An Open Letter of corrections to Mark McLaughlin's Innovation and the Internet

• Previous message (by thread): Trying to subscribe to Sitefinder list
• Next message (by thread): AS5384 routing table is not propagating
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

While I realize that your Perspectives area is a place where various people
are allowed to submit editorials, your publication of this particular
very skewed piece without checking some of the stated facts within it
does not meet CNet's usual standard of journalism.

In addition to Mr. McLaughlin's errors or omissions of fact, he makes a 
number
of misleading statements and outright incorrect implications.  As such, I
will simply address the article paragraph by paragraph, beginning with the
bold paragraph being considered paragraph 1.

Paragraph 1:
	It's not about whether innovation should be encouraged.  I think if
	you were to survey the opponents of Verisign's maneuver, you would
	find that each and every one of them would say they are in strong
	support of innovation on the internet.  What Verisign did was not
	innovation.  It was a move to line their pockets with significant
	additional revenue while simultaneously abusing their monopoly
	position in control of a resource contracted to them to manage
	in the public trust.  They do not OWN the domains that they modified,
	instead, they are entrusted with the management of said domains
	(namely .NET and .COM).  None of Verisigns competitors is in a
	position to place wildcard records in these zones, so, Verisign also
	was abusing it's position of public trust to gain unfair advantage
	over competitors.

Paragraph 2:
	The error page simply indicates that they URL they typed involved
	the name of a host which did not exist.  Verisign ignored the fact
	that DNS does not only effect web services.  While it is true that
	some may say that this is an improvement for web browsers, it creates
	significant problems for other applications.  More on this below.

Paragraph 3:
	Site finder is not about improving the user experience.  If it were,
	Verisign would have solicited public input prior to inflicting this
	change on a critical are of internet infrastructure.  Verisign is
	now launching this PR campaign to try and make ICANN look like the
	bad guys for finally saying no to Verisign's repeated abuses of their
	position.  Site finder is about profits for Verisign.  In fact,
	substantial profits on the order of Millions of dollars per day.
	This is why they were so reluctant to take it down in spite of a
	polite request from ICANN.  ICANN had to point out that Verisign
	was in violation of several clauses of their contract and threaten
	them with legal action to get them to comply.

Paragraph 4:
	Similar services were tested in a manner which did not break existing
	infrastructure for non-web oriented applications which were well known
	on the internet.  Verisign didn't do any testing, they simply unleashed
	this on the two most popular top level domains without review, notice,
	or even a heads up to the operational community.  In fact, the first
	notification to the NANOG (North American Network Operators Group)
	mailing list by Verisign came several hours after the debate had
	already started.  Verisign's site finder service didn't trigger debate
	because they hadn't been tried for .com and .net, it triggered debate
	because it disrupted services, constituted a change which was not
	subjected to appropriate public review beforehand, and, represented
	a cavalier and mistaken attitude by Verisign that these top level
	domains were theirs to manage however they saw fit.  These domains
	have a long history on the internet, and, they have always been
	considered a public-trust type of resource.  The contract to Verisign
	to manage these domains clearly calls for Verisign to manage them
	in the public interest.  This was Verisign managing the domain in
	their own interest, the public be damned.

	While it is true that during the three weeks it took to get Verisign
	to fix their abomination, DNS continued to function for most visible
	levels, the internet continued to route packets, and, most things
	functioned as before, that does not mean that their change did not
	break things.  As an example, prior to Verisign's change, if I sent
	an email to user at noexist.com intending to send it to user at exists.com,
	I would get an answer back immediately saying "noexist.com" does not
	exist.  After Verisign's change, their mail rejector would either
	simply drop my mail in a black hole, or, when it was too busy,
	fail to respond for long periods of time.  Either way, since I don't
	get an error message, I don't know that my mail didn't get through.
	Another problem comes from anti-spam utilities which depend on
	being able to determine if a domain name being used in mail exists
	or not.  Verisign rendered it virtually impossible, because, under
	their proposed system, all domains exist in DNS.  They essentially
	eliminated a vital and useful error message from the internet, instead
	choosing to make everyone use their error handler.  Without going
	through the IETF and RFC processes, this is an unacceptable move
	on their part.  Of course, IETF would never approve such an action
	and Verisign knows it.  Further, if a domain expired or was accidentally
	removed, most software is designed to deal with NXDOMAIN responses
	(the error code returned prior to Verisign's actions) in a manner
	that allows this to be resolved without serious consequences.
	With Verisign's change, however, it becomes fatal.  Imagine if you
	are looking for CNET.COM, but, due to a clerical error, CNET.COM
	has been removed from the DNS.  Now, instead of getting an error
	saying that the site could not be located, you get Verisign.
	All your mail for CNET.COM, instead of getting queued and waiting
	for it to reappear for several days now instantly disappears into
	a black hole.  I would think, if you were CNET.COM, in this case,
	you would be upset.

Paragraph 5:
	ICANN bought into the claims that very specific things were broken
	by Verisign's actions.  Those claims are true.  The effort of Verisign
	to deceive the public into believing that this is not true and that
	ICANN caved under pressure from zealots and purists is a grossly
	inaccurate characterization of what happened.  The pressure came from
	the operational community, the research community, and, end users.
	Sure, for some, technical purity and religion may be an issue.  For
	most, we were far more upset that real applications in real use for
	real economic purposes were being interrupted or hampered by this
	unannounced, unprecedented, and, unacceptable change.

Paragraph 6:
	This vocal minority is the MAJORITY of the people actually keeping
	bits flowing on the internet.  It is, admittedly, not the majority
	of users of the internet, but, it does represent the majority of
	internet service providers.  It represents the connectivity of
	the majority of users on the internet.  Most end users don't even
	know what DNS is, let alone what happens when it is changed.
	It's not about resentment of use for commercial purpose.  I'm sure
	there are people out there that think the internet shouldn't be
	used for commercial purposes.  The majority of the outcry, however,
	came from people trying to make a living out of keeping the internet
	running for commercial purposes.  Mr. McLaghlin and Verisign seem,
	instead, to have ignored the fact that there's more to the ineternet
	that matters to our economy than just Web Browsing.

Paragraph 7:
	They can disagree with purists all they want.  The problem is that
	here they are disagreeing with the actual operators of the internet
	who are not trying to hold the internet back, but, keep it functioning.

Paragraph 8:
	Throughout that history, the debate has been held in public and
	actions and changes to standards on the internet have been based
	on a combination of rough consensus and running code through a
	public process known as the IETF (Internet Engineering Task Force).
	Verisign did not subject these changes to any form of review
	outside of Verisign.  There was no community input or review.
	If there had been, the community would have rejected this before
	it started, because it had real operational impact, and, because
	it had Verisign abusing public trust to line their pockets.
	Fierce debate is good.  Verisign tried to avoid debate all together
	by launching this without the required reviews beforehand.  Verisign
	has a long history of doing this.

Paragraph 9:
	This is the one paragraph with significant truth in it.  The
	result of this debate will have far reaching implications for
	the future of the internet.  Do we send a clear message to
	Verisign that their role as agent of the public trust does not
	involve making whatever changes to critical infrastructure they
	feel are in their best interests?  Do we allow Verisign to continue
	down the road that they have repeatedly attempted where it is
	as if they think they own all rights to these TLDs which were
	entrusted to them to manage by contract from ICANN.  ICANN is
	a non-profit public benefit corporation charged with managing
	this part of the internet infrastructure.  They contracted out
	this specific duty to Verisign with some reasonably strict rules
	about how they can do it.  Verisign, in spite of this, has repeatedly
	ignored those rules in it's own interest.  If ICANN allows this
	to continue, it will, indeed, change the face of the internet
	significantly.  Mr. McLaughlin may think that's a good thing,
	as he will surely profit heavily from it.  I doubt that it will
	improve things for internet users or operators, however.

Paragraph 10:
	The internet already has a process for doing that.  It's called
	the IETF.  If this didn't happen in IETF, we wouldn't have HTTP,
	IPSEC, or, even DNS.  Almost every protocol in use today on the
	internet was developed through the IETF process.  Many improvements
	to protocols (BGP is currently on version 4, for example) have
	also come through the IETF and the related RFC process.  The significant
	test is not whether the internet can do this (it already has), but,
	whether the internet can control the contractors entrusted with
	the management of items in the interest of the public.  If not,
	ICANN will need to find an alternative.  That will be difficult
	and painful.

Paragraph 11:
	Noone is discouraged from exploring the bounds of the internet.
	Verisign is discouraged from BREAKING existing functionality
	in the name of lining their pockets.  There are lots of places
	on the internet to experiment with new tools.  The two most
	populated top level domains in the DNS tree are _NOT_ the right
	place to experiment.  You wouldn't want a rocket scientist
	developing new fuels at your kid's elementary school, would you?
	Well, what Verisign has done is equivalent to that.  They
	decided without warning to conduct their experiment in production
	instead of a laboratory.

Paragraph 12:
	This paragraph cannot stand without the lies from the previous
	paragraphs.

Paragraph 13:
	Verisign did not spend hundreds of millions of dollars to fortify
	the two root servers alone.  Also, a number of other root servers
	withstood the attack as well.  This whole paragraph is specious and
	misleading.  In fact, Verisign has one of the worst track records
	for errors of any DNS provider in history.  The technical community
	is less concerned about what will happen without Verisign than they
	are about what Verisign will do to the internet.

Paragraph 14:
	The decisions made in this debate will not be about innovation.
	They will be about theft and hijacking.  Will Verisign be allowed
	to hijack non-existant domain names to their own purpose and profit?
	Will they be allowed to continue to make arbitrary changes to
	services which are considered critical infrastructure by a large
	portion of the Internet community?  Will ICANN stand up and
	say "no more" to Verisign's abuse of their position under the
	ICAN and USDOC contracts?  These are the decisions that will be
	made around this issue.  Innovation is safe and secure in the
	IETF.  I will agree that there are problems to be solved in the
	IETF process, but, Verisign's actions won't even touch those,
	let alone make any positive contribution.

Paragraph 15:
	The decisions made over the next months and years will determine
	whether the namespace remains a consistent and well-ordered
	hierarchy, or, whether the distaste for Verisign and the lack
	of action by ICANN to stop them becomes so distasteful to enough
	network operators that the authority of ICANN is usurped and
	the namespace becomes fragmented.  That would be bad for everyone.

Biography:
	Owen DeLong is a Network Architecht for a Mountain View based
	communications firm.  He has held positions ranging from Systems
	Administrator to Senior Backbone Engineer at ISPs ranging from
	very small to very large.  He has designed and built networks
	from dialup to OC-192.  He has been an active participant in
	the Internet Operational Community and NANOG for more than a
	decade.

Owen DeLong
owen at delong.com

• Previous message (by thread): Trying to subscribe to Sitefinder list
• Next message (by thread): AS5384 routing table is not propagating
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]