Peter Sunde Wants To Create Alternative To ICANN 276
An anonymous reader writes "According to Peter Sunde's Twitter feed, he has been suspicious of ICANN for a long time. The non-profit corporation is tasked with managing both the IPv4 and IPv6 address spaces as well as handling the management of top-level domain name space including the operation of root nameservers. Sunde has lost a domain in the past because of the way ICANN acted. It was taken without any consultation on their part, instead the organization relied on information from recording industry group IFPI to change the domain ownership. But it seems for some reason his frustration has come to a head recently, and he has put a call out for help to create a competing root server."
You can't compete with root. (Score:5, Insightful)
Sour grapes? (Score:2, Insightful)
Re:Do it! Do it now! (Score:5, Insightful)
Messy. Question: which root do you ask for google.com? All of them? What if they reply with different addresses...which one's right? The fact that there aren't good answers to these questions is a big part of why we've tried to avoid splitting the DNS roots.
Decentralized naming is hard (Score:4, Insightful)
On the one hand, I absolutely want to see control over domain names taken out of anyone's hands (not just ICANN's).
However, decentralized naming is a *hard* problem. Only one entity can control a given domain name, and something, either human or automated, must decide who gets that domain name. Whether by fiat or general consensus, some process must exist to handle the case where multiple people want the same name. ("First come first served" does not suffice unless you have fees or some other measure to prevent mass registration, and decentralized control makes those measures difficult.)
(Numbers, by comparison, prove quite trivial; just use public keys. But people don't like typing in long numbers, they like typing in *names*.)
Re:You can't compete with root. (Score:3, Insightful)
If redirecting NXDOMAIN to partnered search results pages and killing a bunch of anti-spam scripts and endorsing ridiculously stupid shit like .eco, .xxx, .jobs and .tel happen wasn't enough for ICANN to have "blown it", complying with a Department of Homeland Security request to remove a bunch of domains that contained material that infringes copyright should be the nail in the coffin for the useless stuffed shirts at ICANN.
ICANN is really a perfect example of where a bunch of wise-beard Unix hacker types could do a better job than the corporate whores currently doing it could. Or better yet, a proper distributed alternative to DNS.
We'll call it UCANNT... (Score:5, Insightful)
We'll call it UCANNT *rimshot*
Universal Co-op for Assigned Names, Numbers and Timeservers
Seriously though, I do think a backup system would be a good idea....It's needed in order to stop the growing attempts (that I think we're going to see a lot more of) to control, censor, filter, and police the internet....Due to the practicalities involved in how the system works, I am not certain how plausible it would be to have two competing systems while everything is working smoothly, and there are other points where the system could be messed with, but having a framework in place might not be a bad idea with the political realities we live in...
Re:Do it! Do it now! (Score:5, Insightful)
Skip the government part (though, honestly, I see no reason why they'll operate the way you think they will)...what about businesses? For example: Apple.com. There are several companies that can claim honest ownership of the "apple" name as a business title (apple computers, apple records, etc). If each of them buys the apple.com name in a different root, which one's "right"? All of them have reason to argue they are...do you expect users to have to surf to all of them one by one to find the "right" apple.com? Seriously? So now the users have to know about all possible DNS roots? yuk.
You seem to be assuming that the DNS with multiple roots will have very few name collisions except for government-caused ones...I don't think that's a safe assumption at all.
Re:Sour grapes? (Score:4, Insightful)
If it ain't broke don't fix it.
I think he feels that it is broke.
I think a big problem is that ICANN gives too many questionable organisations too much say into what happens. I include in that list, MPAA RIAA and their alternatives in the remaining 96% of the planet, various spooks and one particular national government.
I suspect people here can think of many more names...
Re:Static IPv6 addresses for everyone. (Score:3, Insightful)
Re:Do it! Do it now! (Score:3, Insightful)
DNSSec, won't solve the multiple-root problem, though. If each root has a separate trust entry point, and the sub-entries are correctly signed, you won't be able to tell which one's accurate, just that the answers are verified by the root. You'll still be left with very confused users.
This happens today with SSL, it's just harder to see: if two different SSL registries issue certs for "google.com", which one's right? If you trust both of them, then the answer is "both." The same will be true for the multiple DNS roots if they use DNSSec: you'll be able to tell for certain that the answer is correct from the point of the root, but which root is *right* will be far less clear.
Re:Do it! Do it now! (Score:3, Insightful)
An alternative name registry service would do wonders to cripple the whole "internet censorship" bandwagon that has been going on recently. Blacklists? Rendered at the very least 2X as difficult to implement on a national scale, simply because the clients you are attempting to prevent from accessing content can reach that content by using the alternate name resolution service.
For five minutes or less before the proponents of the blacklist say "This goes for those guys too."
Re:Static IPv6 addresses for everyone. (Score:4, Insightful)
Re:Do it! Do it now! (Score:3, Insightful)
It would make measures like the Australian blacklist falderall all that much more difficult to actually pull off, and would render efforts like COICA similarly difficult.
Do it. Do it now.
If it is for making the Big Brother's job slightly more difficult, until yet-another-TDL-DNS gets created, maybe you can trust some OpenNIC [opennicproject.org] DNS-es? Just asking.
Re:Sour grapes? (Score:3, Insightful)
We're supposed to extrapolate from this that there is a domain of Sunde's that the MPAA / RIAA want offline MORE than pirate bay? Riiiiiiight. How about telling everyone what domain it was so we can judge for ourselves whether or not ICANN is acting in bad faith; I may not trust the MPAA / RIAA, but Im not entirely sure I want to take the word of the guy running pirate bay, either.
Re:Do it! Do it now! (Score:3, Insightful)
If they dont, and neither points to a known placeholder, "ASK", allow the user to try both and then pick the appropriate one.
How is this supposed to work? I could register facebook.com put up a phishing page that looks exact the same and then if we used your system, how does the user know which one is right?
Re:You can't compete with root. (Score:4, Insightful)
ICANN is really a perfect example of where a bunch of wise-beard Unix hacker types could do a better job than the corporate whores currently doing it could.
Almost everything in the world currently being done by corporate whores could better be done by wise-beard Unix hacker types; the tiny number of things that couldn't, aren't worth being done at all.
Re:Do it! Do it now! (Score:3, Insightful)
But they all (intentionally, and by design) respond with the *same* *data*. The fact that there are 13 of them doesn't change the fact that there is only one root *zone*. What's being proposed is having different root zones, and so the assumption that the different roots will answer with the same information goes out the window.
Re:You can't compete with root. (Score:4, Insightful)
"You can't have a competing .com, .net, .org registry"
Sure you can. Did you young folks never hear of AlterNIC ?
(OK, you young folks might be an exaggeration, you have a slightly lower UID and I'm only 32, but still)
All you have to do is persuade people to use your name servers instead of the normal ones. There's an infrastructure cost associated with that of course, but there it is. ICANN might kick and scream and maybe even sue, but there's nothing to stop the net being usurped by an enterprising newcomer. It would lead to namespace fragmentation and all sorts of interesting user effects, but it's a possibility.
I quite like the idea of us geeks using one lot and the general public using another. They can have their own internet with the facebooks and packet shaping and the september that never ends. And we'll have ours and reset it to 1995 style...
Re:Sour grapes? (Score:5, Insightful)
How about this? The Pirate Bay is too public to pull of a stunt like this, but some less known domains (like the ones seized a few moments ago) spurr less activism against it, so they can slowly roll it in and make it a norm. (like the antiterrorism bullshit going around)
Re:Static IPv6 addresses for everyone. (Score:1, Insightful)
Know your IP address like you know your phone number. Cut these clowns off at the legs. Free the net to the people who know how to use it and won't download viruses to their own computers thinking it's antivirus software... Take charge by taking responsibility from those who don't care and don't know!
I love it!
Don't go to mybank.com anymore. Go to http://FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/
BUT BEWARE! http://FFFF:FFFF:FFFF:FFFF:FFFF:FFEF:FFFF:FFFF/ is a phishing site - you don't want to go there.
Re:Sour grapes? (Score:4, Insightful)
the IFPI organization doesn't have any more right to the domain than sunde did.
Leaving it unrenewed is their friggin' problem, not anyone elses. No average joe can go bitch "that dude stole my domain!", "It says here you didn't renew it", "So what, it's mine! I forgot!", why should MAFIAA have that right?
Re:Do it! Do it now! (Score:2, Insightful)
You would be making the mistake anyone who wants an alternate root gives a crap about any commercial organisation.
We as humans deal with name space collisions every day, with our very own names, I think if we can handle it in real life, we can deal with it on here.
As with all open source things, you are free not to participate, but you can always join later.
Re:There already is one (Score:2, Insightful)
OpenNIC (Score:2, Insightful)
Instead of starting another alt-root DNS system, would it not be better to work cooperatively with an already heavily establish alt-root system, such as OpenNIC (http://opennicproject.org), they've proven previously that, unlike ICANN, they have a working democratic system to their DNS management!
Re:Static IPv6 addresses for everyone. (Score:2, Insightful)
The centralised nature of DNS has been a huge flaw in the Internet for a long time, and it should really be replaced. The problem is coming up with a better solution.
OK, how about this:
You take the existing SSL certificate authorities and the existing certificates for websites, which contain their domain names. You create a new "root" which is really a distributed collection of root servers in which anyone may participate. Website operators send their SSL certificates to any one of the root servers (ideally one trusted enough to propagate it), showing that their domain has been verified by a certificate authority as belonging to them. The website operator also signs the IP address of the website with the website's public key and a timestamp (so that updated IP addresses have newer timestamps) and sends the signed IP address(es) to the root server. The root server propagates the website's certificate and the signed IP address to all of the other root servers. If the certificate is signed by a CA which is trusted by the root server, it then starts handing out the signed IP address in response to queries for that domain name (we can even use the existing DNS protocol for this). If a CA starts maliciously signing certificates for websites for people who don't really own them, "your" root server can stop trusting that CA (and if it doesn't, you can get a new root server).
The advantage of this design is that you can't remove websites from the system except by the CA revoking their SSL certificates, which if it happens will just create a market for "bulletproof" certificate authorities. The website is using its own key to sign its IP address and once that signature is distributed to all the thousands of distributed root servers, there is no central location to remove it. At best a different CA under the influence of a censorial government could be coerced into signing a certificate for the domain name to the government instead of the owner, but all that requires is for your root server in the case of conflict between CAs for the same domain to prefer the bulletproof/incorruptible CAs to the corruptible ones.
At that point you can eliminate ICANN's role in DNS and replace it with a covenant between all the certificate authorities not to issue a certificate for a domain already issued by another certificate authority to anyone other than the same party, the consequence for violating the covenant being that the various distributed root servers will stop trusting that CA.
Since anyone sufficiently trustworthy can be a CA and anyone can run a root server because all the root servers are doing is caching a bunch of signed certificates and signed IP addresses, you get fully-distributed secure DNS with no ICANN.
Re:Sour grapes? (Score:3, Insightful)
Re:You can't compete with root. (Score:2, Insightful)
Re:Sour grapes? (Score:4, Insightful)
But that doesn't mean letting self proclaimed pirates be in charge
What's wrong with being a 'pirate'? I fail to see how that's relevant to this.