The end of a single global namespace?

A few years ago the countries in the West condemned China for taking away ”unwanted” content from the internet. It was seen as conflicting with freedom of speech, and utterly foreign to our ”traditions of democracy”. Today, most internauts shrug their shoulders… whatever man, we are doing that everyday anyways.

Because there came Wikileaks, who were removed from the DNS-system by a corrupt bank, then Ce(n)silia Malmström wanted to make a pan-European censorship list, and most recently, the US agency ICE removed 82 sites from the global namespace. They allegedly did some counterfeit and copyright infringement.

All in all, this means that the DNS-system does not work properly anymore. It has to be fixed. Patched. And upgraded to the next level. The whole idea of having one singular point of reference served the purpose of both security and a kind of cultural connectivity. We would feel safe that when typing mybank.com, we actually arrived at our bank, and not some spoofed site that stole our money. But also, we would globally have a common way of sharing destinations; mysite.net meant the same to whomever we talked to.

However, these central nodes are sadly affected by strange-minded politicians and corporations far too easily. There used to be some guts in ICANN, and there used to be some sense of sentiment towards neutrality and autonomy for these systems. But they don’t seem to keep up anymore. A bank, a commissioner of the Europan Union or some MAFIIA-corporations are able to hijack the system very easily. If it is because of corruption or cowardliness, we do not know. But we don’t need to know either. All we need to do is build alternative systems.

To my knowledge, there are (at least) two interesting projects in the making. On the one hand there is the innovative dot-p2p project, which aims at creating a new Top Level Domain called .p2p which is distributed outside the regular system, by way of bittorrent distribution. In the stormy waters of ACTA we may predict a future attack on everything peer-to-peer related, so this is a very good idea to pre-emptively make a central DNS-blocking obsolete.

The other project is the Telecomix DNS project, which basically clones the ICANN root, then provides a submission system (not yet ready) for censored domains. This means that stuff that is taken away will be resubmitted to the Telecomix DNS servers, which may turn out to be many as the system grows, then override the ICANN root. Also, ”proper owners” of non-censored domains will not have to worry, since Telecomix relies on cryptographic signing of domain names.

Hopefully there are more projects brewing in the minds and computers of internauts out there. If you know of any, please comment.

Maybe the singular namespace was just a parenthesis in the history of the internet, and we are now facing an evolution of an obsolete system. Darknets such as the i2p are already working with subscription lists of destinations in the network. So, it works. And it will be much more redundant than the current failure.

Update: On IRC someone tipped me about this project.

11 reaktioner till “The end of a single global namespace?”

  1. While I maintain that a single, unified namespace remains the preferred goal, nothing says that it must be run by ICANN, or even that it must look exactly like the namespace we have today. However, we have (at a minimum) two distinct issues to deal with:

    1. What should the rules for maintaining the namespace be?
    2. Who should be in charge of enforcing those rules?

    Let’s not confuse these two with each other when looking for answers to either question or technical solutions to implement those answers.

    While a lot of clever people may have good ideas for how to build a new namespace independently of the current one, they will hardly be able to attain the support of a majority of users (and here every ISP constitutes a vocal ‘user’ with a big share of the vote, since many real users actually don’t care) unless they can demonstrate some significant advantage without simultaneously fracturing the namespace. And if they can implement their solution within the existing namespace, why not simply apply to ICANN for a new TLD or whatever is needed?

    As for the second issue, most users won’t care what organization gets to delegate the TLDs to the registry operators, as long as they can send mail to their friends and visit the websites they are used to. Therefore I think we have plenty of room to suggest alternatives to ICANN, as long as we don’t break anything that already works.

    Now, introducing new domain hierarchies which can only be accessed by a minority of users will by their very nature ”break something that already works”, because most users have no idea which TLDs are supposed to exist, but they do expect links to be clickable in their browsers. Having browsers report ”non-existing domain” every now and then when users navigate the web will seriously damage user confidence in the web as a useful resource, and will produce countless trouble tickets for overworked ISP helpdesk staff to deal with. Chances are the ISPs may even try to block access to ‘non-conforming’ domains to cut down on support costs, just as they have sometimes dealt with spammers (I have a track record of doing this myself, even as I haven’t run an ISP).

    Therefore I can support an initiative to ‘repair’ the damage done under ICANN’s watch, as long as the current rules are adhered to and ICANN still gets to tell which TLDs shall exist. I’m actually not very happy myself with the current proliferation of TLDs, but I accept them for the sake of namespace unity alone. If you add any TLD outside of ICANN’s control and break the unity, I may just as well ask you to delete a few I don’t happen to like very much, now that the goal of unity is out of the way. 😉

    Having the same resources turn up under different domain names to different users is quite similar to the way different countries today have different names in different languages. Do we really want to encourage ‘language proliferation’ in domain names? Are we building another tower of Babel? While we may worry about certain natural languages becoming extinct for lack of speakers, I see no good reason to create a multitude of languages as a response to what must be considered a political dispute. Doing so doesn’t solve the conflict, but merely sweeps it under the rug.

    That said, my desire for freedom requires that I allow others the same amount of liberties as I expect to enjoy myself, so I won’t attempt to prohibit any experiments other want to try, as long as I’m not involuntarily affected by any negative fallout or effectively forced to participate.

  2. Anders: Thank you for your extensive comment! It is very thoughful, indeed.

    I think that experimentation is the only way to try to find alternatives to the present system. Now, I am actually not completely foreign to the idea of a fractured namespace, as long at they are kept open to everyone. However, with ”pre-defined” internet, which is the experience of most users, this will never become reality unless they really need to. I guess P2P is the most likely thing to make an independent .p2p-TLD reality, since bittorrent technology is already present among many users. All it takes is a small update to the major clients, and new DNS is transported to the end nodes.

    This way, it would become a co-existent system with the ICANN. Not negating it, but rather hacking a system on top of it. This is also the point of the Telecomix DNS, where you don’t subtract anything from the global namespace, only add to it.

    In one sense there is already a proof of concept, in very minor scale, in the i2p darknet. Here there is no ICANN, but rather, you subscribe to a set of ”address books” which you choose for yourself. Then your network, (as fare as namespace functions in a network) becomes the network of your address book.

    If there is one namespace, the rules become completely critical. If there are several, it becomes less important. The one who makes the rules has a very large responsibility. DNS is very sensitive, too sensitive to be abused. This is why we have to experiment with the alternatives now, before it is too late.

  3. While it has been a few nice years with a unified namespace, it should come as no surprise that it would eventually collapse. Most monopolies crumble – by the weight of their success or by legislation. I guess you can look at a fractured name space as healthy competition?

    The ISPs have been tampering with the DNSes for years – even in western societies. Now it the governments’ turn to try to get a quick fix.

    The real fear I have does not concern blocks or censorship on the DNS level. It’s so easy to circumvent either manually or with a redesigned system. Most (all?) end-user systems can handle multiple entries for DNS resolving, so for the users it can be almost automatic.

    The real danger is when the censors realize that DNS is not enough and that deep packet inspection is called for. Or, if they start banning/killing/blocking the alternative DNS servers. It didn’t take the (more traditionally) authoritarian regimes very long to figure out that a DNS-block was not enough.

  4. You are of course free to experiment. However, keep in mind that there is no natural barrier between ‘the experiment’ and ‘the real thing’; unless you are very restrictive with how you conduct your experiment, it will interact (or worse, interfere) with the rest of the Internet. In order not to annoy other users, please find ways to interoperate that won’t exclude competing activities.

    In many protocol specifications, whole ranges of keywords or numerical codes have been reserved for private use, i.e. experimental protocols and conventions that are not supported by the sponsor of the specification but still allowed in exchanges between cooperating parties. One such convention is the prefix ”X-” for experimental keywords in RFC 2822 headers and similar. The idea is of course that IANA will never assign an official keyword beginning with ”X-”, allowing you to continue your experiments for as long as you like. If your experiment ever becomes mature enough to be adopted as an official standard, you will be formally assigned new keywords and codes to replace the experimental ones.

    However, with lots of independent software developers in the 1990’s creating neat tools without paying attention to IANA procedures, either the ”experimental” codes remained in use even as the tools were distributed to a wider audience, or developers appropriated what looked like official keywords or codes without registering them with IANA. I don’t know how pervasive this practice has been or if IANA has been able to keep the developers in check, but I found it discomforting that two different projects might end up using the same codes for different purposes.

    While in reality ICANN is unlikely to assign the .P2P TLD to some other entity, they are within their rights to do so, and they might even be encouraged to in order not to find everyone and their little brother appropriating their own TLD without asking. Once you have shown by example that it can be done, others will follow, but they won’t necessarily have the same goal in mind.

    When ICANN first started talking about creating new TLDs beyond the old three- and two-letter ones (or maybe that was IANA, before ICANN was established), I saw a public mailing list archive of random requests for new TLDs from all over the world. One message was from someone in Taiwan, who wanted a .WANG TLD, for his family name… Appearantly, nobody ever even answered those requests.

    When the new TLD
    the new .рф TLD was opened for general registration some time ago, applications came in for 200,000 domains – within six hours. In Russia, they know how to queue! This goes to show that once information technology offers a new resource, it risks being deployed way beyond expectations, and virgin namespaces constitute no exception to that.

    This is why I don’t accept your argument that you don’t ‘subtract’ anything from the DNS, you merely ‘add’ to it. While you will hardly run out of alphanumeric symbols for new domains, we are limited by our human minds when trying to grasp the notion of what a TLD is. To me, it’s a convenient label on each ‘section’ of the Internet directory. Some are made for countries, others for business sectors, and yet others for certain kinds of resources. As long as I can visualize a majority of TLDs in this simple fashion, I can visualize the Internet, even if those labels aren’t always true with respect to their subdomains. When a majority of the TLDs are allocated by individuals for vanity purposes however, I find myself being listed in a directory of junk, and I want to get out of it. I don’t understand why so many are so eager to have a .COM domain; aren’t at least half of all .COM domains owned by spammers anyway?

    Well, those are some of my arguments, highly subjective and emotional of course. As I said, I won’t stop you from experimenting, but I cannot endorse it until I see that you have taken my concerns into consideration.

    I do hope however that you will simultaneously develop the idea of replacing ICANN and repairing the damage that has been done so far, without rejecting ICANN’s existing policies and decisions with respect to the rest of the DNS. I consider it a kind of ‘unilateral cooperation’; you implement ICANN’s decisions not because you have to, but because you want to show your potential clients that you are more trustworthy in doing so than ICANN itself. That’s an effort I can support and even throw some money into if you like. Then, when you begin attracting a user base, it’s time to enter negotations with ICANN to find out whose leash they really are on. Either you get a deal with ICANN and win, or you walk away from the table and win anyway.

  5. On a slightly unrelated note to your discussion, there is also the question of trust. With a central controlling authority in charge so far we have learned to trust in the resolution of domain names. We simply expect that foo.bar is FooCorp. This is of course why DNS poisoning attacks have been so successful, and why DNSSEC is such an important technology.
    But with a fractured namespace we need to accept that trust has to be established in a different manner, through certificates or some other yet undeveloped technology. In my opinion this shift of trust is both unfortunate and desirable. Unfortunate because trust in the DNS system is simple and useful — while I don’t trust it enough to accept that baz.bar is BazBank without any additional verification, I am ready to accept that foo.bar == FooCorp through resolution alone. Yet it is desirable since it allows us to build a net of identities that is somewhat independent of the namespace(s). (Through distributed hash tables, for example, I could access FooCorp via foo.bar, or by looking up the cryptographic identity of the site.)
    This of course connects to what I’ve written previously about cipherontology: on the internet, identity is performed and not held. Therefore, under the current system a lot of the identity of a web site is in fact performed by a different entity than the site itself. So in theory, a fractured namespace can actually be beneficial for the network in the longer perspective!

  6. One needs to keep in mind that the DNS system is a large factor in the success of the Internet. It is a distributed database of mappings between names, lookup resources and IP numbers. From a technological point of view it is really simple to make an alternative DNS system. You just need to put different IP numbers for the root servers in the lookup table of your DNS client. This has been done many times before and there is probably half a dozen DNS systems out there. Some of them already have fallbacks to the regular DNS. Unfortunately it is practically impossible to get regular people to switch their system to another lookup service, unless a site they really want to access becomes unavaliable. To an ordinary user the DNS system is invisible. When you type in a name in your browser or an email address (these are about the only places an ordinary user actually enters a site name), the computer finds out where to go by a process of pure magic (which is supplied by Microsoft or Apple).

    While making the alternative DNS is both possible and desirable, I think that it will be hard to get enough uptake that the the effort to administrate the system will be motivated.

    While I think that there are torrent based techniques that can help in some of the bulk transfer and secondary DNS problems, they are unsuited for most of the lookups, which involve a client looking up the IP number corresponding to a single name. Since the statistical distribution of these names is more or less random, it does not make sense to look them up from a set of neighbours. It makes much more sense to go to a place of authority and look there.

  7. If we want to support multiple simultaneous namespaces, we will eventually want an easy way of referring to names in other namespaces than our own, or we’ll end up asking ”torrent-finder.com? Ok, but which torrent-finder.com, the one listed by ICANN or the one listed via P2PDNS?”

    Therefore, I suggest establishing a syntactic convention, say an equals sign (”=”) followed by the canonical name of the namespace, to indicate an Awfully Qualified Domain Name, of AQDN for short. Thus ”torrent-finder.com=ICANN” will refer to the domain controlled by ICE, and ”torrent-finder.com=P2PDNS” to the one still controlled by the original owner.

    In order for each client host to be able to resolve these AQDNs it will need an updated resolver library plus some semi-static configuration that could either be stored in a local file or be available via another protocol. If we establish a registry for namespace names to avoid assigning the same identifier to multiple namespaces, we will in effect have created another namespace, a meta-namespace on top of all existing and future namespaces.

    Initially, people will keep using ICANN for their default namespace, much like they define a domain of their own as their default domain for looking up local hostnames (names without a ”.” in them). Just like the user community has once learned not to refer to ”localhost” or other local hostnames but rather use FQDNs in their HTML files, I suppose they could learn to spell out the AQDNs as well for truly well-defined identifiers, even if it takes decades. Certain applications, such as web browsers, could employ their own default namespaces, as dictated by individual users also on multi-user systems.

    ”We the Users of the Unified Namespaces, in Order to form a more perfect Network, establish Transparency, insure network Neutrality, provide for individual Privacy, promote the creative Commons, and secure the Blessings of Freedom to ourselves and our Posterity, do ordain and establish this Constitution for the Unified Namespaces of the Intertubes.”

    E multis retia unum…

Kommentera

E-postadressen publiceras inte. Obligatoriska fält är märkta *

Time limit is exhausted. Please reload CAPTCHA.