, though it does fall into the stupid-dns-tricks bucket. -e
Re: UN mulls internet regulation options
fred, and others with (misspent) wsis++ / ig++ travel nickles, it would _really_ help me if you provided more context, off-line if necessary, as i spent the week before last more involved with the gac than at any prior point in my decade of icann involvement. i don't mind the 'tude, as we all have 'tude, and it is operational shorthand for broad views on the contending actors and their issues. what would help me most is names of persons and specific positions and any additional decoding you care to offer. i have to rely upon second hand, and usually wsis++ / ig++ favorably inclined second hand data, as my nickle hasn't covered that traveling circus. so clue please. off-line is fine. eric
Re: UN mulls internet regulation options
On 12/19/10 8:28 PM, John Curran wrote:
... I also intervened twice requested clarification of exactly how a government-only
decision body for Internet policy would fulfill the "consultation with all
stakeholders" paragraph specified in the Tunis agenda. The answer from several
countries was not encouraging, suggesting the consultation could be done in the UN manner
through their Member State delegations. This government-only view is being asserted by
several countries, but India, Brazil, South Africa and Saudi Arabia are carrying it most
strongly ...
john (et al),
not that my year as a regional officer within the at-large advisory
committee of icann is a pedestal much grander than an acronym to
laborious declaim, but the fundamental claim for the at large is to
provide an institutional means for public interests not necessarily
addressed by national governments, nor necessarily addressed by other
supporting organizations or advisory committees, in the curious
public-private multi-stakeholder model ira magaziner stuck us with.
india abandoned public control of the .in name space, providing the
operational franchise to afilias, a for-profit registry services
provider who's facilities are located in north america.
south africa is currently in the process of re-organizing the .za name
space, having issued a tender for consulting, won by ausreg, a
for-profit registry services provider who's facilities are located in
australia. while this is not a complete retreat from public control of
a public resource, as in the case of india, the rfp proposed a
subsequent rfp which would similarly transfer operational control to a
for-profit registry services provider.
brazil's public name space operator is, to the best of my knowledge,
is reasonably well-informed of the outstanding issues in the icann
experience in a public-private multi-stakeholder model, and reasonably
content with the icann instance of this model. fix yes, break no.
saudi arabia presents a more nuanced case, at icann. the state is
aware that the ratio of arabic langauge content "on the net" is not
proportional to the ratio of arabic language speakers. this is the
focus of a government initiated program. the state, through the league
of arab states, has published an rfi for contractors to operate a pair
of name spaces, "arabi" in arabic script, and "arab" in latin script.
the adoption of the country code name spaces by the aggregate members
of the league of arab states, all of which have significant
administrative costs to would-be registrants, is less than the
adoption of the .ir name space, which has a healthy and competitive
(though consolidation is taking place for market economic reasons)
registrar regime, and vastly less effective "statist" administrative
cost to would-be registrants. in sum, the state is aware that
"statist" approaches to arabic language uptake and operational
investment in infrastructure compare poorly to alternatives. in other
areas, from wireline to wireless voice, to petroleum, that state uses
non-state resources to promote public policy goals.
as the gac is working more closely with the alac than at any prior
point in the past, and the gac has vigorously and overtly represented
private interests (primarily trademark holders), the "governments
only" model advanced elsewhere seems ... largely uninformed by the
operational practice of a working policy body with significant
government participation as governments.
I hope this helps provide some context as you requested.
it provides some specific questions to pursue. note that there will be
an intersessional meeting arising from the gac's formal notice to the
board that it considered its advice on two subject areas to have been
rejected by the board, triggering the icann bylaws.
are the respective wsis++ folks are not in sync with the respective
icann++ folks?
granted, almost all of this is on the names side of the {addr,asn,dns}
triple that icann is self-or-other-tasked to administer, so the v6 and
rir bits are mostly not addressed.
thanks for the pointers, i'll catch up on the wsis bits i've ignored
for most of a decade, but it will be in my spare time, and there are
so many people in wsis i find less pleasant company than a room full
of trademark lawyers.
eric
p.s. the acronym to laborious declaim comes with no other benefits, so
someone with travel nickles will have to cover the june wsis in
geneva. as i don't work for core any longer i can't wrangle a trip to
check on the fondue supplies or the secretariat operations or ...
in case of prefix withdrawal, dial-out
It is my son's turn to have the laptop so I won't bother to translate. The non-francophones can use Google's auto-xlate bot. http://www.lemonde.fr/technologies/article/2011/01/28/pour-contourner-le-blocage-du-web-les-modems-56k_1471819_651865.html
AmazonAWS contact
Could someone from Amazon Web Services contact me off list? I'm getting root login attempts from one of your assets and abuse@ hasn't been responsive today. Tia, Eric
Re: Owning a name
On 6/26/14 9:20 PM, Bill Woodcock wrote: On Jun 26, 2014, at 9:13 PM, Patrick W. Gilmore wrote: On Jun 27, 2014, at 00:07 , Larry Sheldon wrote: http://joshuapundit.blogspot.com/2014/06/court-ruling-israeli-and-us-terrorism.html Have not seen much discussion about this. That would be a horrifically bad precedent to set. I hope this insanity stops before it get started. Anyone have a link to the actual ruling? This URL is to a very positionally-specific interpretation of events, which is fairly disconnected from reality on the ICANN side… It’s quite possible it’s an equally clueless interpretation of the court decision. In any event, even if the court was as clueless as this implies, it won’t go anywhere. -Bill please see the iana's redelegation rules. start with .pn looking for first principles. -e
Re: Net Neutrality...
On 7/16/14 7:50 AM, Fred Baker (fred) wrote: Relevant article by former FCC Chair http://www.washingtonpost.com/posteverything/wp/2014/07/14/this-is-why-the-government-should-never-control-the-internet/ It reads like a hit piece (by a Republican "free markets" ideologue) on a (Progressive) Democratic primary candidate for Lt. Governor of New York, not like a reasoned case by an informed policy analyst. YMMV, of course. Eric
The case(s) for, and against, preemption (was Re: Muni Fiber and Politics)
On 7/22/14 11:13 AM, Ray Soucy wrote:
Municipal FTTH needs to be a regulated public utility (ideally at a
state or regional level). It should have an open access policy at
published rates and be forbidden from offering lit service on the
fiber (conflict of interest).
Ray,
Could you offer a case for state (or regional, including a
jurisdictional definition) preemption of local regulation?
Counties in Maine don't have charters, and, like most states in the
North East, their powers do not extend to incorporated municipalities.
Here in Oregon there are general law counties, and chartered counties,
and in the former, county ordinances to not apply, unless by agreement,
with incorporated municipalities, in the later, the affect of county
ordinances is not specified, though Art. VI, sec. 10 could be read as
creating applicability, where there is a "county concern". In
agricultural regions (the South, the Mid-West, the West), country
government powers are significantly greater than in the North East, and
as in the case of Oregon, nuanced by the exceptions of charter vs
non-charter, inferior jurisdictions. Yet another big issue is Dillon's
Rule or Home Rule -- in the former the inferior jurisdictions of the
state only have express granted powers on specific issues, and in the
latter the inferior jurisdictions of the state have significant powers
"enshrined in the State(s) Constitution(s)".
I mention all this simply to show that one solution is not likely to fit
all uses.
Now because I've worked on Tribal Bonding, I'm aware that the IRS allows
municipalities to issue tax free bonds for purposes that are wider than
the "government purposes" test the IRS has imposed on Tribal Bonding (up
until last year). Stadiums, golf courses, and {filling a hole in | using
pole space on} public rights-of-way -- forms of long-term revenue Tribes
are barred from funding via tax free bonds by an IRS rule.
The (two, collided) points being, municipalities are likely sources of
per-build-out funding, via their bonding authority, and you've offered a
claim, shared by others, that municipalities should be preempted from
per-build-out regulation of their infrastructure.
How should it work, money originates in the municipality of X, but
regulation of the use of that money resides in another jurisdiction?
Eric
Re: The case(s) for, and against, preemption (was Re: Muni Fiber and Politics)
On 7/22/14 1:55 PM, Ray Soucy wrote:
You're over-thinking it. Use the power company as a model and you'll
close to the right path.
Well, no, but thanks for your thoughts.
Portland vs. Cumberland County as respective hypothetical bonding and
regulating authorities, not {Bangor Hydro|Florida Power & Light|...} and
Central Maine Power, generators and distributor, respectively.
Eric
Re: Muni Fiber and Politics
On 7/23/14 5:30 AM, Scott Helms wrote: The people involved in the bond arrangements almost invariably see having the city the layer 3 provider as more reliable path to getting repaid than an open system. I assumed this was true, that bonds with the revenue stream based upon rights-of-way lease only, or row+dark-fiber, or ... were each incrementally easier to sell, having incrementally larger per-customer revenue shares. If anyone has specific bonds, or bonding experiences they can point to I'd appreciate the pointers. TiA, Eric
Correspondence to the FCC re: preemption of local government as a source of regulation
For those interested, first in my morning's inbox is a letter from
Oregon State Senator Bruce Starr (R-15, Hillsboro), and Nevada State
Senator Debbie Smith (D-13), President and President-elect,
respectively, of the National Conference of State Legislatures to FCC
Chairman Thomas Wheeler, expressing their firm conviction as of Tuesday
of this week that states have the constitutional authority to preempt
municipalities in the domain of communications infrastructure.
The letter is not a legal memo, so it expresses little of any use.
Anyone wanting a copy can probably find it on either the FCC or the NCSL
websites.
Next is "by hand" of today from Jim Baller, retained by the Electrical
Power Board of the City of Chatanooga, to the FCC. It is a 64pp legal
memo constituting a "Petition for Removal of Barriers to Broadband
Investment and Competition", that is, an argument that Section 706 of
the Telecommunication Act of 1996 takes precedence over Tenn. Code Ann.
§ 7-52-601 ("Section 601").
Here is the link: https://www.epb.net/downloads/legal/EPB-FCCPetition.pdf
I expect the second correspondence will make more interesting reading.
Eric
Re: De-funding the ITU
On 1/12/13 10:49 PM, Bill Woodcock wrote: > ... serious corruption problem, that wants to shut the Internet down ... Bill, I don't accept the premise that (a) the settlement free peering model as modernly practiced can not also be characterized as problematic, and that (b) the intents (note the plural) of the states authors of the several policy proposals advanced at wcit are reasonably, or usefully so characterized. Eric
Re: De-funding the ITU
On 1/14/13 11:23 AM, Bill Woodcock wrote:
> ... The ITU ...
How shall states determine what harms are lawfully attempted, and what
harms are not lawfully attempted? Shall there be a treaty concerning
"cyber" strife between states, or shall "cyber" strife between states
be without treaty based limits?
If one answers that without is less attractive than with, what is the
means by which states arrive at treaties, without the ITU, or treaty
bodies similar to the ITU, whether regional, or global, in membership
and form?
Shall all predatory or intentionally injurious uses of
trans-jurisdictionally routed communications be {managed, reduced,
mitigated, ...} by private parties, which are, inter alia, for the
most part, for-profit corporations, with no, or negative, fiduciary
duty to "police" the net?
Flawed as the current institution is, and has been, for the duration
of the the connectionist vs connectionless struggle, proposing to
remove the state member organization without a proposal for an
alternative public purposed organization, not all of which are state
actors, means not have very useful starting points for the big
questions -- shall there be any limit on state actions? shall there be
any limit on non-state actions?
Eric
Re: Muni network ownership and the Fourth
On 1/29/13 9:40 AM, William Allen Simpson wrote: > I'd like to join Jay, Scott, Leo, and presumably Dave > supporting muni network ... +1 i'm indifferent to the "public-can't" rational as munis appear to do an adequate job of water and power delivery-to-the-curb, in eugene, palo alto, san francisco, ... and the capacity of fiber obsoletes the early telephone and telegraph notion of poll space contention, a basis for an earlier "natural monopoly" theory. i'm also indifferent to the "leo-in-the-noc" rational as the separation is presently somewhat fictive and overzealous prosecutions are the norm. -e
Re: Muni network ownership and the Fourth
On 1/29/13 3:50 PM, Jean-Francois Mezei wrote:
> It is in fact important for a government (municipal, state/privince or
> federal) to stay at a last mile layer 2 service with no retail offering.
> Wholesale only.
That reminds me, the City of Eugene is interviewing for a CTO. I think
the City could and should populate its rights of way (Eugene's public
utility delivers water and power to residential customers) with
physical media.
> Not only is the last mile competitively neutral because it is not
> involved in retail, but it them invites competition by allowing many
> service providers to provide retail services over the last mile network.
My guess is that if the offering to use municipal transport was made
to any access provider except those franchise incumbents (Comcast for
ip/cdn, Verizon, ip/ss7), they would sue, under some equity theory or
another, so the "last mile competitively neutral" really means the
City is paying to do a buildout the local duopoly franchies won't, and
the equity to access providers will be limited to the City owned
infrastructure, not the infrastructure the duopolies have built out in
the past under City granted franchise.
Well, got to read some pleadings and FCC filings related to Oregon law
and municipal authority to impose rights-of-way ("ROW") compensation
and management.
Eric
Re: Muni network ownership and the Fourth
On 1/30/13 6:33 AM, Jason Baugher wrote: > The other thing I find interesting about this entire thread is the > assumption by most that a government entity would ... could we agree that contract management is a problem inherent and not abandon an engineering discussion, which includes economics, to some ideological rathole? -e
Re: Muni fiber: L1 or L2?
On 1/31/13 6:28 PM, Dan Armstrong wrote: > But the most successful municipal undertaking to support telecom I have ever > seen is a municipally owned conduit system…. Could you be a bit more specific? What is the muni, and where can the business model data be found? Also, what was the muni's ROW compensation prior to doing the right-of-way buildout, and after? Eric
Re: Muni network ownership and the Fourth
On 2/1/13 6:26 AM, Dave Sparro wrote: > municipal utilities: > - sell bonds cheaper (holders get tax-advantaged rates in interest > income, and are ultimately backed by the muni taxpayers) Tangential to the private vs public screed: The ability to issue (and sell) tax exempt (T-E) bonds for any purpose is a given for governments in the US -- unless the government is that of a Federally Recognized Indian Tribal government -- where an "essential government interest" test applies. The history of the "essential government interest" test is rather sordid, but it resulted in only two bonds issued by any tribal governments for any purpose in 2010, none in 2011, and none in the first half of 2012. In any event, the "cost advantage" Dave cited, is not restricted to network buildouts by public entities funded by T-E bonds. Eric
Re: Will wholesale-only muni actually bring the boys to your yard?
On 2/2/13 9:54 AM, Jay Ashworth wrote: >> > I would think in this model that the city would be prohibited from >> > providing those services. > That is what I just said, yes, Brandon: the City would offer L1 optical > home-run connectivity and optional L2 transport and aggregation with > Ethernet provider hand-off, and nothing at any higher layers. > The L0 (ROW, poles & conduits) provider, and in option #1 L1 connectivity provider, and in option #2 L2 transport and aggregation provider, aka "City" is also a consumer of "City 2 City" service above L2, and is also a consumer of "City 2 Subscriber" services above L2. Creating the better platform for competitive access to the City's L(option(s)) infrastructure must not prelude "City" as a provider. Eric
Re: looking for terminology recommendations concerning non-rooted FQDNs
On 2/22/13 11:01 AM, Andrew Sullivan wrote: > Without getting into metaphysics, we can think of the dot in the > presentation format as representing the separators in the wire > format. In the wire format, of course, these separators are octets > that indicate the size of the next label. And since the final label > is null, the separator indicates a zero length in the wire format. > Therefore, in the presentation format, the final separator is > indicative of the (null) root label after. just keep in mind that while "." ought to be a label separator, the utc's bidi algorithm allows the directionality of a label to "leak" across the "period" character, where it is not a terminal character. hilarity ensues.
GMAIL contact
Folks, We'd a user account compromised a couple of weeks ago, spam naturally. We're not getting any response from Gmail's set of contacts, so if anyone has a working Gmail contact, phone or mail, that they're willing to share off-list, I'd appreciate it. Eric Brunner-Williams
Re: Quad-A records in Network Solutions ?
On 4/9/13 4:23 PM, Mark Andrews wrote: > It's about time certification was lost for failure to handle > records. The same should also apply for DS records. You can suggest this to the compliance team. It seems to me (registrar hat == "on") that in 2.5 years time, when Staff next conducts a registrar audit, that this is a reasonable expectation of an accreditation holding contracted party. It simply needs to be added to the base RAA agreement. Joe _may_ be in a position to encourage the compliance team to develop a metric and a test mechanism, but at present, the compliance team appears to be capable of WHOIS:43 harvesting (via Kent's boxen) and occasional WHOIS:80 scraping, and little else beyond records reconciliation for a limited sample. NB, investing equal oversight labor in all current (and former) RAA holders is (a) a significant duplication of effort for little possible benefit where shell registrars are concerned, and (b) treats registrars (and their registrants' interests in fair dealing) with a few hundreds of domains and registrars (and their registrants' interests) with 10% or more of the total gTLD registry market indifferently by policy and enforcement tool design. The latter means most registrants (those with performance contracts from registrars with 10% market share) receive several orders of magnitude less contractual oversight protections than registrants using registrars with a few hundred "names under management". IMHO, that's a problem that could be fixed. Eric
Re: Quad-A records in Network Solutions ?
On 4/9/13 5:39 PM, Owen DeLong wrote: > I said all of this years ago as a suggestion for the next round of contract > renewals (since I was told that it had to be added to the contracts first). > > Best of luck. Personally, I think it should have been a requirement at least > 5 years ago. And exactly where were you in ICANN process and politics in 2008?
Re: Quad-A records in Network Solutions ?
On 4/9/13 5:47 PM, Jared Mauch wrote: > Can you point is at the right address or form to submit regarding this? Seems > like its time for both on and DS. Jared, Joe is an employee of the corporation, a rather high ranking one. As I mentioned in my response to Mark, he _may_ be in a position to encourage both legal to develop new language for future addition to the RAA, and the Registrar Liaison to socialize the issue to those RAA parties who are members of the Registrar Stakeholder Group within the Contracted Parties House of the GNSO, and the Compliance team. As a matter of policy development you should expect that Registrars (recall hat) have been presented with ... proposed new terms and conditions that ... are not universally appreciated, and so one must either (a) impose new conditions unilaterally upon counter-parties, arguing some theory of necessity, or (b) negotiate a mutually agreeable modification. There is a lot of heat lost in the ICANN system, so to re-purpose the off-hand observation of John Curran made recently, operators having some rough consensus on desirable features of RRSet editors may be a necessary predicate to policy intervention. As I observed to John, the ISP Constituency within the ICANN GNSO has been an effective advocate of trademark policy, and no other policy area, since the Montevideo General meeting, in 2001. Eric P.S. I may be turning in my Registrar hat in the near future.
Re: Quad-A records in Network Solutions ?
In time of response order: There is Leo's reference to the not yet concluded RAA process, in which a para contains possibly relevant "registrar shall" terms. This is forward looking (the proposed RAA is not yet required by the Corporation) and may apply only to parties contracting with the Corporation for the right to provide "registrar services" to some, not all, registries, operated under some contract with the Corporation. It may, if read creatively, solve the problem for a "new registrar" offering registration services for one or more "new gTLD(s)", but that may be the extent of its applicability. If the creative reading fails, and DS may fall outside of these "registrar shall" terms. Next, there is Mark's observation, citing the same proposed RAA, that if the registrar provides a web interface (note well the "if"), and this web interface provides a means to edit A and NS records, there is no additional functional requirement for and/or DS. Mark observes that and DS updates require more from the registrant (also the registrar, when software, testing, staff (technical, support desk, and legal) training are not abstracted by a magic wand), and then observes that: > Maintenance of A, , NS and DS records are core functionality and > need to be treated as such. Here I personally differ. For those not paying attention to my slightest utterance over the past 15 years of NEWDOM policy and technology... I am sure that v6 matters to some, but not all, at least not in the manditory-to-implement-yesterday sense advocated by the v6 evangelicals (who have captured the Corporation on this issue). I'm also sure that DNSSEC matters to some, but not all, at least not in the manditory-to-implement-yesterday sense advocated by the DNSSEC evangelicals (who have captured the Corporation on this issue). Some 80% of the available-by-contract names in the namespace published by the US DoC through its contractors, Verisign and the Corporation lie in one zone, which became signed as recently as March 31, 2011 (see Matt Larson's note to the DNSSEC deployment list). Of those a very small minority are signed. v6 availability statistics for North America, where over half of the registrars possessing the accreditation of the Corporation to offer registration services for this namespace are domiciled, and by inference, a substantial fraction of the registrant domains are hosted, are similarly a very small minority. It seems to me, and I don't suggest that anyone else hold this view, least of all the v6/DNSSEC evangelicals, that it is possible for one or more registrants to exist who desire neither to sign their domains, nor to ensure their availability via v6. This registrant, or these registrants, would be well served by a registrar which did not offer and/or DS record editing services. It also seems to me, and again, I don't suggest that anyone else hold this view, that the number of such registrants could be sufficient to support a cost recovery operator of a namespace which is not signed, and for which no record, in the namespace published by the US Doc (through its contractors, blah blah) exists. Obviously, the converse view carried the day, though not (yet) for namespaces not operated under contract with the Corporation. Leo's follow-up on input valuable to the consultation would, I think, have scope limited only to "new registrars" offering registry services to "new registries". See the "very small minority" observations, supra. Finally, Bill points out that there are several contracts still applicable, and the rather turgid nature of the policy and implementation dialog(s) of the opposing parties around the proposed 2013 contracts. There are registrars operating under the pre-2009 and the 2009 contracts looking at forming distinct legal entities to enter into the eventual post-2012 contract, a reasonable scenario is trademark exploitation and exit, iterated across a series of unlikely to be sustainable product launches, and there are registrars that simply won't bother with future "landrush" sales any more than they bother with current "expiry" sales. The point being the "trigger" Bill mentioned isn't universal, it really is limited to those who's registrar business interest in the Corporation is brand extension, or are applicants for vertically integrated registries. Bill observes that the ATRT2 is a possible venue. This may be, but on the whole, the interest of the United States Government in the capture of its delegated rule maker by the regulated businesses is limited. There was one mention "... a group of participants that engage in [Corporation]'s processes to a greater extent than ..." in the AoC of September 2009. Subsequent public communications of the Government concerning Notice and Comment obligations, usually referred to as "accountability and transparency" by the Corporation, are not evident to me. Bill closes with an obvious recommendation -- pick a registrar that wo
Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)
On 2/2/12 12:32 PM, Ray Soucy wrote: >> So, to pose the obvious question: Should there be [a law against prefix >> hijacking]? > > > > So far the track record of the US government trying to make laws > regarding technology and the Internet has been less than stellar. ... While I agree with Ray's points, I want to point out that "new law" to address (obvious pun) disruptive announcements may not be necessary -- at least, I blew off the better part of a day writing to Peter Dengate Thrush and Rod Beckstrom that arbitrary bad acts in the public addressing system were the proper concern of the entity tasked with the technical coordination of unique endpoint identifiers. I didn't expect much from the recipients -- I've known Peter too long and never could be bothered to share Rod's twinkle, but while one prefix announcement may harm one set of downstreams, rapid sustained announcement and withdrawal will harm the DFZ, a much larger kettle of digital fish. One could claim that absent convergence limiting effect on the DFZ no prefix bogosity has general adverse effect (but some prefixes are more interesting than others, so that isn't a policy without nuances), and enjoy watching the state actors and non-state actors and ordinary venal idiots and very ordinary fatfingered idiots* prepend/announce/withdraw with gleeful abandon, or one could assert that autonomous reallocations of limited resources has general adverse effect in addition to the local effect on downstreams, and associate coordinated corrective reallocations with autonomous reallocations. That's "pulling the plug" on retarded dictators, embezzlers, and the latent mil-wits who view the DNS and BGP infrastructures as legitimate military targets. I don't expect progress overnight, in fact I wrote the former Chair and current CEO of that "entity tasked with the technical coordination of unique endpoint identifiers" with no expectations at all (knowledge, supra), but policy response (including errors, see PIPA, SOPA, et seq.) to bad acts in one set of identifiers can be extended to policy response (including errors, resolvers have no monopoly on errors) on the other set of identifiers. So, new law? I don't think its necessary. YMMV, Eric
Re: [POLITICS] ICANN elections
What Bill said. Comments to the website (http://aso.icann.org/people/icann-board-elections/2012-elections/) are moderated, so any statements of support won't show up (except to the person who makes the statement) until the moderator has gotten a round tuit. The [s]electorate to be persuaded is here: http://aso.icann.org/people/address-council/address-council-members/ Cheers, Eric > There are four really good candidates. Please consider sending in a > statement of > support for one of them. > > /bill > > - Forwarded message - > > Date: Fri, 03 Feb 2012 09:38:06 +1000 > To: Bill Manning > Subject: Comment Period for ICANN Board Seat 9 Election > > Consistent with the ASO Memorandum of Understanding and ICANN Bylaws, > the Address Supporting Organization Address Council (ASO AC) is > responsible for the appointment of a representative to serve on Seat > Number 9 of the ICANN Board. > > The ASO AC is pleased to announce the following four candidates for its > upcoming appointment. > > The Candidates are: > > - Thomas Eric Brunner-Williams > - Martin J. Levy > - William Manning > - Raymond Alan Plzak > > In accordance with the ASO AC election procedures, a comment period is > now open. A short biography is available and supporting comment > facilities for each candidate may be found at: > > http://aso.icann.org/people/icann-board-elections/2012-elections/ > > The comment period will close at 23:59 UTC on 19 April 2012. Comments > will be moderated. > > ASO Secretariat > secretar...@aso.icann.org > > - End forwarded message - > > >
Re: Dear RIPE: Please don't encourage phishing
On 2/15/12 8:32 AM, Mark Andrews wrote: > ... Before deciding to go the IDNA route, treating DNS > labels as UTF-8 was discussed, evaluated and rejected. well, sort of. we started with "idn" as a wg label. the smtp weenies opined that they'd never have a flag day and anything other than a boot encoding in LDH would harm LDH limited mailers, so ... the code point problem (or problems) was moved out of "infrastructure" and into "applications", so the work product was labeled "idna", which the successor wg had no alternative except to follow the "in a" set of dependencies and assumptions. as you observed, labels are length tagged binary blobs, and where the blobs consist of 7 bit ascii values in the 'a'-'z' range, case folding is performed in lookup. what happens outside of that range is a path not taken, though i tried in 2929 to leave that open for future work, the sentence which read "text labels can, in fact, include any octet value including zero octets but most current uses involve only [US-ASCII]." was, if memory serves, proposed by a co-author to have been more restrictive. i agree with the "rejected" statement, the "evaluated" and even the "discussed" overstate the room available after the smtp weenies weighed in on what was permissible in headers. -e
Re: Programmers with network engineering skills
> In my experience the path of least resistance is to get a junior network > engineer and ... agree, where the end goal is to increment the facility's scripting capable administrators. been there, done that. disagree, where the end goal is to create a coherent distributed system with a non-trivial lifecycle, release schedule, documentation, i18n/l10n capabilities and deliverables, resembling an operating system product. been there, done that. where i'm looking at gray is platforms built atop of platforms. for mpi, pvm and similar (b) is the better choice. for grid computing, i suspect (a) may answer. -e
Re: Request to lease IP space, or things that make you want to go hmmmmm..
Thank you George. Not SMTP but HTTP.
I expect exact match string (as brand) marketers, and also
partial match string (as brand typo-squatter) marketers, to exploit
this asset class ("widely spread and legitimately routed IPs").
#include
#include
#include
Eric
Re: Concern about gTLD servers in India
> In article <95f7df59-052d-43ba-869f-289df915c...@arbor.net> you write: >> On Mar 10, 2012, at 7:02 PM, Robert E. Seastrom wrote: >> >>> there are four gtlds >> Aren't there actually seven? > Including the new IDN TLDs, there are now 60. well there are the legacy (pre-2000) set. there are the seven arising from the 7-10 proposal from WG-C*, aka the "2000 round**", of which three are "sponsored" (restrictions on registration policies) and four were "generic" (no such restrictions, price caps), all of which operate in some form or another at present. there are the set arising from the 2004 round***, all of which nominally are "sponsored", which now includes .xxx, but does not yet include .post (501(c)(3) (choice-of-contracting-or-memoing with a treaty organization problem), so about two dozen. there are the IDN (ascii encoded representations of unicode) delegations arising from the IDN ccTLD Fast-Track program, which share the no-or-significiantly-different-contract property of the delegations made for most iso3166 code points. to refer to these as "generic" is both reasonable, and misleading. the underlying issue is whether the operator has repurposed the original ASCII, or subsequent IDN delegations, as more similar to the CNOBI set of registries on a registration policy basis, making the delegation "generic", but without a CNOBI-like contract with ICANN, or not. examples of repurposed ccTLDs are nu, cc, me, us, ... the location of registries is quite distinct from the location of name server constellations, with the former being mono- or dual-sited, and operated by the delegee or single (there are exceptions) contractor, and the latter being multi-sited, and operated by multiple parties. a related issue, the subject of v6 evangelism, is the availability of redundant transit, which under the current ICANN DAG, appears to me to preclude registry siting in venues lacking redundant native v6 transit in Q12013, limiting data centers in Africa and South Asia. cheers, -e * member, WG-C. ** contributor to one or more successful 2000 registry inits. *** contributor to one or more successful 2004 registry inits. CNOBI == COM/NET/ORG/BIZ/INFO -- a single business model.
Re: Concern about gTLD servers in India
>> Also, one could make a distinction between sponsored TLDs and
>> generic TLDs, but that's probably splitting hairs.
>
> I suppose, but they all have similar registry and registrar agreements
> with ICANN, which is what makes them different from ccTLDs.
at present there are almost as many substantively distinct contracts
as there are post-legacy, non-country-code (ASCII and IDN) registries.
there are similarities, but there are also distinct differences in
registration policy, price caps, and cross ownership.
imo, the hair to split is the business models of the operators: there
is one business model characterized by $6 FCFS as modified by the
UDRP. this business model is common to the VGRS properties, the
Afilias and the NeuStar properties. there is another business model
characterized by greater restrictions on registrations. this business
model is common to the CORE properties and the NCUA property.
ppc density in the string space about {google, microsoft, walmart,
ibm, vodafone, bank of america, general electric, apple, wells fargo,
at&t}* common marks in a namespace is one distinguishing characteristic.
another hair to split is the operational practice of ccTLD registries.
many lack "nexus" requirements, and share the ppc density of the
$6/FCFS/UDRP business model, and quite a few have few registrations
other than foreign jurisdiction trademarks.
-e
* forbes top ten list of 6/15/11.
Re: Concern about gTLD servers in India
On 3/10/12 3:23 PM, Jonathan Lassoff wrote:
> I would presume that Verisign decided that it just wasn't worth the
> effort to deploy into India.
operational control of .in passed to a for-profit operator domiciled
in one_of{us,ca,ie} other than VGRS. as india is a competitor's
property, investment there by VGRS mby be difficult to justify.
-e
Re: US withdraws IANA RFP, ‘no suitable responses’
good head line copy edit. body lacks substance, though not attitude. -e
Re: BCP38 Deployment
On 3/28/12 11:45 AM, David Conrad wrote: > Actually, given the uptick in spoofing-based DoS attacks, the ease in which > such attacks can be generated, recent high profile targets of said attacks, > and the full-on money pumping freakout about anything with "cyber-" tacked on > the front, I suspect a likely outcome will be proposals for legislation > forcing ISPs to do something like BCP38. in a note (which didn't go anywhere in particular) i pointed out that contract may address the same issue for which legislation may be proposed, at least for "contractual closures" (sorry, a term of my own, defined below) which share the property some jurisdictions have of a finite access provider universe. i mean "contractual closure" to be the performance guarantee (or non-performance guarantee) present in a set of contracts for a particular service. think "china", after first abstracting all the negatives associated with policy as a property of a distributed, shared, public resource, or "firewalls 4 (bcp defined) good". -e
Re: French Regulator to ask all your information about your Peering
interesting discussion of jurisdiction. > In the present instance, we regard ARCEP’s proposed reporting requirement as > constituting an extra- > territorial obligation that ought not to be applied to operators who are > neither established in France nor > directly providing services within France, merely by virtue of their > interconnecting with a network that > does operate in France. > > Similar considerations apply, mutatis mutandis, to the application of a > reporting requirement to the > providers of content services established and operating outside France. We do > not consider the provision > of content in the French language to be sufficient, by itself, to place the > content provider within ARCEP’s > jurisdiction. > > We consider this lack of jurisdiction to be sufficient reason for ARCEP to > withdraw categories (b) and (d) > from the scope of persons enumerated in Article 1 of the Draft Decision. -e
Re: Vixie warns: DNS Changer ‘blackouts’ inevitable
On 5/23/12 1:40 AM, bmann...@vacation.karoshi.com wrote: > In a modestly favorable light, ISC looks like an arms dealer (DNS > redirection) > to the bad guys my thought "looks like a reasonably successful alternate root operator". i mention kevin dunlap as well as bill's mention of phil almquist, and there's another 4th floor of evans hall name i nay recall when caffinated. -e
Re: Wacky Weekend: The '.secure' gTLD
On 5/31/12 10:52 PM, John Levine wrote: >> What will drive the price up is the lawsuits that come out of the >> >woodwork when they start trying to enforce their provisions. "What? I >> >have already printed my letterhead! What do you mean my busted DKIM >> >service is a problem?" > History suggests that the problem will be the opposite. They will > find that the number of registrations is an order of magnitude less > than their worst case estimate (a problem that every domain added in > the past decade has had), and they will make the rules ever looser to > try to gather more registrations and appease their financial backers > until it's yet another meaningless generic TLD. agree. > For concrete examples, see what happened to .AERO, .TRAVEL, .PRO, and start with .biz as its re-purposing occurred first. > of course the race to the bottom of first regular SSL certificates, > and now green bar certificates. > > What might be useful would be .BANK, with both security rules and > limited registrations to actual banks. Identifying banks is > relatively* easy, since you can use the lists of entities that > national bank regulators regulate. agree. proposed by core. opposed by aba. > R's, > John > > * - I said relatively, not absolutely. even within the financial services industry, useful taxonomies exist, e.g., ethical banks, islamic banks, depositor owned cooperative banks, ... again, proposed by core. opposed by aba. and you _were_ on the high security generic top-level domain working group where you pushed for anti-spamdom and i for forms of "more secure banking". -e
Re: Wacky Weekend: The '.secure' gTLD
On 6/4/12 12:30 AM, Keith Medcalf wrote: > The greatest advantage of .SECURE is that it will help ensure that all the > high-value targets are easy to find. one of the rationalizations for imposing a dnssec mandatory to implement requirement (by icann staff driven by dnssec evangelists) is that all slds are benefit equally from the semantic. restated, the value of protecting some bank.tld is indistinguishable from protecting some junk.tld. re-restated, no new tlds will offer no economic, or political, incentives to attack mitigated by dnssec. i differed from staff-and-dnssec-evangelists, and obviously lost. see also all possible locations for registries already have native v6, or can tunnel via avian carrier, another staff driven by ipv6 evangelists, who couldn't defer the v6 mandatory to implement requirement until availability was no longer hypothetical, or scheduled, for which difference again availed naught. as a marketing message, sld use of .secure as a tld may be sufficient to ensure that a sufficient density of high-value targets are indeed slds of that tld. staff has not discovered a stability and security requirement which is contra-indicated by such a common fate / point of failure. note also that the requirements for new tlds are significantly greater than for the existing set, so whatever the .com operator does, it is not driven by the contract compliance regime which contains either the dnssec or v6 manditory upon delegation bogies. -e p.s. the usual -sec and -6 evangelicals can ... assert their inerrant correctness as a matter of faith -- faith based policy seems to be the norm.
Re: Wacky Weekend: The '.secure' gTLD
On 6/4/12 3:28 PM, Andrew Sullivan wrote: > Well, I note that at least the .secure promoters haven't decided it's > a good idea: the _known_ .secure-and-all-confusingly-similar-labels promoters. the reveal is weeks away, followed by the joys of contention set formation. there may be more than one .secure application, and who knows, perhaps a .sec in the bag, or a .cure, or a .seeker, or .sequre, or ... however, yeah, the requirement bites at contract / delegation time, so about a year in the future. -e
Re: Richard Bennett, NANOG posting, and Integrity
On 7/25/14 4:29 PM, Suresh Ramasubramanian wrote: Not that some leading proponents of net neutrality would even know a router if it bit them ... i'm _trying_ to imagine the lobbyists, corporate counsels, and company officers above the v.p. of engineering i know who have vastly superior clue and i'm finding my imagination lacking. $friday.
Gmail contact
Please ping me. TiA, Eric
Re: Fwd: [ PRIVACY Forum ] An Iranian Grand Ayatollah Issues Fatwa Stating High Speed Internet is against Sharia
well, looking at the ayatollah's website and invoking google translate there's this language: "... different mechanisms to secure and protect their users against the moral and psychological damage this type of service, including access to information, videos and photos from immoral and inhuman, rumors and seduction, spying and undermining the foundations of the family ..." so, not a lot goofier than the objection to .xxx made by the usg, or available at most media outlets that sell the meme that the internet causes shit to happen. -e On 8/31/14 10:35 PM, Jay Ashworth wrote: Cause it's a long weekend, and why shouldn't it be whackier than normal. - Forwarded Message - From: "PRIVACY Forum mailing list" To: privacy-l...@vortex.com Sent: Sunday, August 31, 2014 11:34:16 PM Subject: [ PRIVACY Forum ] An Iranian Grand Ayatollah Issues Fatwa Stating High Speed Internet is against Sharia An Iranian Grand Ayatollah Issues Fatwa Stating High Speed Internet is against Sharia (Iran Human Rights): http://www.iranhumanrights.org/2014/08/makarem-internet/ A Grand Ayatollah in Iran has determined that access to high-speed and 3G Internet is "against Sharia" and "against moral standards." In answer to a question published on his website, Grand Ayatollah Nasser Makarem Shirazi, one of the country's highest clerical authorities, issued a fatwa, stating "All third generation [3G] and high-speed internet services, prior to realization of the required conditions for the National Information Network [Iran's government-controlled and censored Internet which is under development], is against Sharia [and] against moral and human standards." - - - Comcast, Verizon, AT&T, Time Warner Cable, and other dominant ISPs are now in a bidding war to hire him as a consultant and board member. RUN AWAY!!! Cheers, -- jra
Re: Fwd: [ PRIVACY Forum ] An Iranian Grand Ayatollah Issues Fatwa Stating High Speed Internet is against Sharia
see also: http://www.al-monitor.com/pulse/originals/2014/09/iran-3g-phones-filter-unsanitary-water.html# restated slightly, video, the primary vehicle for porn, needs minders, text, the primary vehicle for ideas, does not. -e On 8/31/14 11:08 PM, Eric Brunner-Williams wrote: well, looking at the ayatollah's website and invoking google translate there's this language: "... different mechanisms to secure and protect their users against the moral and psychological damage this type of service, including access to information, videos and photos from immoral and inhuman, rumors and seduction, spying and undermining the foundations of the family ..." so, not a lot goofier than the objection to .xxx made by the usg, or available at most media outlets that sell the meme that the internet causes shit to happen. -e On 8/31/14 10:35 PM, Jay Ashworth wrote: Cause it's a long weekend, and why shouldn't it be whackier than normal. - Forwarded Message - From: "PRIVACY Forum mailing list" To: privacy-l...@vortex.com Sent: Sunday, August 31, 2014 11:34:16 PM Subject: [ PRIVACY Forum ] An Iranian Grand Ayatollah Issues Fatwa Stating High Speed Internet is against Sharia An Iranian Grand Ayatollah Issues Fatwa Stating High Speed Internet is against Sharia (Iran Human Rights): http://www.iranhumanrights.org/2014/08/makarem-internet/ A Grand Ayatollah in Iran has determined that access to high-speed and 3G Internet is "against Sharia" and "against moral standards." In answer to a question published on his website, Grand Ayatollah Nasser Makarem Shirazi, one of the country's highest clerical authorities, issued a fatwa, stating "All third generation [3G] and high-speed internet services, prior to realization of the required conditions for the National Information Network [Iran's government-controlled and censored Internet which is under development], is against Sharia [and] against moral and human standards." - - - Comcast, Verizon, AT&T, Time Warner Cable, and other dominant ISPs are now in a bidding war to hire him as a consultant and board member. RUN AWAY!!! Cheers, -- jra
Re: Scotland ccTLD?
On 9/16/14 8:26 AM, Jay Ashworth wrote: What kind of timeframe would a new ccTLD for a major country roll out on? that could be several quite distinct questions: 1. assuming that the "aye" vote prevails, in what quarter will the iso3166/ma issue the relevant update, allocating a code point to the new political jurisdiction? 2. assuming the iso3166/ma issues the relevant update and code point, when will the new political jurisdiction designate a registry operator? 3. assuming new political jurisdiction designates a registry operator, when will the root zone publisher delegate the code point to the operator designated by the new political jurisdiction? 4. assuming the root zone publisher delegates the code point to the operator, when will the operator "go live", and what, if any, "stages of" or "restrictions on" access will the operator exercise subsequent to that point in time? your milage may vary, of course. Eric
Re: Scotland ccTLD? - armchair quarterbacking
well, apropos to point #2, the iso3166/ma includes representatives from ten agencies, of which a certain 501(c)(3) originally in marina del rey, now in los angeles, is included. however, i can't imagine staff offering an opinion of record on the subject. "ay" for "aye" would work for me. -e On 9/17/14 8:03 AM, manning bill wrote: > Perhaps a dose of factual information may temper this thread. > If we are talking about ISO-3166-2 - the basis for the CCTLD delegations, > then: > > 1_ Scotland has no say in the country code selected. > 2_ ICANN has no say in the country code selected. > 3_ The choice is up to an ISO committee. > > See: http://www.iso.org/iso/country_codes.htm > > > /bill > PO Box 12317 > Marina del Rey, CA 90295 > 310.322.8102 > > On 16September2014Tuesday, at 18:15, Larry Sheldon > wrote: > >> On 9/16/2014 18:57, Masataka Ohta wrote: >>> What will happen to ".uk" if England is left alone? >>> >>> Masataka Ohta >> There are still at least 3 countries left in the UK if Scotland splits. >> >> The name change is that in that event, Great Britain (.gb >> country-code Reserved Domain - IANA) will refer only to the land mass >> (which it should any way, but if often used to refer to the three >> kingdoms on it. >> >> >> -- >> The unique Characteristics of System Administrators: >> >> The fact that they are infallible; and, >> >> The fact that they learn from their mistakes. > > >
Re: Scotland ccTLD?
On 9/17/14 9:10 AM, Jay Ashworth wrote: - Original Message - From: "David Conrad" Right. Similarly, .SU has been assigned. SU is a bit odd in the sense that it was moved to “transitionally reserved” when the Soviet Union broke up and a batch of new country codes were created (e.g., RU, UA, etc.) and then, in 2007 (or so) it was moved from “transitionally reserved” (which the ISO 3166 Maintenance Agency says “stop use ASAP”) to “exceptionally reserved”. The .SU ccTLD is also a bit odd in that it is the only code that does not (officially) have a nation-state (and hence a legal framework) behind it. In practice, I believe it falls under the Russian legal framework. The European Union (holder of .eu) is not a nation-state either, is it? Cheers, -- jra iso3166-1 is not restricted to political jurisdictions, e.g., a "nation-state". there are about a dozen regional intellectual property organizations which have been allocated iso3166-1 code points, along with quite a few bits of postage stamp trivia, my favorites being those that have no human residents, some have been recently withdrawn. in the gtld trade, the .eu hack and the .ps hack stand out as creative use -- the first used the existence of a reserved alpha2 for a currency, the second a statistical abstraction -- to solve two similar problems -- the non-availability of namespaces to de facto political jurisdictions. the arab league has attempted, without success to date, to replicate the .eu hack, and an attempt has been made, also without success, to re-purpose rather than retire an iso3166-1 code point, previously allocated to the united states and managed until withdrawn, by the insular affairs office of the department of the interior, for one or more indigenous polities of north america. this just popped up in my fb feed (yes, i read rue89), apropos of the .su sub-thread. in keeping with the owen-knows-more-about-everything-than-i-do truism, one is free to ignore this and hold fast to owen's latest revealed wisdom: http://rue89.nouvelobs.com/2014/09/15/lurss-existe-toujours-internet-cest-devenu-zone-254809 -e
Re: Bare TLD resolutions
On 9/17/14 10:45 AM, David Conrad wrote: To be clear, generic TLDs (gTLDs) can’t have bare (dotless) TLDs (or wildcards). um. .museum. ...
Re: Why is .gov only for US government agencies?
at ietf-9 jon and i discussed the problem solved (scaling of the zone editor function as the price of network interfaces dropped by orders of magnitude) by reliance upon iso3166-1, and the problems created by reliance upon iso3166-1. the economic success of .cat (unique among the icann 1st and 2nd round gtld projects) and the orders of magnitude growth of catalan (as measured by google) as the detected or announced language of network accessible content are facts. [note, as cto of the .cat project i'd no way of knowing either outcome would arise.] i remain of the view that language and culture, and fate independence from the vgrs business model are sufficient to expand on the 1591 set of namespaces. -e On 10/20/14 3:09 PM, manning bill wrote: FNC “reserved” .gov and .mil for the US. And Postel was right… there was/is near zero reason to technically extend/expand the number of TLDs. /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 20October2014Monday, at 12:19, Sandra Murphy wrote: By the time of RFC1591, March 1994, authored by Jon Postel, said: GOV - This domain was originally intended for any kind of government office or agency. More recently a decision was taken to register only agencies of the US Federal government in this domain. No reference as to who, when, or how. That same RFC says: In the Domain Name System (DNS) naming of computers there is a hierarchy of names. The root of system is unnamed. There are a set of what are called "top-level domain names" (TLDs). These are the generic TLDs (EDU, COM, NET, ORG, GOV, MIL, and INT), and the two letter country codes from ISO-3166. It is extremely unlikely that any other TLDs will be created. Gotta love that last sentence, yes? --Sandy On Oct 20, 2014, at 12:50 PM, Fred Baker (fred) wrote: On Oct 19, 2014, at 5:05 AM, Matthew Petach wrote: Wondering if some of the long-time list members can shed some light on the question--why is the .gov top level domain only for use by US government agencies? Where do other world powers put their government agency domains? With the exception of the cctlds, shouldn't the top-level gtlds be generically open to anyone regardless of borders? Would love to get any info about the history of the decision to make it US-only. Thanks! Matt The short version is that that names were a process. In the beginning, hosts simply had names. When DNS came into being, names were transformed from “some-name” to “some-name.ARPA”. A few of what we now all gTLDs then came into being - .com, .net, .int, .mil, .gov, .edu - and the older .arpa names quickly fell into disuse. ccTLDs came later. I’ve been told that the reason God was able to create the earth in seven days was that He had no installed base. We do. The funny thing is that you’ll see a reflection of the gTLDs underneath the ccTLDs of a number of countries - .ac, .ed, and the like.
Re: Why is .gov only for US government agencies?
having written the technical portion of winning proposal to ntia for the .us zone, i differ. as i recall, having done the research, in the year prior to the ntia's tender some six people held some 40% of the major metro area subordinate namespaces. to my chagrin, relieved by a notice of termination days before my stock in the company vested, the winner adopted a "orange-black" model, deprecating the namespace's existing hierarchical registration model for a flat registration model. the registration process model for .us is dissimilar to the registration process models of .edu, .mil and .gov, as are the contractors to the government. -e On 10/20/14 3:26 PM, Doug Barton wrote: Obviously no serious consideration was given to that plan 10 years ago, or we wouldn't still be having the conversation today.
Re: Why is .gov only for US government agencies?
i won't comment on your experience, having no direct knowledge. why you comment on mine is uninteresting. -e On 10/20/14 9:03 PM, Doug Barton wrote: On 10/20/14 7:47 PM, Eric Brunner-Williams wrote: having written the technical portion of winning proposal to ntia for the .us zone, i differ. The plan I outlined was discussed about 2 years after Neustar took over management, and TMK was never actually discussed with Neustar. as i recall, having done the research, in the year prior to the ntia's tender some six people held some 40% of the major metro area subordinate namespaces. to my chagrin, relieved by a notice of termination days before my stock in the company vested, the winner adopted a "orange-black" model, deprecating the namespace's existing hierarchical registration model for a flat registration model. Yes, but the locality-based name space still exists. I used to hold some names under it, but gave them up when I moved out of state. Meanwhile, several states actively use their name space. But ... the registration process model for .us is dissimilar to the registration process models of .edu, .mil and .gov, as are the contractors to the government. ... none of this is relevant to the proposal at hand. Neustar manages the domain on behalf of the USG. There is nothing preventing them from changing the way it is used, and the 10 year period I proposed takes runout of existing contracts into account (since EDU, GOV, and MIL would need continued operation during that period anyway). Doug
Re: Linux: concerns over systemd adoption and Debian's decision to switch
systemd is insanity. see also smit.
Re: Why is .gov only for US government agencies?
it was at ietf-9, while jon and i were discussing the {features|flaws}
of iso3166-1, that another contributor approached us and ... spoke to
the unfairness, as argued by that contributor, of the armed forces of
the united kingdom being excluded from the use (as registrants) of the
.mil namespace.
i suggest the question is asked and answered, and as i offered slightly
obliquely earlier, the policy of an agency of government committed to
commercial deregulation (since the second clinton administration), in
particular use of .us, may not be the policy of the government in
general, nor the policy of an agency of government otherwise tasked,
e.g., the department of defense.
On 10/21/14 10:25 PM, ITechGeek wrote:
Instead of multiple govs trying to use .gov or .mil, the best idea would be
to collapse .gov under .gov.us and .mil under .mil.us
could we now put a good night kiss on the forehead of this sleepy child
and let him or her dream of candy and ponies?
-e
Re: An update from the ICANN ISPCP meeting...
some history. at the montevideo icann meeting (september, 2001), there were so few attendees to either the ispc (now ispcp) and the bc (still bc), that these two meetings merged. at the paris icann meeting (june, 2008) staff presented an analysis of the voting patters of the gnso constituencies -- to my non-surprise, both the bc and the ispc votes (now ispcp) correlated very highly with the intellectual property constituency, and unlike that constituency, originated very little in the way of policy issues for which an eventual vote was recorded. in other words, the bc and ispc were, and for the most part, imho, remain captive properties of the intellectual property constituency. this could change, but the isps that fund suits need to change the suits they send, the trademark lawyer of eyeball network operator X is not the vp of ops of network operator X. meanwhile, whois, the udrp, and other bits o' other-people's-business-model take up all the available time. eric On 10/23/14 2:58 PM, Warren Kumari wrote: Those of y'all who were at NANOG62 may remember a presentation from the ICANN Internet Service Provider and Connectivity Providers Constituency (ISPCP). I feel somewhat bad because I misunderstood what they were sayingin, and kinda lost my cool during the preso. Anyway, the ISPCP met at ICANN 51 last week. Unfortunately I was not able to attend, but the meeting audio stream is posted at: http://la51.icann.org/en/schedule/tue-ispcp If you'd rather read than listen, the transcript is posted here: http://la51.icann.org/en/schedule/tue-ispcp/transcript-ispcp-14oct14-en.pdf I snipped a bit that mentions NANOG: The next outreach experience that we had was at NANOG. NANOG, as you may know, is the North American Network Operators Group, an area where we really wanted to make an impact because it is the network operators groups that can really bring the insight that we need to act on being a unique and special voice within the ICANN community on issues that matter to ISPs around some of the things that are on our agenda today, such as universal access, such as name collisions. And we wanted to get more technical voices in the mix and more resources in the door so that we could make a better impact there. A lot of what we received when we stood up to give our presentation were messages from people who had attempted to engage in ICANN in the past or attempted to engage in the ISPCP in the past and had had very difficult time doing. They said when you come into this arena you spend so much time talking about process, so much time talking about Whois and what board seats, about what needs to happen around transparency. I'm a technical guy, I want to focus on technical issues and I don't have a unique venue for being able to do that. So we spent some time as a group trying to figure out how we can address that because we do need those voices. Our goal has been to take the feedback that we receive from NANOG and create an action plan to make sure that we can pull in voices like that and go back to the NOG community, go back to the technical operators community, bring them on board and say we've got a different path for you. Anyway, go listen / read the full transcript if you are so inclined... W
Re: A translation (was Re: An update from the ICANN ISPCP meeting...)
On 10/23/14 7:27 PM, David Conrad wrote: >in other words, the bc and ispc were, and for the most part, imho, remain captive properties of the intellectual property constituency. Here, Eric is suggesting the intellectual property folks are driving policy issues on behalf of the folks interested in security/stability of e-commerce and as well as ISPs and connectivity providers. I have no reason to doubt Eric's opinion as I've not been involved enough in that part of ICANN and he has. somethings get lost in translation. even the best of translations. i suggest that the agenda of the intellectual property constituency is the agenda of business and internet service provider constituencies, as measured (in 2008) by staff summary of policy initiatives and votes on policy by the constituencies of the gnso, due to the very high correlations of the constituency votes of record, but it could all be mere, though persistent, coincidence. a nuance is whether the accuracy of whois data (a problem dave crocker and i and others tried to fix at the los angeles icann meeting in november 2001, and which, as hordes of the undead, lives on and on and on) is what is generally meant by "security and stability", or if the value of accuracy of whois data has significant value to parties other than the intellectual property constituency. were the oarc meeting not held, by mere coincidence of course, in a particular hotel in los angeles last week, fewer people with operational roles might have been present. the protocol supporting organization tired of having a voting responsibility on the icann board and got the bylaws changed in 2003 to eliminate itself as a supporting organization holding voting seats on the icann board and created a technical advisory body tasked to periodically provide non-voting persons to offer technical advice to the icann board. i suppose a choice that addresses the problem warren noted is to ask if there is a continued need for operators-or-whatever-as-a-voting-body within the gnso. as much as i participated in the gnso reform program (which may have simply improved some of the ornamental decoration and changed some names from "constituencies" to "stakeholder groups" without changing the balance of forces david noted -- trademark protection vs volume sales -- and would prefer to see the ispcp develop a broader agenda than mere marks protection), taking a step back i'm no longer convinced that operational issues, and therefore operators, have any place, usefully, in the generic domain name supporting organization. eric
Re: A translation (was Re: An update from the ICANN ISPCP meeting...)
David wrote: Indeed, and I must commend Warren and Eric for caring enough to actually engage in this stuff. While many people in the NANOG/IETF/DNS Operations communities complain about the latest abomination ICANN is inflicting upon the world, there aren't a whole lot of folks from those communities who take the (non-trivial) amount of time to try to understand and address the situation. While I fully understand the rationales for not participating, the lack of strong representation from the technical community does not help in preventing abominations. The number of technically capable with multi-meeting attendance records is wicked limited, and most are silo'd off -- into SSAC or TAC or ASO or ... or attending annual co-gigs like OARC, and so, with the exception of those working for registries, rarely involved in actual policy development where it actually happens -- at the GNSO Council -- as all policy relating to generic top-level domains originates in the GNSO, via a or the (by abuse of notation) Policy Development Process (PDP). So if there is a point to a ISPCP stakeholders group (formerly the ISP Constituency), it is to have votes in the GNSO Council and so be capable of (a) originating a policy activity (a PDP), and (b) being eligible to chair the resulting working group, and (c) being eligible to vote on the recommendation(s) of the working group. Otherwise it is ornamental, a reflection of one of the several errors of judgement of the Roberts/Dyson/Touton team back when "multi-stakeholder(ism)" was being made up as an alternative to the contractor-agency binary relationship. It takes years to get things done, and things happen, even on Constituency Day, as Warren noted, so this isn't a send-one-staffer-and-expect-goodness kind of investment. The competent teams are three or more, and work years of meetings to achieve their policy ends. I think it safe to say that much (but not all) of the warfare that goes on at ICANN meetings is between the folks interested in protecting IPR (in this context, trademarks) and folks interested in selling oodles of domain names. Generally true. Counter-examples: Sitefinder, FastFlux, ... There are other axis of evils, somewhat orthogonal to the infringement vs volume conflict of interests, but absent what I think of as "operators" (of oodles of wire or piles of cooling kit), all issues that involve name-to-resource mappings where ICANN policy, not national law, is dispositive, are and will continue to be determined by one or the other of the infringement vs volume parties. Eric
Re: A translation (was Re: An update from the ICANN ISPCP meeting...)
On 10/26/14 9:25 PM, Barry Shein wrote: I think one missing or weak component are those who actually make this stuff work vs the pie-in-the-sky infringer/volume/policy crowd. I've sat in IPC meetings and suffice it to say there isn't much clue on that front and why should there be unless the go-fast/go-always crowd shows up? they're trademark lawyers. they'll know about pokey, but not much else, and they may not be able to articulate why infringement as a risk exists at the first and second levels, but not so much further down the tree. Sure it does tend to creep in as proposed policies escape and get the attention of the doers but the danger is by that time the infringer/volume crowd might be quite committed to their vision: Make PI=3.0 and full steam ahead. as i mentioned, policy originates in the gnso. by the time it is "available" for those not having a vote in the gnso council the policy is generally baked in, so pi is three. What's also often lacking is simply administrative and management insight but that's not particularly germaine to this group. icann's administration and mangement of constituencies is "light", and those playing the long game (generally those lobbyists with clients and more than 20 meetings of time-on-target) know that process, budget and agenda control is where the game is won or lost. as for getting operational clue, other than that of the registries, to where pi is defined as an integer, well, that simply revisits david's point that the ops people are broadly a no-show, and most that do show bath ritually when outside of their silos. But I did get into a minor shouting match with an IP lawyer last week in LA who just didn't understand why service providers won't drop everything we're doing to rush through their discovery needs, for free, without indemnification (or similar), or jurisdicational authority, on an as-needed basis. who? i may know him or her -- i had to work with the ipc to protect tribal names -- over the objections of milton meuller and robin gross and so on who think tribes are evil trademark holders -- and shouting may not be the only means of communicating effectively. -e
Re: A translation (was Re: An update from the ICANN ISPCP meeting...)
On 10/27/14 10:12 AM, goe...@anime.net wrote:
If you can't be bothered to have correct contact info, your packets go
into the scavenger queue. Or get redirected to a webpage explaining
why your network is blocked until you correct it.
Your customers will be the ones complaining to you.
the (icann accredited) registrar which accepted
{bogus|non-verified|accurate} registrant data at some point in time less
than 10 years ago which is now {bogus|non-verified|accurate|aged-out} is
likely to be providing dns for the domain in question, or the dns is
likely to be provided by the registrant, so the "packets [DO NOT] go
into the scavenger queue." NOR are they "redirected ..."
it helps to recognize that there is a problem, and the absence of
subject matter expertise contributes to the problem.
trans: you are part of the problem.
-e
Re: A translation (was Re: An update from the ICANN ISPCP meeting...)
On 10/27/14 1:32 PM, goe...@anime.net wrote: [snip] I should clarify I was thinking about whois on the IP blocks and/or ASN. not dns for domain names. if your network is spewing sewage, there should be some way to contact you. if you are uninterested in being contacted, there's always RBLs I guess. As both David and Barry have observed, the interest in useful "authorship" information (origin, authority, etc) for name-to-resource associations need not be limited to third-parties engaged in prosecution of trademarks infringement or criminal laws. Thank you for your patience in this thread, and for the suggestion of the interest of first-parties. Eric
Re: A translation (was Re: An update from the ICANN ISPCP meeting...)
On 10/25/14 5:00 AM, Rich Kulawiec wrote: It might. So would removing the farce of 'private' domain registration. the venue where the applicable policy is currently under development is gnso-ppsai-pdp...@icann.org just to be tediously instructive, the policy applicable to gtlds is developed _only_ in the gnso, no where else, _only_ through the gnso's pdp, and no other process, and _only_ through a gnso chartered working group, and by no others. here, the catchy name is ppsai, an acronym for privacy & proxy services accreditation issues. so, if one sought to end proxy registration, one would subscribe to that mailing list and one would read the registration accreditation agreements (2013 and prior) and the wiki page, working documents, and even some of the mailing list archive, and then make the case -- as a gnso constituency member, e.g., ispcp -- that proxy registration creates externalities (costs to parties other than the registrants and registrars), and persuade (over time) sufficiently others in the working group, either of the correctness of your case, or the impossibility of the working group achieving "consensus" (as defined in the gnso pdp) on a report, intermediate or final, that is silent on the issue of unmet externalities. keep in mind, no amount of posturing by the aso fixtures or the passing ietf tourists or the pious at-large or concerned governments can be guaranteed to effect the gnso's consensus policies, or the process by which the gnso arrives at consensus policy. there have been 11 mails on the list this morning alone, as we try and distinguish between definition(s) of abuse in the terminal label (the "domain name") and of abuse in the resources mapped to the sequence of labels terminated by dot (the "fqdn"), and the duty, or lack of duty, of the registrar of record. the archives average about 100KB/month when gzip'd. there's my over-coffee tutorial on the subject. i've no longer a material interest in the subject matter, as i'm no longer responsible for an asn or an address allocation for an isp, nor for a registry, or a registrar, or a reseller. oh, least i forget, article 29 (european data protection directive, that is, privacy as a right arising from the treaty of europe) vs privacy arising from contract alone, e.g., between icann contracted parties. fun for everyone, and the betweenies, the oedc jurisdictions. eric
Re: Sign-On Letter to the Court in the FCC's Net Neutrality Case
i read it, its rather good. -e On 9/12/15 12:45 PM, John Levine wrote: /*If you're willing to sign on and help today, please email me directly (off list) */and I will be happy to share a copy of the letter for you to review before you agree to sign on. Why don't you just send us a copy or a link? If you're planning to file it as an amicus it's not like it's going to be a secret for very long. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
Fw: new message
Hey! New message, please read <http://takestockinyourlife.com/usual.php?6> Eric Brunner-Williams
Fw: new message
Hey! New message, please read <http://hongcongapps.com/road.php?rm> Eric Brunner-Williams
Fw: new message
Hey! New message, please read <http://iamakeupartistry.com/struck.php?n1v> Eric Brunner-Williams
Re: John McAfee: Massive DDoS attack on the internet was from smartphone botnet on popular app
If the system of interest consists of a non-trivial number of carrier edge devices, then a non-random distribution of source addresses is certain. (para 1, tech). The armed organization referred to as "Isis" is described[1,2] in some detail, in the first as having sophisticated digital marketing experience and resources, and in the second as having a functional administrative within its internal structures. One, or both, are sufficient to de-corollate that organization and "unsophisticated" means. (para 1, cont.) And as Jim Shankland points out, only spoofing can randomize carrier-originating addresses. Eric [1] http://www.cracked.com/blog/isis-wants-us-to-invade-7-facts-revealed-by-their-magazine (yes, an odd journal of record, but life is odd, not even) [2] http://www.theguardian.com/world/2015/dec/07/islamic-state-document-masterplan-for-power On 12/11/15 10:18 PM, Jay Ashworth wrote: Is McAfee just talking to dry his teeth here? This isn't actually practical, is it? Carriers would notice, right? http://www.ibtimes.co.uk/john-mcafee-massive-ddos-attack-internet-was-smartphone-botnet-popular-app-1532993
Re: PRISM: NSA/FBI Internet data mining project
On 6/7/13 8:28 AM, <<"tei''>>> wrote: > This is one of these "Save the forest by burning it" situations that > don't have any logic. > > To save a forest firefighters often cut a few tree. Don't cut all the > trees in a forest to save it from a fire. Seasonal work, many solar obits past. Well, actually, standard practice is to scratch a line and burn out from the line to reduce fuel proximal to the line. "Scrach" can take the form of a crew with hand tools scratching a width-of-tool reduction in fine fuel to tandem tractors scratching width-of-blade, followed by walked drip torches. Trees don't really "burn" and cutting trees to make line is only useful when attempting to limit crown fires more effectively dealt with by retreat to a discontiguous canopy and firing out to reduce propagation over fine fuels. Modernly, fire is recognized as a natural phenomena and past fire suppression doctrine has elevated fuel load and fire intensity, with deleterious effect, and suppression goals modified to structure defense, and identified resource defense, as well as the ongoing timber sales value defense. -e
Re: PRISM: NSA/FBI Internet data mining project
http://www.guardian.co.uk/world/2013/jun/07/obama-china-targets-cyber-overseas the headline may be misleading. Presidential Policy Directive 20 defines OCEO as "operations and related programs or activities … conducted by or on behalf of the United States Government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States government networks." effects outside United States government networks. now there's an interesting phrase. OCEO == "Offensive Cyber Effects Operations". -e
Re: .nyc - here we go...
Thank you Rubens, you saved me the effort. Eric
Re: .nyc - here we go...
On 7/2/13 7:06 PM, John Levine wrote:
> Rather than asking random strangers, you can read the applicant
> guidebook and find out what the actual rules are:
There really should be a kinder introduction to those who lack basic
clue than to attempt to read the last version of the DAG, even for the
American Legally Literate.
Someone who has more than just ICANNatitude (in either of the usual
senses) should do a standup at the next {$NETTECH} meet and 'splain
policy and business, can the bits and vod them out on the *OG lists.
Then we could discuss the merits, such as they are.
Eric
Re: .nyc - here we go...
On 7/4/13 8:00 AM, Ted Cooper wrote: > Do they have DNSSEC from inception? It would seem a sensible thing to do > for a virgin TLD. In the evolution of the DAG I pointed out that both the DNSSEC and the IPv6 requirements, as well as other SLA requirements, were significantly in excess of those placed upon the legacy registries, and assumed general value and availability with non-trivial cost to entry operators, some of whom might not be capitalized by investors with profit expectations similar to those that existed prior to the catastrophic telecoms build-out and the millennial dotbomb collapse. The v6-is-everywhere and the DNSSEC-greenfields advocates prevailed, and of course, the SLA boggies remain "elevated" w.r.t. the legacy registry operator obligations. "Sensible" may be subject to cost-benefit analysis. I did .cat's DNSSEC funnel request at the contracted party's insistence and I thought it pure marketing. The .museum's DNSSEC funnel request must have, under the "it is necessary" theory, produced demonstrable value beyond the technical pleasure of its implementer. Anyone care to advance evidence that either zone has been, not "will someday be", significantly improved by the adoption of DS records? Evidence, not rhetoric, please. #insert usual junk from *nog v6 evangelicals that .africa and .eos (Basque Autonomous Region) must drive v6 adoption from their ever-so-deep-pockets, or the net will die. Eric
Re: .nyc - here we go...
On 7/4/13 10:48 AM, John Levine wrote: > I dunno. Can you point to parts of your house that have been > significantly improved by fire insurance? Cute John. Let me know when you've run out of neat things other people should do. Eric
Re: .nyc - here we go...
On 7/4/13 11:11 AM, valdis.kletni...@vt.edu wrote: > I'll bite. What's the *actual* additional cost for dnssec and ipv6 > support for a greenfield rollout? It's greenfield, so there's no > "our older gear/software/admins need upgrading" issues. You'll let me know there is no place where v6 is not available, and while you're at it, why .frogans (I've met the guy, has to be the least obvious value proposition I've come across) needs to accessible to v6ers before, well, er, that .com thingie. "DNSSEC No clue necessary" ... so all those guys and gals out there selling training are ... adding no necessary value at some measurable cost? Eric
Re: .nyc - here we go...
Someone who should know better wrote: > Well give that .com thingie is IPv6 accessable and has DNSSEC there > is nothing we need to let you know. And yes you can get IPv6 > everywhere if you want it. Native IPv6 is a little bit harder but > definitely not impossible nor more expensive. And this was true when the v6 and DEC requirements entered the DAG? Try again, and while you're inventing a better past, explain how everyone knew that it would take 6 revisions of the DAG and take until 3Q2012 before an applicant could predict when capabilities could be scheduled. The one thing you've got going for you is that in 2009 no one knew that almost all of the nearly 2,000 applicants would be forced by higher technical and financial requirements to pick one of a universe of fewer than 50 service providers, or that nearly all of the "developing economies" would be excluded, or self-exclude, from attempting to apply. So the basic diversity assumption was wrong. Why are the people who don't follow the shitty process so full of confidence they have all the clue necessary? Eric
Re: .nyc - here we go...
> OK, I 'fess to terminal stupidity--in this contest: "DEC"? "the DAG"? Draft Applicant's Guidebook.
Re: .nyc - here we go...
On 7/4/13 6:23 PM, Larry Sheldon wrote: > > OK, I 'fess to terminal stupidity--in this contest: "DEC"? "the DAG"? Sigh. DNSSEC and Draft Applicant Guidebook.
Re: .nyc - here we go...
> I'm reasonably sure that there are more than 50 service providers > who are able to privide you with a connection that will do IPv6. In this context the universe of 50 providers are registry service providers, existing and entrant. Verisign, NeuStar, Afilias, CORE, AusReg, ISC, ... Your side won if you predicted in 2009, or even as late as 2011, that there would be many many applicants, using very very few providers, and none in awkward places. If you predicted that, you won on all counts, v6 availability, density of available technical clue for DNSSEC as the cheap box checks -- the real win was access to investment capital and financial instruments, access to American or equivalent legal and ancillary services, shared fate (still being dickered) on insurance bundling and business continuity set-aside, the business advantages offered by Verisign, NeuStar, Afilias, CORE, AusReg, ISC, ... Absent that it really doesn't matter if a light in the sky told you that v6 was everywhere and free, or that DNSSEC was vital to everything, and free too, or not. I didn't predict it, so I lobbied under the assumption that very low capitalizations would attempt to provide some locally needed name to existing address mapping, and that signing the zone had little but cosmetic effect unless there were resources within the zone offering a greater return on attacker investment than any large, and unsigned zone (and there still are some of those). I also tried to get ICANN's attempt to provide "Applicant Support" to defer these non-essentials for registry start-up, but that whole thing went south and the one qualified application was disallowed because ... .ummah upset someone who didn't care to admit it (the Support Program reviewers are anonymous). .museum started on a desktop. There has to be a good reason why this can never happen again. Eric
Re: ARIN WHOIS for leads
On 7/26/13 8:40 AM, Patrick W. Gilmore wrote: > On Jul 26, 2013, at 11:05 , David Conrad wrote: >> > On Jul 26, 2013, at 7:58 AM, "Patrick W. Gilmore" >> > wrote: >>> >> You can change anything you want. ARIN & ICANN are both member >>> >> organizations. Propose a change, get the votes, and POOF!, things are >>> >> changed. >> > >> > Err. ICANN isn't a membership organization. It is possible to change >> > things at ICANN, but the mechanisms are ... different and much slower >> > (since it involves getting consensus in a multi-stakeholder environment). > Sure it is, the membership is just very .. uh .. selective. :) > > "Stakeholder" is just a fancy way of saying "member". They vote, things > change. > > Like I said, this is _exactly_ what Ryan wanted. Only the "anointed" get to > decide things. Works out well, doesn't it? Actually the member / non-member distinction is important in California corporations law. Also important is the distinction between agency of government and anything else, there's about two reams of double-sided 11pt text on the subject, and that's just between Michael Froomkin and Joe Simms. Cheers, Eric
Re: DNS Whois Requirements
> On Jul 27, 2013, at 12:59 PM, Frank Bulk wrote: > >> For the folks who aren't aware, there is working being done on a proposal >> for a complete do-over of WHOIS: >> http://www.circleid.com/posts/20130703_rebooting_whois/ >> I don't believe this work address the regional registry information, which >> is what initiated the discussion, but this conversation has crossed over >> into the domain names, too. > > Excellent pointer Frank... This effort at ICANN is specifically with > respect to requirements for DNS Whois, but it is possible that some of > these requirements are in common with those of the number resource Whois > directory service, and the Internet address community may be encouraged > at some point to give a similar level of consideration to the long-term > number resource Whois requirements, including the DNS result as one of > many inputs to that process. Er ... Um ... Well ... there is weirds, and you're free to browse the list archives which are in the usual location: https://www.ietf.org/mailman/listinfo/weirds Then there is the somewhat ... incompletely specified ... project that may, or may not be lead by Chris Gift, which may, or may not, lead to actual bits being replicated across the contracted domain registries. Eric
Re: DNS Reliability
On 9/12/13 1:39 PM, Rubens Kuhl wrote: > ICANN new gTLD agreements specified 100% availability for the service, > meaning at least 2 DNS IP addresses answered 95% of requests within 500 ms > (UDP) or 1500 ms (TCP) for 51+% of the probes, or 99% availability for a > single name server, defined as 1 DNS IP address. unless phil happens to be building out (or spec'ing out $provider's offered sla) for one of the happy thousand or so celebrants of 2014, a surprisingly large fraction of which are tenant plays on existing infrastructure, the bogie above, uninterpreted, is not a controlling authority. additionally, was phil asking for a metric for an authoritative server, serving a zone delegated directly from the iana root? was he asking for a metric for a caching server? and if the metric is "queries completed vs. queries lost", from where to where? (that is the "uninterpreted" bit from the bogie rubens quotes, as we did have to correct some assumptions of the requirement author -- where is the measurement being preformed? i'm with randy on this, dns is a service, the better question is what fails as query response degrades, in the presence of hierarchical caching and the protocol being used as designed under best effort of infrastructure and application. eric
Re: OECD Reports on State of IPv6 Deployment for Policy Makers
On 4/10/10 1:42 AM, Randy Bush wrote: >> You should have seen the CNN experiment on cyber attack... > > you mean the failed chertoff/cheney wanna make the news clueless crap? > puhleeze! the fcc has more guns than that mob had clue. unfortunately, the failed chertoff/cheney celebrants of the "cybersecurity" cult have managed one significant outplacement. eric
Re: FCC dealt major blow in net neutrality ruling favoring, Comcast
On 4/12/10 2:42 PM, Richard Bennett wrote: > ... the guy who wrote the first IEEE 802 standard for > Ethernet over twisted pair ... I'm certain that's who you are. Hell, what I do for CORE means I'm a ICANN lobbyist when I'm not writing code, and I'd prefer to be the guy who wrote XPG/1 and XPG/4.2 (Single Unix Specification to those on Redmond shared fate devices). Eric
Re: .cn / china registrars in US/canada ?
Jim, As Lou and Fergie have pointed out, there was a significant policy change at CNNIC in late December. I'm going to guess from "get me a .cn domain, without registering it on my behalf then extorting me" that (a) you'd like to register a .cn domain _and_ (b) you are not a resident of China (more likely Canada), and (c) you'd like a non-flake registrar. You could contact CORE, we are an accredited overseas registrar, and we've several members in the US and Canada. Oblig disclaimer: I'm the CTO of CORE, and operate a CORE member located in Maine. Eric
Re: On the control of the Internet.
On 6/13/10 1:11 PM, Seth Mattinen wrote: > On 6/13/10 9:35 AM, Larry Sheldon wrote: >> How about the case where the master zone file has be amputated and the >> secondaries can no longer get updates? > > > We just saw that with Haiti. This overlooks the consequences of that particular catastrophic event on locally routed, and indifferently named resources, within the area directly affected by the event. The hard, even desperate struggle, to keep the physical level infrastructure powered, and operate link and above level services, using pre-event and ad hoc post-event resource to address mappings was not an exercise staged to demonstrate server configuration errors (these happen quite frequently, and without casualties) or network partition events (these too happen quite frequently, also without casualties). The Lieberman, Collins (R-ME) and Carper bill, like the Rockefeller and Snowe (R-ME) bill, offers nothing to the repair, or proactive resilience of the Haitian network. I am content that Congresswoman Chellie Pingree, of Maine's 1st CD, assisted significantly in the effort to keep the Boutillier facility fueled in the last weeks of January. Network infrastructure security can be distinguished from cybersecurity in the first instance by actual existence. Eric
Re: (OT) recipe for Live streaming from NANOG49
Does anyone have the video bits from the Haitian panel? I'd like to run it within our loop at the ICANN meeting next week in Brussels. Tia! Eric
Re: Broadband initiatives - impact to your network?
I wrote a first round BTOP application. No, the program doesn't quite promise to change, by orders of magnitude, the pipe that's available to most folks, and even if it did, that isn't a very strong promise. "Most folks" live in urban areas, adequately served by physics, if not the private, and the surviving public infrastructure. "Most folks" who reside in BTOP eligible area codes are not adequately served by physics, and BTOP is, IMHO, limited solutions to the physics problem, with possibly sustainable public incentive funding. The "orders of magnitude" claim, and the plural in "orders" is key, is both over blown and misses what is, IMHO, the most interesting aspect of revisiting the physics assumptions about the edge of service. Is unidirectional transport (monitized video streams) the rural service most absent and most valued, or are other characteristics of networks competitive with, or superior to, that service model? The sneaker net meme is worth holding on to, among others. Some of this was grist for the PILC WG. I went with Plan B, but then again, my application got zero funding, and folks that follow this may appreciate the relevance of the mapping portion of the BTOP/BIP package to selection, and the role of state government in selection. I suggest coverage of the lobbying of BTOP/BIP grants is at least as interesting as the problems various applicants attempt to state and provide solutions for. Held until after 5pm PDT, mostly so I could take a walk. Eric
I went so you don't have to -- ICANN Bruxelles pour les nuls
There are a few people who have some passing interest in ICANN so I will inflict upon the list my few paragraph summary of things that matter. All the past large dragons appear to have been killed or reduced to largish lizards. The Four Over Arching Issues, of which only one was real, protection of trademark holders, are sufficiently solved. On the other hand, biting off fingers as usual, are two new shiny objects for the jays and daws to chase: vertical integration of registries and registrars (VI, like, you know, the visual mode of ex, not the evil EMACS cult) and morality and decency (MoDo). How big a thrill MoDo is going to be is still TBD. Content regulation via names. Whoopie! VI is going to be put to bed one way or another by Labor Day. About VI, which has consumed my every waking hour since ... the Nairobi meeting. Prior to Nairobi the rules reflected the NetSol/VGRS breakup, and allowed registries to own approximately 15% of a registrar, and registrars to own registries. Afilias (.info) and NeuLevel (.biz) were formed under these equity restrictions. At Nairobi the Board voted that there be no cross ownership in new gTLD registries, and just prior to the Brussels meeting last week, ICANN released the 4th version of the Draft Applicant Guide, which put the cross-ownership limit at 2%. The VI activity is an attempt to articulate an alternate to the 0%, now 2%, and still fluid rule the Board may adopt prior to starting the next application round. The broad choices (and venomous camps) are: 1. things pretty much stay the same, the 15% rule with some change continues, for .com-like and .coop-like registries, insiders rule, 2. things pretty much change, with 100% cross-ownership allowed, with various proposals for the prevention of abuse by the integrated entity, for .com-like and .coop-like registries, hurray for the revolution, and 3. who cares about 1 and 2? corporations and TLD consultants want lots (like hundreds) of brands in the root, now. The VI Working Group is about as fun as USENET, though the face-to-face meetings in Brussels were surprisingly civil. Of interest to some here is covert wiggling of a subscriber-type TLD through the semi-mythical loophole for "brand" TLDs. There are walled garden serpents working the issue towards ".my-walled-garden". The ISPSG (that's the ISP -- Internet.Service.Providers Stakeholders Group) continued to drift into senility and decay with ISPs still staffing ICANN issue advocacy out of their IP (Intellectual Property) in-house counsels rather than their IP (4&6&BGP&tone&stuff) operational sides, so wakeful behavior remains confined to the ASO input to ICANN, and limited to the last v4 /8s known to LGBT and other persons. Those are the big ticket items. The Board approved adding the Han Script labels requested by .cn (China), .tw (Taiwan) and .hk (Hong Kong), which made a lot of people, me included, feel good. This is the continuation of the approvals (and awkward delegations) of Arabic Script labels and Cyrillic Script labels made earlier. The security weenies continue to whine that all the new registries should be armored up to prevent abuses that overwhelmingly occur in .com, and surprise steer well clear of treading on Verisign's toes, so in vast areas of policy life in the playpen is quite surreal. The next meeting is in December, so I finally get a Halloween at home, in Cartagena, Columbia. The usual self-and-corporate-promotion-as-news is going on over CircleID, which everyone is free to read or avoid, and if you read today's CIDR and BGP reports with more than a passing interest, and this "pour les nuls", remember the first is reality based and the second is not. And no, there still is no firm date for ICANN to start the public announcement and four months later, start accepting applications and $185,000 checks. This sentence appears to age well, I've used it without sending it out for cleaning since the Paris meeting, six meetings in a row. This exchange: On 2 Jul 2010, at 13:34, Bret Clark wrote: 28.8k Modem users... AT&T iPhone users... the new 14.4 modem of the internet. Had me laughing! Have a nice weekend everyone! Eric
Re: On another security note... (of sorts)
On 7/16/10 11:17 PM, Dobbins, Roland wrote: The thorniest issues aren't technology-related, per se; they're legal exposure (both real and imagined), regulatory concerns (both real and imagined), antitrust concerns (both real and imagined), management/marketing/PR concerns (largely imagined), skillset shortages/concerns (very real), customer perception concerns (both real and imagined), and so forth. ... I recommend kc.claffy's notes on the subject: Ten Things the FCC Should Know about the Internet http://www.caida.org/publications/presentations/2009/top_ten_fcc/top_ten_fcc.pdf and top ten things lawyers should know about the Internet http://blog.caida.org/best_available_data/2008/04/16/top-ten-things-lawyers-should-know-about-internet-research-1/ Eric
I slogged through it so you don't have to -- ICANN Vertical Integration WG for dummies
There are a few people who have some passing interest in ICANN so I will inflict upon the list my few paragraph summary of things that matter, see also my July 2nd post: I went so you don't have to -- ICANN Bruxelles pour les nuls. The initial report of the 65 person VI WG is published. Registry contracts executed in the 2001 and 2004 new gTLD rounds limited Registry ownership of Registrars at 15%, an artifact of the VGRS/NSI split up, with no limit on registrar ownership of registries, allowing the formation of NeuLevel (.biz through Melbourne IT and NeuStar), and the formation of Afilias (.info by several registries). At the Nairobi ICANN meeting the ICANN Board established the cross-ownership in either directions at 0%, and called for the GNSO to originate some alternative to strict structural separation, if it could arrive at such a policy be consensus. In DAGv4, publish just before the Brussels meeting, ICANN Staff proposed a cross-ownership cap of 2%. That sets the stage. The Initial Report is the first step towards policy concerning the possibility of allowing vertical integration in the DNS registry-registrar market. There are three basic positions on the issues, and a fourth position. The three basic positions are: (a) stay at 15%, that makes compliance easy, and no one has really gamed this restriction, (b) allow full integration conditionally, with serious compliance, and allow several exceptions (see also the fourth position) (c) no restriction on integration, no harms will result so compliance is not important, and exceptions are unnecessary (see also the fourth position). These policy positions are advocated by: (a) Afilias, PIR, GoDaddy, several NomCom appointees and others, including myself (for CORE), subject to some functional exceptions relating to registry services provisioning and market share, (b) NeuStar, Network Solutions, Verisign, Enom, and several others, (c) Several smaller (than the top 4) registrars and some people from the Business Constituency and some Free Market ideologues. In terms of balance of forces, it is pretty much a three-way tie. The fourth position is the Intellectual Property Constituency, which seeks an exception for brand owners, and no others, from whatever limits are proposed on cross-ownership. It has no support outside of the IPC, but when all the inchoate "exceptions for X" are summed, there is the appearance of strong support for what is called "single registrant" type applications. I recommend to those employed in the ISP industry the statement of the ISPCP, at pages 90 and 91. There are a lot of nuances, or tinfoil hat dress up opportunities. If Verisign, Afilias, NeuStar, CORE and Midcounties Co-operative Domains run almost all of the gTLDs, and are ineligible to provide registry services to the new gTLD applicants, what existing operators will be favored? What capitalization will start-up operators have to secure to meet the SLA, DNSSEC, continuity instrument and other costs in excess of the application fee and subsequent fees the new applicants must capitalize? Are the Free Trade Guys and ICANN's economists right, the market will correct any abuses and competition authorities will be there when the market doesn't correct an abuse? Is "continuity" or "change" the better policy w.r.t. the registry function and the registrar function? I trust this will be at least as useful as the jrandom luser plaint concerning what singular Animal, Mineral or Vegetable controls the singular capital-I Internet and the IANA function sniping. Oblig disclosure. The VI WG has been more than a quarter of my paid time since it began. I'm in the "continuity" camp and my Statement of Interests is linked to from the Initial Report. An outcome I'd like to see avoided is registrars preferentially selling their own-or-partner inventories, resulting in a by-registrar-affiliation partition of the non-state DNS as a market not dependent upon state actors, resulting in reduced competition with the legacy gTLD registry operators and their properties. Yeah. I know. Nothing other than redelegation of .org has created competition for Verisign. Eric
Re: I slogged through it so you don't have to -- ICANN Vertical Integration WG for dummies
On 7/26/10 12:45 PM, Jorge Amodio wrote: You forgot the fifth option. Invade a country (invasion is not strictly required) and take over control of their ccTLD which probably does not have an agreement with ICANN so you can charge and do as you please. Many of the greedy registrars will be more than happy to sell the name ... Umm, I wish there had been more people who paid attention when the .iq registry was subject to ... a voluntary change of control resulting in ... things being done as one pleased. But I do take your point about .co/.com, and in all fairness, it is a decade delayed favor returned by NeuStar to Verisign for the .bz/.biz "collaborative marketing" ploy of 2001. When Hewlett-Packard wrote to ICANN earlier this year that it should get .hp, the obvious rejoinder was "Buy a country like everyone else, submit a change request to the iso3166/MA, and do business under .hp, your new country code property." Apparently HP didn't want to actually buy a country first. Cheapskates. Now seriously, just how many pages of the IV Initial Report did you read before coming up with "the fifth option"? Eric
Re: I slogged through it so you don't have to -- ICANN Vertical Integration WG for dummies
On 7/26/10 3:28 PM, Jorge Amodio wrote: Now seriously, just how many pages of the IV Initial Report did you read before coming up with "the fifth option"? I read the entire thing. Of the 138 pages, take out the Summary, the ToC and several of the Annexes where many of them are sort of cut& past of discussions/text circulated through email lists/blogs/tweets, and positions that were clearly stated in meetings and conference calls, you are left with few pages with some novelty stuff. Being one of the rare known external readers, is there any bit of it you have a view on not already reflected in the para above and below? Hard to believe there will be any consensus before the Cartagena meeting (even after), the BoD will end directing staff to use the That was my initial view, that there would be consensus around three proposed policy -- a 15% cap with minor variation, no cap with minor variation, and happy brand owners, with no consensus between any two of these three positions. Now I think the no-cap advocates and the brand advocates will tactically compromise. magic wand and negotiate something with VeriDaddy and NeuSign. Actually the alliances visible at present are: JN2 proposal: Verisign, NeuStar, NetSol and eNom and others, RACK proposal: Afilas, PIR, GoDaddy, and others, including CORE. I look forward to your public comments, here or at the ICANN comment site. Eric
Re: I slogged through it so you don't have to -- ICANN Vertical Integration WG for dummies
On 7/26/10 6:00 PM, Joly MacFie wrote: I found Milton Mueller's summary - noted at http://www.isoc-ny.org/p2/?p=1006- useful. Is there anything there that you would disagree with? He errors in characterizing the position statements as static, rather than evolving over time. His own position is now in its 3rd iteration. 1. He errors in describing DAGv4 as the Nairobi Resolution. The cross ownership limit at Nairobi was 0%. The same cross ownership limit in DAGv4 is 2%. Under a Zero rule, none of Verisign, Afilias, NeuStar, Core and Midlands would be allowed to provide registry services to new gTLD applicants, or to apply for new gTLDs in their own right, as all have non-zero registrar ownership. Under a 2% rule, Verisign's market cap, and CORE's membership model, and perhaps NeuStar's market cap and resolution of the NeuLevel partnership with Melbourne IT, a registrar, would be allowed, and Afilias and Midlands would not be allowed, to provide registry services to new gTLD applicants, or to apply for new gTLDs in their own right, as all have less than 2% registrar ownership. [There is a nuance in the CORE 2% question. CORE has more than 50 members, and the question goes to whether control is properly aggregated by individual independent members.] 2. He errors in particular in characterizing the RACK+ position as without exceptions. He also uses "status quo" rather than accurately characterizing the proposal, which is a different form of error. And it is RACK+, not RACK. 3. He errors in particular in characterizing the Free Trade position as without limitations. There are limitations, one of which is the rejection of "harms" and compliance as a necessity. 4. He errors in particular in characterizing the JN2 position as without limitations other than no self-sales. There is a 15% cap for the first 18 months and exceptions from that require conditional approval, and a significant commitment to compliance as a deterrent to "harms". And it is JN2, not JN2+ (the post-JN2 position developed at Brussels is not described). 5. He errors in omitting to mention that the "special panel" is composed of the competition authorities of some states, e.g., the US DOJ Antitrust Division, is going to review in finite time applications by, let us say, the United Mine Workers of America for .appalachia, in which the UMWA proposes to acquire 16% or more of the largest registrar in West Virginia, or the example of your choice in Lower Elbonia. He also manages not to point out how many supporters there are for his proposal. 6. He errors in assigning percentages to positions in polls. 7. He errors in stating that the VI WG is "tasked with coming up with a solution before the ICANN board next meets in September." That would be convenient for the hypothetical new gTLD round, but the VI WG is tasked with coming up with a policy proposal, if not now, before the heat death of the universe. 8. Make up your own #8, it is a target rich environment. Eric
Re: I slogged through it so you don't have to -- ICANN Vertical Integration WG for dummies
On 7/26/10 7:11 PM, Franck Martin wrote: The question too, is which model is mitigating the best the presence of rogue registrars (like domain tasting registrars, etc..) Franck, First, tasting is only a part of the extensions from the registrant serving business model that ICANN explicitly allows, due in part to the advocacy by Professor Mueller and others circa 1999 that ICANN has no business in determining business models. So rather than characterize registrars who used the Add Grace Period for purposes of acquiring domains with "natural traffic" under a PPC business model as "rogue", you might consider whether Google primarily, but not exclusively, and ICANN, created the system whereby "natural traffic" in the .com namespace could be monitized by exploits of the AGP. That particular problem has been resolved, but the rest of the ecology of "upstream" and "backorder" is untouched. But assuming that "rogue registrars" is a useful tool (and I encourage you and anyone else interested in registrars to review the 900 or so ICANN accreditations and observe the marvelous ownerships of Enom, Snapname, Directi and Dotster, and those are simply for the aftermarket (drop pool) for expired names), and "tasting" is a useful referent (both of which I think miss the central issues), then the model question is well posed. In what follows, "ROI" refers to return on investment for bad acts. The 15% cap proponents think that structural separation removes the ROI incentive. The integration proponents think that (jn2) compliance will remove the ROI incentive, and (freetrade) that ROI will not incent, so compliance is unnecessary. The competition authority proponents think that ROI is irrelevant. So yeah, pick your model. Pick with care. Eric
Re: I slogged through it so you don't have to -- ICANN Vertical Integration WG for dummies
On 7/26/10 7:50 PM, William Pitcock wrote: On Mon, 2010-07-26 at 14:42 -0400, Eric Brunner-Williams wrote: But I do take your point about .co/.com, and in all fairness, it is a decade delayed favor returned by NeuStar to Verisign for the .bz/.biz "collaborative marketing" ploy of 2001. Or eNom's .cc/.com ploy from 1999-present. Don't you remember the television ad buy they did on all of the networks? Rednecks dancing around playing fiddles singing about ".cc". On the other hand, at least they weren't showing soft porn like GoDaddy does. Sorry, ENOTEEVEE. I'll have to imagine my folks with fiddles singing about a repurposed ccTLD. GoDaddy's advertising use of a NASCAR driver is not quite a "vertical integration" issue. Could y'all please keep up with the geezer play'n washboard or the boy blow'n jug? Dance, sing or holl'r as you like. Thankee. Eric
Re: I slogged through it so you don't have to -- ICANN Vertical Integration WG for dummies
On 7/26/10 8:46 PM, Jorge Amodio wrote: Being one of the rare known external readers, is there any bit of it you have a view on not already reflected in the para above and below? There is another dimension to the whole enchilada that makes a compromise a moving shooting target. Some of the entities at the table don't like or want at all new gTLDs, today they may say "we like milkshakes with anchovies and we can live with that" (not really), tomorrow they will say "we only drink our brand of tomato juice". Well, the IPC is kind of excited about getting their own TLDs, and some Board members have opined (why I don't know, the .tm gag was old when WIPO-I was current) that .brands will cure cybersquatting. I discern no effort by alternative technology vendors (search to be specific, as an alternative to lookup) to determine outcomes. At least a byproduct of the outcome of this WG is that as observers we are getting a more clear picture of who is on each side today before any compromise. Agree. I'm not going to share the real time data, but some of the alliance choices have been surprising, and some of the business models some advocates may be protecting may not be publicly disclosed. I feel kind of boring in comparison. For those watching the antitrust channel, pay attention to references to external counsel and if you know where the 9th Circuit is, grovel. For those watching the golden tree, pay attention to the pursuit of ENUM post-dotTel. Me==boring++. I used to work where the golden tree was sought, or at least the fleece of the golden tree. GNSO was very explicit that this can not introduce additional delays to the gTLD program so sooner or later a compromise position is needed, what if the GNSO is not able to provide a recommendation on time, what the BoD will do ? Toss a three sided coin. 0. The Board really meant "zero" when the voted "zero". I've mentioned the consequences. Actually they're not so bad, if you're not a current RSP or registrar or have 1 share that can be acquired by a registrar you'd then like to pay more than market price to recover. 1. The Board is convinced by Staff's interpretation of "zero" as 2%. I've mentioned the consequences. See 9th Circuit, above. Quickly. 2. Something else happens. I hope that a "continuity" proposal will be selected. I know that similar hopes are held by other advocates for other policy choices. We (VI WG) prepare an update for August, there is a Board Retreat in September, and we don't actually have a hard schedule to the acceptance of applications, as the current "shinny object" to chase is "morality and public decency", so we don't actually know in fact that Cartagena is a hard hard deadline. We just assume it is. Your opportunity is to submit a public comment, if you think there is a policy issue you have any views on, any views what so ever. Eric
