Copy Link
Add to Bookmark
Report
Netizens-Digest Volume 1 Number 527
1
Netizens-Digest Saturday, October 11 2003 Volume 01 : Number 527
Netizens Association Discussion List Digest
In this issue:
[netz] Media coverage
[netz] David McGuire article on Verisign 10/4/2003
Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group
Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group
Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group
Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group
----------------------------------------------------------------------
Date: Sat, 4 Oct 2003 18:59:15 -0400
From: "Howard C. Berkowitz" <hcb@gettcomm.com>
Subject: [netz] Media coverage
Just after I sent my comments on the wildcard issue, I read the note
below from Bill Simpson. Bill is a highly respected although
controversial member of the Internet engineering process. His
achievements include designing PPP. He is also a frequent
critic-to-gadfly of the process, but has "paid his dues" such that
people listen.
As a silly aside, Bill manages to amuse me in one respect. I had read
his work for some time before I met him. Once upon a time, I had a
manager who would say thoroughly obnoxious things in such a beautiful
voice that one would listen to things that otherwise lead to blows.
Bill has such a voice, but I first knew him from a caustic written
standpoint.
I just finished reading the Washington Post's coverage at
http://www.washingtonpost.com/wp-dyn/articles/A42107-2003Oct3.html,
and am as disappointed as Bill was with the New York Times. They cite
a Verisign executive, and an executive of another company Paxfire,
that tried commercializing a product much like Sitefinder. In
contrast, the Post cited "the close-knit group of engineers and
scientists who are familiar with the technology underpinning the
Internet" without naming a single name of an acknowledged expert with
no financial interest in the type of redirection from Verisign and
Paxfire.
I don't find it unreasonable that a reporter should get a specific
quote from any relevant expert, such as Paul Vixie, author of the
most widely used DNS software, or any of the authors or working group
chairs pertaining to DNS standardization and operation.
At 3:01 PM -0400 10/4/03, William Allen Simpson wrote:
>Re: http://www.nytimes.com/2003/10/04/technology/04WEB.html
>
>Today, ELIZABETH OLSON relied upon press releases to write an article
>about the VeriSign hijacking of the .com and .net domain name spaces.
>The article contains a number of errors and misconceptions.
>
>These are not "anecdotal and isolated issues". Network security
>monitors raised the alarm worldwide during the day, many hours before
>VeriSign admitted that they had made the change without any advance
>notice to network operators (in a message to NANOG by "Matt Larson
><mlarson@verisign.com> Mon, 15 Sep 2003 19:24:29 -0400").
>
>This action caused a valid technical Domain Name System (DNS) response
>to disappear. That response is widely expected by software deployed
>over 20 years.
>
>The difficulties with wildcards in the DNS has been under discussion
>for many months (and years) within the Internet Engineering community.
>VeriSign should have known that this action would be a technical error
>that would adversely affect the entire world.
>
>The result was a meltdown at many smaller internet providers, saturated
>links, overloaded mail servers, and lost mail. By extension, this cost
>network operators worldwide hundreds of millions of dollars per day.
>
>It should come as no surprise that there are now lawsuits seeking
>class action status. Surprisingly however, that was not mentioned in
>this article.
>
>Nor is this "whether managing the Internet will be allowed to become
>more commercial". VeriSign does not manage the Internet. VeriSign is
>under contract with public entities (that do manage the Internet) to
>register domain names as a public trust. They violated that trust.
>
>This is not "innovation". This is Fisk and Gould attempting to corner
>the market.
>
>Although contacting a paid VeriSign spokesperson is obviously easier
>than research among a diverse group of network operators, this leads to
>a rather one-sided view. In the future, the New York Times might
>consider using Internet resources, such as email, to contact competent
>persons. In addition to ICANN, the Internet Architecture Board (IAB)
>and/or the North American Network Operators Group (NANOG) are some
>places that such technical assistance might be available.
------------------------------
Date: Sun, 5 Oct 2003 02:34:03 -0400
From: "Howard C. Berkowitz" <hcb@gettcomm.com>
Subject: [netz] David McGuire article on Verisign 10/4/2003
Let me begin with appropriate disclaimers and identifiers. While in
college in 1966-1967, I was a part-time science writer for The
Washington Post, so have some familiarity with the news process. At
the present time, I am an independent consultant in networking and
medical computing, with experience including Internet operational
design. With respect to the latter, I have four published books,
including one on ISP design: _Building Service Provider Networks_
(Wiley). I am a participant in the Internet Engineering Task Force
and North American Network Operators' Group. I have no financial
interest in Verisign or its competitors.
My concern is first with journalistic balance with respect to
sources, and second with technical inaccuracy. The article quotes a
Verisign executive, as well as an executive of a firm with a
commercial offering similar to Verisign's Sitefinder process. In
contrast, the Post cited "the close-knit group of engineers and
scientists who are familiar with the technology underpinning the
Internet" without naming a single name of an acknowledged expert on
the Domain Name System, the Internet function that translates
human-oriented names to computer-oriented Internet addresses. It
would be simple to find recognized professionals with no financial
interest in the type of redirection from Verisign and Paxfire.
Balanced reporting should cover both sides of the story. There are a
great may individuals and firms that were adversely affected by
Verisign's action, and considerable sentiment in the worldwide
Internet engineering community that the Verisign action was
technically unsound, and in a manner that can be demonstrated
objectively, interfered with the normal operations of the Internet.
While I wouldn't quite call the article a Verisign press release, I'm
appalled either that Mr. McGuire failed to obtain opinion from
independent, financially disinterested individuals, or,
alternatively, that the editorial staff removed such material.
Let me summarize some of the major operational concerns, and not get
into the governance issues between Verisign and ICANN. Strong
arguments can be made that adding the wildcard (i.e., that which
causes any undefined domain to be redirected to Sitefinder) to .com
and .net breaks the operational and even protocol aspects of DNS. A
great many network security tools, especially spam filters, depend on
checking if domains are undefined. There is a specific DNS protocol
message for undefined domain, which the wildcard defeats.
Beyond security, the wildcards have an indirect effect of potentially
slowing electronic mail or causing it to be dropped. One thing that
Verisign seemed not to consider is that the Internet is more than the
Web, and mail agent redirection to Sitefinder provides absolutely no
value to the mail-using Netizen.
Here's the problem. Let's say I misaddress a piece of mail to
foo.com, which I shall assume is a nonexistent domain. When an ISP
first tries to deliver it without the DNS wildcards, when it
discovers there is no such domain, it will treat that as an error,
usually returning the mail to sender with an appropriate error
message.
With wildcards, however, an unmodified SMTP agent will get back an
address (Sitefinder) and try to set up a SMTP session with it. At
best, it will discover that Sitefinder does not support mail exchange
and treat the message as undeliverable, again returning it.
It's more likely, however, that the SMTP software will decide that
since it can find foo.com (with sitefinder's address), a temporary
error is interfering with delivery. It will requeue the message for
retry. Typically, mail agents try to redeliver for several days, and
may or may not return intermediate warning messages.
We now have the effects:
--ANY mail to an incorrectly spelled name gets added to the outgoing
mail queue for retry, increaasing queue length. Doing so:
-- slows down mail delivery due to the need for repeatedly
processing mail that will never be delivered
-- consumes queue storage resources and increases ISP costs,
which may be passed on to the end user
--Inconveniencing the user, who, if they received a prompt error
notification, might discover they spelled an address incorrectly
and simply need to correct the message and resend it. With the
wildcards, days may elapse before the sender even knows there
is a problem.
- --
Howard C. Berkowitz
5012 25th Street South
Arlington VA 22206
(703)998-5819 voice
(703)998-5058 fax (alas, sometimes poorly operated by "helpful" cat)
------------------------------
Date: Sun, 5 Oct 2003 16:47:15 -0400
From: lindeman@bard.edu
Subject: Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group
Howard,
> Many of the discussions on this list have focused on what is wrong.
> It's been quiet for a long time. Is it possible, as I hope, that the
> list might focus on lessons learned from something that had positive
> aspects, and see how they might be improved and/or used more widely?
I doubt, alas, that I have much value to contribute to that discussion, but I'll just
add a comment on one point in your next paragraph:
> I would note that while the general news media picked up on this
> issue, relatively few covered it well. The grass-roots industry
> response, as well as ICANN's work, often seemed to be treated as one
> corporation spinning another (i.e., Verisign). Some media covered it
> better than others, but I haven't seen anything that really expressed
> the widespread outrage seen on NANOG and elsewhere.
The idea of "grass-roots industry" sounds a bit counterintuitive, but you've
documented it very well. Shoot, I'm out of my depth here. A lot of Internet
discourse seems to focus either on a somewhat mythical realm of independent
individuals, or on the influence of Big Business. Grass-roots industry is somewhat
analogous to "small business" (what U.S. observers sometimes call Main Street
as opposed to Wall Street). In terms of traditional political theory, Main Street
should be a lot better for republican values than Wall Street. It might not be utterly
pointless (although I'm sure it is misleading) to think of the Verisign brouhaha as
having a similar aspect. The conflict was not business versus the people, nor
simly big business vs. small business. But a concentrated interest lost, and that
is always interesting and encouraging.
The preceding is more muddled than helpful, but my time is _really_ at a premium
this week, and yet I couldn't stand not to respond.
Mark Lindeman
------------------------------
Date: Sun, 5 Oct 2003 17:32:00 -0400
From: "Howard C. Berkowitz" <hcb@gettcomm.com>
Subject: Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group
>Howard,
>
>> Many of the discussions on this list have focused on what is wrong.
>> It's been quiet for a long time. Is it possible, as I hope, that the
>> list might focus on lessons learned from something that had positive
>> aspects, and see how they might be improved and/or used more widely?
>
>I doubt, alas, that I have much value to contribute to that
>discussion, but I'll just
>add a comment on one point in your next paragraph:
>
>> I would note that while the general news media picked up on this
>> issue, relatively few covered it well. The grass-roots industry
>> response, as well as ICANN's work, often seemed to be treated as one
>> corporation spinning another (i.e., Verisign). Some media covered it
>> better than others, but I haven't seen anything that really expressed
>> the widespread outrage seen on NANOG and elsewhere.
>
>The idea of "grass-roots industry" sounds a bit counterintuitive, but you've
>documented it very well.
It's probably not the ideal phrase. While Internet engineering is not
a formally recognized profession (i.e., with requirements for
independence and ethics) such as medicine, law, or accounting, there
is a very real sense of community -- or meritocracy -- among a group
of people who live by electronic communications. I was referring to
the response by those engineers as individuals with all manner of
employers.
Even though many of the individuals of whom I'm thinking might be
employed by large networking equipment vendors or telecommunications
carriers, it's just as likely they might be small ISPs, academics, or
consultants. The IETF has long differed from other, more formalized
technical standards groups (e.g., ISO, ITU) by being relatively free
of politics, and having a generally shared ethic of Doing The Right
Thing.
Some people object to the IETF process because it doesn't invite
"public comment", but the reality is that the development process is
completely open to anyone. The issue is that unless someone
demonstrates technical competence in the subject at hand (informally
referred to as "having clue"), the culture will ignore them. That
culture wants to stay an apolitical enabler of Internet technology,
and, in general, comments on the role of the technology in broader
nontechnical political issues are unwelcome.
On the NANOG list, there was a sense of outrage, as well as real
concern over operational impact, of this latest Verisign revenue
play. This isn't the first time that Verisign has gotten in trouble
over what may be a very basic conflict of interest between the role
of legitimately profit-making registrar, versus public stewardship
registry. See, for example,
http://www.washingtonpost.com/wp-dyn/articles/A61407-2003Sep24.html,
where Verisign settled a Federal Trade Commission charge that they
used their position as regisTRY (i.e., as data base custodian and
recognized authority) to send out misleading notices that people
needed to renew domain registrations, with a link that would send
them to Verisign's regisTRAR function.
In another business area, Verisign is also one of the leading
Certification Authorities and Registration Authorities for public
keys/digital security certificates. Again, a role requiring a great
deal of trust.
>Shoot, I'm out of my depth here. A lot of Internet
>discourse seems to focus either on a somewhat mythical realm of independent
>individuals, or on the influence of Big Business. Grass-roots
>industry is somewhat
>analogous to "small business" (what U.S. observers sometimes call Main Street
>as opposed to Wall Street).
I didn't mean to refer to small or large business; I meant to refer
to engineers in both.
> In terms of traditional political theory, Main Street
>should be a lot better for republican values than Wall Street. It
>might not be utterly
>pointless (although I'm sure it is misleading) to think of the
>Verisign brouhaha as
>having a similar aspect. The conflict was not business versus the people, nor
>simly big business vs. small business. But a concentrated interest
>lost, and that
>is always interesting and encouraging.
>
>The preceding is more muddled than helpful, but my time is _really_
>at a premium
>this week, and yet I couldn't stand not to respond.
>
>Mark Lindeman
------------------------------
Date: Sun, 5 Oct 2003 20:49:56 -0400
From: lindeman@bard.edu
Subject: Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group
Howard,
> It's probably not the ideal phrase. While Internet engineering is not
> a formally recognized profession (i.e., with requirements for
> independence and ethics) such as medicine, law, or accounting, there
> is a very real sense of community -- or meritocracy -- among a group
> of people who live by electronic communications. I was referring to
> the response by those engineers as individuals with all manner of
> employers.[...huge snip]
> I didn't mean to refer to small or large business; I meant to refer
> to engineers in both.
Yeah, I think I can accommodate that within my muddled thought process, but I
don't quite have a language for what I intend to say. I'm thinking from the
standpoint of the Federalist Papers. The Federalists worry a lot about balancing
all sorts of power relations, but they seem also to hope for a meritocracy (not of
engineers, of course) that crosses factional divides of interest. Ah, I know how I
could avoid the economic red herring, at the small cost of general
incomprehensibility: you are describing Internet engineers as an epistemic
community. Strike that -- rather, your description of Internet engineers is
superficially compatible with my understanding of what certain political scientists
have called "epistemic community." (The phrase has been taken in different
directions, as a quick Google underscored. I even found one article that
uses "global Internet community" and "global epistemic community" more or less
interchangeably.)
Mark Lindeman
------------------------------
Date: Mon, 6 Oct 2003 16:23:02 -0400
From: "Howard C. Berkowitz" <hcb@gettcomm.com>
Subject: Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group
>Howard,
>
>> It's probably not the ideal phrase. While Internet engineering is not
>> a formally recognized profession (i.e., with requirements for
>> independence and ethics) such as medicine, law, or accounting, there
>> is a very real sense of community -- or meritocracy -- among a group
>> of people who live by electronic communications. I was referring to
>> the response by those engineers as individuals with all manner of
>> employers.[...huge snip]
>> I didn't mean to refer to small or large business; I meant to refer
>> to engineers in both.
>
>Yeah, I think I can accommodate that within my muddled thought process, but I
>don't quite have a language for what I intend to say. I'm thinking from the
>standpoint of the Federalist Papers. The Federalists worry a lot
>about balancing
>all sorts of power relations, but they seem also to hope for a
>meritocracy (not of
>engineers, of course) that crosses factional divides of interest.
>Ah, I know how I
>could avoid the economic red herring, at the small cost of general
>incomprehensibility: you are describing Internet engineers as an epistemic
>community. Strike that -- rather, your description of Internet engineers is
>superficially compatible with my understanding of what certain
>political scientists
>have called "epistemic community." (The phrase has been taken in different
>directions, as a quick Google underscored. I even found one article that
>uses "global Internet community" and "global epistemic community" more or less
>interchangeably.)
After my own google, I like the discussion at
http://www.svet.lu.se/webcourses/webkurser/002_Politisk_kommunikation/Grundlaeggande/Extra_resurser/Sem6_resurser/epistcomm.pdf
This brings up some immediate questions beyond the original point of
my thread. Assuming the Internet engineering community forms an
epistemic community A, do our definitions of "Netizen" meet the
criteria for such a community B? If so, what is the relationship of
A and B? Overlapping? A is a subset of B? Disjoint sets, if A's
technocratic barriers to entry are emphasized?
On a slightly different note, I've been asked to come to the ICANN
Security and Stability Committee meeting tomorrow, which will examine
the Verisign DNS matter. I think I can make it. Will report back.
Was on the phone until 2AM talking to the epistemic community of
engineers, and have been communicating quite a bit today. This has
also spread to the Internet Law list of the American Bar Association;
I just got on that list.
------------------------------
End of Netizens-Digest V1 #527
******************************
Comments