News of ISC Developing BIND Patch

• Previous message (by thread): News of ISC Developing BIND Patch
• Next message (by thread): News of ISC Developing BIND Patch
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If we take a step back, we could say that the whole Verisign incident
demonstrated pretty clearly that the fundamental DNS premise of having no
more than one root in the namespace is seriously wrong.  This is the
fallacy of "universal classification" so convincingly trashed by
J.L.Borges in "The Analytical Language of John Wilkins".  Sigle-root
classifications simply do not work in real-world contexts.

On a more practical plane, as long as there is a central chokepoint there
will be an enormous advantage for a commercial or political interest to
control that chokepoint.  As Internet becomes more and more important, the
reward for playing funny games with the top levels of the name space are
only bound to get higher.

I do not want to play a Nostradamus, but it is pretty obvious that it's
likely to be sooner than later that there will be an incident in which a
bribed or planted Verisign employee aids a massive identity theft on
behalf of a criminal group.  And that we will see politically-motivated
removal of domain names (my bet is that porn sites will be targeted
first).  How about twiddling NS records pointing to sites of a political
party not currently in power?  DNS is no longer a geeks sandbox, it lost
its innocence.

The Name Service is engineered with this fatal weakness. It cannot be
fixed, as long as it depends on any central point.  It already has many
problems with trademark and fair competition laws. In some countries,
national DNS roots are controlled by secret police. It is a good time to
stop patching it, and start thinking about how to address the root cause
of the problem: namely, that there's no way for an end-user to choose (or
create) his own "root" of the search space. (The implication is that names
become paths - which matches human psychology quite well, considering
that we posess an evolved ability to navigate using local landmarks).

In fact, we do have an enormously useful and popular way of doing exactly
that - this is called "search engines" and "bookmarks".  What is needed is
an infrastructure for allocation of unique semantic-free end point
identifiers (to a large extent, MAC addresses may play this role, or, say,
128-bit random numbers), a way to translate EIDs to the topologically
allocated IP addresses (a kind of simplified numbers-only DNS?) and a
coordinated effort to change applications and expunge domain names from
protocols, databases, webpages and such, replacing URLs containing domain
names with URLs containing EIDs.

This way, the whole meaning-to-address translation chain becomes
decentralized and absolutely resistant to any kind of deliberate
monopolozation (except for scale-free networking effect). And, in any
case, I would trade Verisign for Google any day.

--vadim

• Previous message (by thread): News of ISC Developing BIND Patch
• Next message (by thread): News of ISC Developing BIND Patch
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]