|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical An Open Letter of corrections to Mark McLaughlin's Innovation andthe Internet
While I realize that your Perspectives area is a place where various people are allowed to submit editorials, your publication of this particular very skewed piece without checking some of the stated facts within it does not meet CNet's usual standard of journalism. In addition to Mr. McLaughlin's errors or omissions of fact, he makes a number of misleading statements and outright incorrect implications. As such, I will simply address the article paragraph by paragraph, beginning with the bold paragraph being considered paragraph 1. Paragraph 1: It's not about whether innovation should be encouraged. I think if you were to survey the opponents of Verisign's maneuver, you would find that each and every one of them would say they are in strong support of innovation on the internet. What Verisign did was not innovation. It was a move to line their pockets with significant additional revenue while simultaneously abusing their monopoly position in control of a resource contracted to them to manage in the public trust. They do not OWN the domains that they modified, instead, they are entrusted with the management of said domains (namely .NET and .COM). None of Verisigns competitors is in a position to place wildcard records in these zones, so, Verisign also was abusing it's position of public trust to gain unfair advantage over competitors. Paragraph 2: The error page simply indicates that they URL they typed involved the name of a host which did not exist. Verisign ignored the fact that DNS does not only effect web services. While it is true that some may say that this is an improvement for web browsers, it creates significant problems for other applications. More on this below. Paragraph 3: Site finder is not about improving the user experience. If it were, Verisign would have solicited public input prior to inflicting this change on a critical are of internet infrastructure. Verisign is now launching this PR campaign to try and make ICANN look like the bad guys for finally saying no to Verisign's repeated abuses of their position. Site finder is about profits for Verisign. In fact, substantial profits on the order of Millions of dollars per day. This is why they were so reluctant to take it down in spite of a polite request from ICANN. ICANN had to point out that Verisign was in violation of several clauses of their contract and threaten them with legal action to get them to comply. Paragraph 4: Similar services were tested in a manner which did not break existing infrastructure for non-web oriented applications which were well known on the internet. Verisign didn't do any testing, they simply unleashed this on the two most popular top level domains without review, notice, or even a heads up to the operational community. In fact, the first notification to the NANOG (North American Network Operators Group) mailing list by Verisign came several hours after the debate had already started. Verisign's site finder service didn't trigger debate because they hadn't been tried for .com and .net, it triggered debate because it disrupted services, constituted a change which was not subjected to appropriate public review beforehand, and, represented a cavalier and mistaken attitude by Verisign that these top level domains were theirs to manage however they saw fit. These domains have a long history on the internet, and, they have always been considered a public-trust type of resource. The contract to Verisign to manage these domains clearly calls for Verisign to manage them in the public interest. This was Verisign managing the domain in their own interest, the public be damned. While it is true that during the three weeks it took to get Verisign to fix their abomination, DNS continued to function for most visible levels, the internet continued to route packets, and, most things functioned as before, that does not mean that their change did not break things. As an example, prior to Verisign's change, if I sent an email to [email protected] intending to send it to [email protected], I would get an answer back immediately saying "noexist.com" does not exist. After Verisign's change, their mail rejector would either simply drop my mail in a black hole, or, when it was too busy, fail to respond for long periods of time. Either way, since I don't get an error message, I don't know that my mail didn't get through. Another problem comes from anti-spam utilities which depend on being able to determine if a domain name being used in mail exists or not. Verisign rendered it virtually impossible, because, under their proposed system, all domains exist in DNS. They essentially eliminated a vital and useful error message from the internet, instead choosing to make everyone use their error handler. Without going through the IETF and RFC processes, this is an unacceptable move on their part. Of course, IETF would never approve such an action and Verisign knows it. Further, if a domain expired or was accidentally removed, most software is designed to deal with NXDOMAIN responses (the error code returned prior to Verisign's actions) in a manner that allows this to be resolved without serious consequences. With Verisign's change, however, it becomes fatal. Imagine if you are looking for CNET.COM, but, due to a clerical error, CNET.COM has been removed from the DNS. Now, instead of getting an error saying that the site could not be located, you get Verisign. All your mail for CNET.COM, instead of getting queued and waiting for it to reappear for several days now instantly disappears into a black hole. I would think, if you were CNET.COM, in this case, you would be upset. Paragraph 5: ICANN bought into the claims that very specific things were broken by Verisign's actions. Those claims are true. The effort of Verisign to deceive the public into believing that this is not true and that ICANN caved under pressure from zealots and purists is a grossly inaccurate characterization of what happened. The pressure came from the operational community, the research community, and, end users. Sure, for some, technical purity and religion may be an issue. For most, we were far more upset that real applications in real use for real economic purposes were being interrupted or hampered by this unannounced, unprecedented, and, unacceptable change. Paragraph 6: This vocal minority is the MAJORITY of the people actually keeping bits flowing on the internet. It is, admittedly, not the majority of users of the internet, but, it does represent the majority of internet service providers. It represents the connectivity of the majority of users on the internet. Most end users don't even know what DNS is, let alone what happens when it is changed. It's not about resentment of use for commercial purpose. I'm sure there are people out there that think the internet shouldn't be used for commercial purposes. The majority of the outcry, however, came from people trying to make a living out of keeping the internet running for commercial purposes. Mr. McLaghlin and Verisign seem, instead, to have ignored the fact that there's more to the ineternet that matters to our economy than just Web Browsing. Paragraph 7: They can disagree with purists all they want. The problem is that here they are disagreeing with the actual operators of the internet who are not trying to hold the internet back, but, keep it functioning. Paragraph 8: Throughout that history, the debate has been held in public and actions and changes to standards on the internet have been based on a combination of rough consensus and running code through a public process known as the IETF (Internet Engineering Task Force). Verisign did not subject these changes to any form of review outside of Verisign. There was no community input or review. If there had been, the community would have rejected this before it started, because it had real operational impact, and, because it had Verisign abusing public trust to line their pockets. Fierce debate is good. Verisign tried to avoid debate all together by launching this without the required reviews beforehand. Verisign has a long history of doing this. Paragraph 9: This is the one paragraph with significant truth in it. The result of this debate will have far reaching implications for the future of the internet. Do we send a clear message to Verisign that their role as agent of the public trust does not involve making whatever changes to critical infrastructure they feel are in their best interests? Do we allow Verisign to continue down the road that they have repeatedly attempted where it is as if they think they own all rights to these TLDs which were entrusted to them to manage by contract from ICANN. ICANN is a non-profit public benefit corporation charged with managing this part of the internet infrastructure. They contracted out this specific duty to Verisign with some reasonably strict rules about how they can do it. Verisign, in spite of this, has repeatedly ignored those rules in it's own interest. If ICANN allows this to continue, it will, indeed, change the face of the internet significantly. Mr. McLaughlin may think that's a good thing, as he will surely profit heavily from it. I doubt that it will improve things for internet users or operators, however. Paragraph 10: The internet already has a process for doing that. It's called the IETF. If this didn't happen in IETF, we wouldn't have HTTP, IPSEC, or, even DNS. Almost every protocol in use today on the internet was developed through the IETF process. Many improvements to protocols (BGP is currently on version 4, for example) have also come through the IETF and the related RFC process. The significant test is not whether the internet can do this (it already has), but, whether the internet can control the contractors entrusted with the management of items in the interest of the public. If not, ICANN will need to find an alternative. That will be difficult and painful. Paragraph 11: Noone is discouraged from exploring the bounds of the internet. Verisign is discouraged from BREAKING existing functionality in the name of lining their pockets. There are lots of places on the internet to experiment with new tools. The two most populated top level domains in the DNS tree are _NOT_ the right place to experiment. You wouldn't want a rocket scientist developing new fuels at your kid's elementary school, would you? Well, what Verisign has done is equivalent to that. They decided without warning to conduct their experiment in production instead of a laboratory. Paragraph 12: This paragraph cannot stand without the lies from the previous paragraphs. Paragraph 13: Verisign did not spend hundreds of millions of dollars to fortify the two root servers alone. Also, a number of other root servers withstood the attack as well. This whole paragraph is specious and misleading. In fact, Verisign has one of the worst track records for errors of any DNS provider in history. The technical community is less concerned about what will happen without Verisign than they are about what Verisign will do to the internet. Paragraph 14: The decisions made in this debate will not be about innovation. They will be about theft and hijacking. Will Verisign be allowed to hijack non-existant domain names to their own purpose and profit? Will they be allowed to continue to make arbitrary changes to services which are considered critical infrastructure by a large portion of the Internet community? Will ICANN stand up and say "no more" to Verisign's abuse of their position under the ICAN and USDOC contracts? These are the decisions that will be made around this issue. Innovation is safe and secure in the IETF. I will agree that there are problems to be solved in the IETF process, but, Verisign's actions won't even touch those, let alone make any positive contribution. Paragraph 15: The decisions made over the next months and years will determine whether the namespace remains a consistent and well-ordered hierarchy, or, whether the distaste for Verisign and the lack of action by ICANN to stop them becomes so distasteful to enough network operators that the authority of ICANN is usurped and the namespace becomes fragmented. That would be bad for everyone. Biography: Owen DeLong is a Network Architecht for a Mountain View based communications firm. He has held positions ranging from Systems Administrator to Senior Backbone Engineer at ISPs ranging from very small to very large. He has designed and built networks from dialup to OC-192. He has been an active participant in the Internet Operational Community and NANOG for more than a decade. Owen DeLong [email protected]
|