[governance] RE: Human rights and new gTLDs

Karl Auerbach karl at cavebear.com
Wed Sep 26 03:27:35 EDT 2007 

McTim wrote:

> The basic conceptual mistake you have made is to forget that the DNS
> is a hierarchical, distributed system (RFCs 799, 1034, 1035, 920,
> 1032, etc, etc).
> 
> Now, if you want to put 2 million names in the root zone (instead of
> say for example .com), well you CAN do that, but IMHO you SHOULD NOT.

Three areas in which I believe we have *technical* disagreement, and one 
of policy disagreement:

First, the idea that DNS is hierarchical is true but in a more limited 
way than is generally believed.

In the absence of DNSSEC it is quite feasible for DNS to be a graph 
rather than a hierarchical tree with a single root.  The different root 
groups then serve as portals through which intermediate resolvers find 
the various TLDs.  It works; it is in operation today and has been for 
several years.  And not just on a small scale; I observed the entire 
island of Taiwan doing so.

The issues that people conflate are those of consistency of name query 
answers with singularity of rootness.  The former is a very desirable 
property - it fits with the principle of least surprise.  The latter is 
an undesirable property because it means that DNS would be singular 
point of failure, attack, and control.

As for the number of names in a root zone - I ran some experiments, real 
experiments with real Bind and real computers and real data - in which 
we created a root zone with millions upon millions of TLDs.  (We pretty 
much simply elevated the .com zone of that date up one level to be a 
test root.)  It worked, although the time to load was pathetic because 
the poor machine didn't have enough memory (much less of a problem these 
days.)

The limit on the number of names in a root zone has no clear technical 
upper bound - it's probably in the hundreds of millions.  The limit is 
more likely to be based on the rate of administrative errors and the 
time to reload.  But we know from .com that zones of 60million+ can be 
handled with excellent reliability, and from the point of DNS, 
experience with a TLD zone is directly applicable to experience with 
root zone.

By-the-way, I do not agree that having more TLDs in any way requires 
that the depth of the hierarchy of DNS be diminished.  DNS space 
expansions are not zero-sum; growth in on dimension (such as root width) 
does not mean a retreat of size in another dimension (such as depth of 
the name space.)

Those are the technical issues.

The policy issue is that even if you don't think we need additional TLDs 
why should you be empowered to impose your worldview or rather, your TLD 
sense of aesthetics, onto others?

Remember, way back in the 1970's the telcos did not like the fact that 
we were playing with packet switched networks.  The telcos were 
investing great sums in their answer to all things - ISDN - and they 
said "why should anyone be allowed to burden our circuits with this 
packet switched stuff?"  It was a good thing that their vision of the 
wired world was not imposed to the same degree that has been imposed on 
those who today want to try new ideas with new TLDs.

(By the way I agree with you that nearly every use could go under 
existing TLDs - but I was shown that things like .bank have a good and 
strong argument why they must be a TLD)

The danger that I see in all of these governance movements is the desire 
of good people to impose their sense of morality, there sense of 
aesthetics, their cultural values, and their personal values onto 
others.  What starts out nice can quickly turn into an Kafkaesque web of 
restraint and limitation.

		--karl--
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

More information about the Governance mailing list