ICANN opens up Pandora's Box of new TLDs
jeroen at unfix.org
Fri Jun 27 08:50:39 UTC 2008
Balazs Laszlo wrote:
> michael.dillon at bt.com i'rta:
>>> There are probably some variations based on the zone, languages,
>>> IDN'ability, etc., but it certainly is a good idea to be
>>> bankofamerica.* for reasons that I think are obvious to most of us.
>> To make it hard for your customers to figure out whether a URL
>> is legitimately owned by the bank? To make it easier for evil guys
>> to steal from your customers by registering bonkofamerica.*
> Maybe somebody start a trusted service under a new TLD,
> and you can block all the others.
<background sound="Darth Vader Breathing.ogg">
For three seconds I thought it was maybe a nice idea for this DNS thing
to be cleansed, just stick everything under this new 'trusted' TLD, but
then I realized that it can't work, as who is going to decide on what is
'trusted' or not? There is a root (even per TLD and per domain) where
delegations come from, as such, there is a central authority and thus a
couple of people who say 'trusted' and 'untrusted', or actually 'good'
and 'evil'. This was also the whole point of having ccTLDs, so that
every country at least could have their own share of the tree (hoping
that the root had truly trusted people who would not just kick a part of
the tree out (Russia would like to kick out .es now I guess ;)
If you want trust, a trust-metric (eg PGP) could partially work. Still,
that is not true trust, as it is only an attestation that at the point
you said 'good' or 'evil' you found it to be like that. The internet
(un)fortunately has this great dynamics factor, as such, now it might be
good, all of a sudden some Russian hackers own www.ipv6.elmundo.es
(which will then report on Russian winning and Spain loosing) and even
though everybody trusts that site for the purpose of 'good domain' and
maybe 'good reporting' it will actually be evil. Countering this is
going to be extremely difficult, as you need to get everybody who trusts
it to update their opinion. Or how do you get a committee to decide
'that site/side is evil'. Difficult.
Currently people just trust Google and Mozilla and a various of other
vendors to do this for them. This seems to work in some ways, but still
on mostly static lists inside the browser, which only updates once in a
while thus not very quick either. And how good is Google in not doing
evil in just putting all the Russian sites on the list and blocking them
off? You don't know.
Evil is just what one perceives, and what is good for you, might not be
good for others. If you are 'good', it is just because some people you
know like you, while when you are 'evil' it is just because you are on
the 'wrong' side.
Thus no, I don't see '.trusted' actually being trusted, as it simply
will exclude businesses which are not trusted by the other ones who
control .trusted and thus will be very nice for the anti-competition
laws that exist.
Only real solution that I currently see seems to be:
- pick a search engine you think you can trust (to degrees of etc)
- type in what you are looking for, hit search
if the ranking of a site is not high enough then either
the site is not trusted enough because there are no links there
or because tracking software didn't find enough people going there
and all the other factors they use they just fail.
- let the search engine warn you "that site might be evil"
- go to the page. Don't care about the URL though, the search
engine already and all their trust made sure it is a 'good' site.
- Use it.
That of course only covers web, but that is what most general population
folks are using anyway.
Thus DNS is here only used for where it was supposed to, converting a
hostname into an IP address, in the background, with the user not caring
about what the hostname is. As such the only thing what matters about
host/domainnames will be how pretty they look, nothing more, nothing less.
I still don't get why ever movie needs their own domainname, which means
that there have to be a lot of sites actually referring to that new
domain to be actually able to find the movie in the first place, that
while the company that produces it could easily put a subpage on their
website or eek a subdomain, and it will all work like a charm including
keeping ones PageRank intact and local without having to pay any amount
of cash. Then again, domaincapers will register it and get a few hits
for it, because people apparently still trust in typing in URL's...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: OpenPGP digital signature
More information about the NANOG