--On Wednesday, May 22, 2013 12:29 +0000 Yoav Nir
<y...@checkpoint.com> wrote:
>> Occasional fantasies about IETF enforcement power and the
>> Protocol Police notwithstanding, it seems to me that, if one
>> wanted to require standards-conforming nameservers, the most
>> (and maybe only) effective way to do that would be
>> requirements in the contractual agreements between TLD
>> registries and their registrants. Recursively applying
>> requirements down the tree is not a new idea; RFC 1591 uses
>> that language more than once.
>
> We should be careful about requiring things like this (for
> whatever value of "we"). Recursively applying requirements
> means that "we" are requiring service providers (in this case
> registries) to pick fights with their customers. So instead of
> having an IETF protocol police, "we" expect service providers
> to act as local sheriffs.
>...
> Seems like a tough sell to me.
Actually, I was thinking about something a little different (and
should have been more explicit).
I wouldn't suggest trying to mandate anything top-down. If
nothing else, ICANN's track record for being able to enforce its
mandates is very poor (and that is arguably a good thing). On
the other, we talk a lot about reputations and the advantages of
end sites being able to base policies on them. If whatever the
actual restrictions that, according to Stephane, forbid TLDs
from imposing "we require you to have a competent nameserver and
will test" were removed then, especially with the coming huge
increase in TLDs, it would make it possible for registries to
compete on the degree to which they wanted to offer assurances
of quality DNS servers and services in subsidiary zones.
Would-be registrants who didn't want to play would have the
option of finding TLDs who did not have those restrictions.
That would create a new opportunity for enhanced competition and
differentiation among TLDs (which ICANN presumably favors along
with favoring security and stability) and would create a basis
for some DNS server certification activities (and even a
business model for them).
No mandate from the top, just elimination of whatever
restrictions now prevent registries from insisting on quality
operations in registrants if they wanted to.
It wouldn't get us to "everyone has to run a conforming server"
--which I consider impossible as long as producing
non-conforming servers is legal with governments enforcing the
rules if servers don't conform (and I really don't think we
want to go there)-- but it would at least give a resolver an
indication of where conforming ones were guarantees and what
responses or non-responses they couldn't trust.
john
