ICANN opens up Pandora's Box of new TLDs

Jeroen Massar jeroen at unfix.org
Fri Jun 27 08:50:39 UTC 2008

Balazs Laszlo wrote:
> michael.dillon at bt.com i'rta:
>>> There are probably some variations based on the zone, languages, 
>>> IDN'ability, etc., but it certainly is a good idea to be 
>>> bankofamerica.* for reasons that I think are obvious to most of us.
>> To make it hard for your customers to figure out whether a URL
>> is legitimately owned by the bank? To make it easier for evil guys
>> to steal from your customers by registering bonkofamerica.*
> Maybe somebody start a trusted service under a new TLD,
> and you can block all the others.

<background sound="Darth Vader Breathing.ogg">

For three seconds I thought it was maybe a nice idea for this DNS thing 
to be cleansed, just stick everything under this new 'trusted' TLD, but 
then I realized that it can't work, as who is going to decide on what is 
'trusted' or not? There is a root (even per TLD and per domain) where 
delegations come from, as such, there is a central authority and thus a 
couple of people who say 'trusted' and 'untrusted', or actually 'good' 
and 'evil'. This was also the whole point of having ccTLDs, so that 
every country at least could have their own share of the tree (hoping 
that the root had truly trusted people who would not just kick a part of 
the tree out (Russia would like to kick out .es now I guess ;)

If you want trust, a trust-metric (eg PGP) could partially work. Still, 
that is not true trust, as it is only an attestation that at the point 
you said 'good' or 'evil' you found it to be like that. The internet 
(un)fortunately has this great dynamics factor, as such, now it might be 
good, all of a sudden some Russian hackers own www.ipv6.elmundo.es 
(which will then report on Russian winning and Spain loosing) and even 
though everybody trusts that site for the purpose of 'good domain' and 
maybe 'good reporting' it will actually be evil. Countering this is 
going to be extremely difficult, as you need to get everybody who trusts 
it to update their opinion. Or how do you get a committee to decide 
'that site/side is evil'. Difficult.

Currently people just trust Google and Mozilla and a various of other 
vendors to do this for them. This seems to work in some ways, but still 
on mostly static lists inside the browser, which only updates once in a 
while thus not very quick either. And how good is Google in not doing 
evil in just putting all the Russian sites on the list and blocking them 
off? You don't know.

Evil is just what one perceives, and what is good for you, might not be 
good for others. If you are 'good', it is just because some people you 
know like you, while when you are 'evil' it is just because you are on 
the 'wrong' side.

Thus no, I don't see '.trusted' actually being trusted, as it simply 
will exclude businesses which are not trusted by the other ones who 
control .trusted and thus will be very nice for the anti-competition 
laws that exist.

Only real solution that I currently see seems to be:
  - pick a search engine you think you can trust (to degrees of etc)

  - type in what you are looking for, hit search
    if the ranking of a site is not high enough then either
    the site is not trusted enough because there are no links there
    or because tracking software didn't find enough people going there
    and all the other factors they use they just fail.

  - let the search engine warn you "that site might be evil"

  - go to the page. Don't care about the URL though, the search
    engine already and all their trust made sure it is a 'good' site.

  - Use it.

That of course only covers web, but that is what most general population 
folks are using anyway.

Thus DNS is here only used for where it was supposed to, converting a 
hostname into an IP address, in the background, with the user not caring 
about what the hostname is. As such the only thing what matters about 
host/domainnames will be how pretty they look, nothing more, nothing less.

I still don't get why ever movie needs their own domainname, which means 
that there have to be a lot of sites actually referring to that new 
domain to be actually able to find the movie in the first place, that 
while the company that produces it could easily put a subpage on their 
website or eek a subdomain, and it will all work like a charm including 
keeping ones PageRank intact and local without having to pay any amount 
of cash. Then again, domaincapers will register it and get a few hits 
for it, because people apparently still trust in typing in URL's...



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080627/a569c05d/attachment.sig>

More information about the NANOG mailing list