[ih] Funny how things work out

Bill Woodcock woody at pch.net
Mon Feb 1 02:33:16 PST 2021

Ok, a bit of ranting, riding on the coat-tails of Brian’s post.  (Hi, Brian!)

> On Feb 1, 2021, at 3:58 AM, Brian E Carpenter via Internet-history <internet-history at elists.isoc.org> wrote:
> Oddly enough, I only noticed today that .cern has been a TLD since 2014. I'm amazed they bothered.

.CERN is a brand TLD, no different than .FEDEX or .GUCCI.  As such, having it offers CERN several benefits:

 - Brand protection (someone else can’t abuse it to CERN’s detriment)
 - URL shortening (users don’t have to guess and type .ch at the end)
 - Shortened DNSSEC trust hierarchy

The URL shortening is a bit of a mixed bag, because of the “only delegation records at the top level” rule.  I’ll freely admit that I didn’t have time to pay close enough attention to even realize that such a rule was being formulated, at the time, so I don’t know whether it was driven through by the browser vendors (who would have wanted to keep camping on their “keyword” usurpation) or the registry services providers (who had captured the process), or by ICANN (who presumably wouldn’t have wanted to process more root-zone changes, because that would be work).  It’s _possible_ that there’s a technical reason that’s just never occurred to me, but I’ve been doing DNS professionally for thirty-five years now, and there’s certainly no technical reason that’s readily apparent.  Only entrenched-bad-business-model ones.  So, “www.cern” is longer than “cern.ch” but both are longer than simply “cern”.

If anyone can shed any light on how the “only delegations” rule came to be, I’d love to hear the history there.

Although this is less of an issue for CERN, for a lot of brands, the $200k is a drop in the bucket of their annual brand-protection budget, so well worthwhile in and of itself, even if the brand TLD never gets used.  Simply keeping it out of the hands of counterfeiters, con artists, and critics is significant value already.

To my thinking, by far the biggest value is in shortening the DNSSEC signature chain, reducing the number of security externalities “above” you in the chain. With the glaring exception of the RZM contract, ICANN does an otherwise-very-reasonable job of securing the root zone.  Being able to disintermediate one’s own key management process and ICANN’s is of huge value if you actually depend upon the ability to create TLS connections between yourself and your customers, as in the case of a retail bank, for instance.  Even more so if you need to be able to demonstrate to a regulatory authority’s auditor how your DANE implementation works, and that it doesn’t depend on un-auditable, proprietary, black boxes outside of your control, in the hands of a TLD administrator who isn’t subject to audit or public scrutiny.

> The reason CERN was originally .cern.ch is that in about 1987, when we were a central point in European academia, in particular operating an important mail interchange gateway, someone in my team wrote to IANA asking for the TLD ".cern".** Jon replied very nicely explaining why this was a silly idea. I don't have those emails, regrettably, but I believe that he suggested .cern.int, although .int was still a bit of a political football then. We opted for .cern.ch and I believe we also got .cern.fr, which we never used, although our computer centre was on the French side of the border. So, some 25 years later one of my successors at CERN decided that Jon was wrong, and ICANN agreed.

As you point out, ICANN is powerfully financially motivated to agree.  That doesn’t make it a bad idea, by any means (just as Jon was powerfully motivated to disagree, having limited time and no financial incentive) that lack of regulation, lack of self-moderation, and lack of discipline-by-competition has allowed ICANN to charge prices that are ridiculously large by comparison with the work they put in.  The significant work, of course, is done by the root operators, who are not compensated for it.  My position (which may admittedly be elitist, and which I’m happy to be argued out of) is that root operators should not be compensated, because I really don’t want to see that also turned into an idiotic scramble of money-grubbing idiots who can’t keep a server running, like most of the rest of the DNS has, now.

The problem for CERN is the same as the problem for most brands which have no particular association with geography…  while a Volkswagen or an HSBC has national subdivisions with national customer-bases and specific language and regulatory support in each, the same is not true for CERN, nor for Intel, nor Disney, nor Pfizer.  The use of .COM as a catch-all is a poor substitute (for everyone other than Verisign) for a large population of TLDs, and it fails where CERN is concerned.  While “.CH” or “.FR” are only three additional characters to type and transmit and store, the real burden is on users who have to guess, perhaps with very little context, which of hundreds of TLDs the brand might be domiciled in.  Or, it puts the burden on the brand to register in every (or a very large number of) TLDs, which created its own exploitative market-of-many-monopolies.

So while it’s annoying to me to see ICANN arbitrarily rewarded for work that I’m doing, I don’t think I should be paid for that work, because I believe that would create perverse incentives; and I recognize that, no matter how fun it would be to have my own stable of vanity TLDs, rent-extraction and market forces are a perfectly reasonable way to constrain consumption of a constrained resource.  Because although at 2,000 TLDs we’re four orders of magnitude away from the threshold at which any real work would start to be involved, we’d get there quickly if there were a three-order-of-magnitude price drop.  Which would still more than adequately pay for the work involved.  The question, then, is, “where should the money go?”  In the Westphalian world we’ve got national governments imposing taxes and using it for common goods.  In the Internet world, we depend on philanthropy to cover the costs of common goods, and that doesn’t scale well in boom times, when wet-behind-the-ears libertarian techbros are too noob to really understand that they’re actually free-riders taking from infrastructure others are paying for. Ayn Rand has a lot to answer for.  Governments do a worse and worse job apportioning tax money to things people actually care about, the larger they get, and the more distant they get from people.  Cities are reasonably good at fixing potholes and operating schools and fire departments.  States and provinces somewhat less so.  Nations, abysmal.  So a global Internet government to redistribute disincentivization fees toward maintenance of common infrastructure is a bad idea, because it would be abused even worse than similar things at national levels are.

I dunno.

> I just looked at the current state of the TLD registry. It's (IMNSHO) horrible. Counting up, there are the following numbers of TLDs of various types:
> Generic 1247, Sponsored 14, Country Code 316, Infrastructure 1.

I don’t see any burning need to subdivide .ARPA.  It would be nice if registration restrictions were actually enforced on .NET, so you could tell that it was someone with an ASN, rather than someone with an MLM scheme.

I think the number of country code domains is very appropriately outsourced to ISO and their processes, and I haven’t seen any huge bottleneck there, having observed that process close-up several times, for .TL and .SS.  So, I think the number of ccTLDs is approximately correct, modulo a few at the edges that are still getting resolved, like Kosovo, Abkhazia, Somaliland, South Ossetia, etc.  But, let’s say that it’s within about 2%-3% of being correct.

The “sponsored” category is an artifact of ICANN doing TLDs in tranches (to create artificial scarcity and drive up prices) rather than operating as a continuous process (which would be boring, practical, and utterly out-of-character for the jackpot mentality of the commercial DNS business that control ICANN).  It’s an artificial distinction used to grandfather in some of the gTLDs and the first-round Twomey-era new TLDs.  It certainly had its problems as a process, but would have gotten better if principles of continuous improvement had been applied.  But unfortunately approximately zero lessons were learned and applied to the second round.  Sorry, I mean zero lessons about running a process well.  Only lessons about how to maximize revenue for registry services operators were learned and applied.  So, I don’t think there’s any correct number for the “sponsored” category, because it’s an artificial category which encompasses both original TLDs, industry TLDs, geographic TLDs, and cultural TLDs in a grab-bag of retroactive redefinition.

Which leaves everything else thrown into the “generic” grab-bag, which doesn’t make a lot of sense to me, either.

I think geographic and cultural TLDs are very important, and aren’t given enough space to grow.  In the same way that a small country-code can provide excellent service and create community online, because it’s not forced to tithe, things like .NYC and .香港 and .αθήνα and .BZH could be creating vibrant online community.  But the bottom fifty rungs having been knocked out of the ladder by those who’ve managed to climb it already makes it kind of hard for them to get started.  Geographic and cultural TLDs have been derided by the registry services providers as “failures” because they fail to contribute enough to the registry services providers bottom line.  Since that’s the only yardstick that gets any credence at ICANN, they get discounted and discouraged.

I think brand TLDs are really important as well, because brand-owning businesses are responsible for the vast majority of the flow of people’s money over the Internet, and if they’re not allowed to protect those flows (because that would either create work and, by implication, liability for registrars and registry services providers, or, worse for them, disintermediate them) law-and-order is diminished, and trust is diminished, and people won’t get the value out of the Internet that we all signed up to create.  Brand TLDs aren’t about protecting companies, they’re about protecting the customers of companies against MITM attacks of all kinds.  So the more companies have brand TLDs of their own, the better that protection can be, and the more law-and-order and trust we can have in the Internet.

The truly generic TLDs, like .PLUMBING and .DRUGS and .INSURANCE and so forth…  I dunno…  I guess they’re a much more reasonable way of categorizing a lot of things than geographic coincidence is?  Particularly for things that don’t have a strong geographic locus, yet aren’t centralized enough to manage a brand TLD?  Star Trek fan clubs, for instance, might quite reasonable organize as STARTREK.FANS, when it wouldn’t be reasonable to imagine that they’d somehow get it together to, collectively, globally, operate a brand TLD.  And there are brands that include, as their concluding word, a generic which distinguishes them from other brands in other fields, or which are otherwise more recognizable to people with a distinguishing generic suffix, and I think that’s another excellent use of generic TLDs: FTD.FLOWERS and FTD.MAGAZINE for instance.  This kinda seems to me like an area where capitalists could run wild without doing much damage to anything that mattered to many people. But again, as with geographic and cultural TLDs, I think having high barriers to entry doesn’t serve actual users well.  Auctions, the mechanism ICANN actually uses to sort out competing interests in generic TLDs, seem perfectly appropriate to me here; I just strongly believe that ICANN shouldn’t be the interested beneficiary of the auction.  It would be better to burn the money than to incentivize ICANN to drive these into bidding wars.

> Back in early 1998, the IAB wrote to Ira Magaziner in response to the Green Paper that led to ICANN. Among other things, we said "On the other hand, a very large increase in the total number of gTLDs (say to thousands) would lead us into technically unknown territory." Are we there yet?

Nowhere near.  We have about 2,000 today.  Tens of millions of delegations are easily handled at a zone cut.  Hundreds of millions would be significant work, but that would also be the point at which everybody in the world who wanted one or more vanity TLDs could have them.  A flat space.  At which point users would _assume_ no hierarchy existed, and traversing hierarchy would no longer be a useful way of finding things, so that would be usability/value destroyed.  So what’s the right number?  Millions?  Somewhere between millions and low tens-of-millions?  I think the “what’s the right price” question has been pretty well worked out…  About $10/year.  Instinct makes me want to say that TLDs should be more expensive than second-levels, which should be more expensive than third-levels, but that may just be some little bit of artificial-scarcity holdout in my brain.  The longer the domain name, the more expensive it is for me to serve it.  I can serve three TLDs for the cost of serving one third-level, more or less.  So that argument leads in the opposite direction than most people expect, I think.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://elists.isoc.org/pipermail/internet-history/attachments/20210201/b73d194d/attachment-0001.asc>

More information about the Internet-history mailing list