Re: .nyc - here we go...
On 5 July 2013 02:02, Eric Brunner-Williams wrote: > Someone who should know better wrote: > > > Well give that .com thingie is IPv6 accessable and has DNSSEC there > > is nothing we need to let you know. And yes you can get IPv6 > > everywhere if you want it. Native IPv6 is a little bit harder but > > definitely not impossible nor more expensive. > > And this was true when the v6 and DEC requirements entered the DAG? > > Try again, and while you're inventing a better past, explain how > everyone knew that it would take 6 revisions of the DAG and take until > 3Q2012 before an applicant could predict when capabilities could be > scheduled. > > The one thing you've got going for you is that in 2009 no one knew > that almost all of the nearly 2,000 applicants would be forced by > higher technical and financial requirements to pick one of a universe > of fewer than 50 service providers, or that nearly all of the > "developing economies" would be excluded, or self-exclude, from > attempting to apply. So the basic diversity assumption was wrong. > > Why are the people who don't follow the shitty process so full of > confidence they have all the clue necessary? Why do people who make statements about .com not being IPv6 reachable think they have all the clue necessary? And what about those people who think that DNSSEC is about validating the answers from the root/TLD name servers? At least you avoided the common mistake of citing the 1% end user IPv6 availability figure when claiming that IPv6 wasn't available in data centres... ;) - Mike
Re: .nyc - here we go...
> >Why are the people who don't follow the shitty process so full of > >confidence they have all the clue necessary? > > Probably because they don't think that new TLDs are particularly > useful or valuable. Oops, just a minute, gotta grab the popcorn and cooler for this one...ok, proceed. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool & Die| Public Access Internet | SINCE 1989 *oo*
Re: .nyc - here we go...
In message <51d61b2b.8020...@abenaki.wabanaki.net>, Eric Brunner-Williams write s: > Someone who should know better wrote: > > > Well give that .com thingie is IPv6 accessable and has DNSSEC there > > is nothing we need to let you know. And yes you can get IPv6 > > everywhere if you want it. Native IPv6 is a little bit harder but > > definitely not impossible nor more expensive. > > And this was true when the v6 and DEC requirements entered the DAG? DS for COM was added added to the root zone in Feb 2011. The process of getting COM signed started a lot earlier well before the root zone was signed and included ensuring the protocol worked for COM sized zones. But hey if you just look a when records are added to zones you wouldn't see that. Requiring new zones start at the standard you expect existing zones to obtain is neither unexpected nor unreasonable. > Try again, and while you're inventing a better past, explain how > everyone knew that it would take 6 revisions of the DAG and take until > 3Q2012 before an applicant could predict when capabilities could be > scheduled. > > The one thing you've got going for you is that in 2009 no one knew > that almost all of the nearly 2,000 applicants would be forced by > higher technical and financial requirements to pick one of a universe > of fewer than 50 service providers, or that nearly all of the > "developing economies" would be excluded, or self-exclude, from > attempting to apply. So the basic diversity assumption was wrong. > > Why are the people who don't follow the shitty process so full of > confidence they have all the clue necessary? > > Eric > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: .nyc - here we go...
>Why are the people who don't follow the shitty process so full of >confidence they have all the clue necessary? Probably because they don't think that new TLDs are particularly useful or valuable. R's, John
Re: .nyc - here we go...
>I'll bite. What's the *actual* additional cost for dnssec and ipv6 >support for a greenfield rollout? It's greenfield, so there's no >"our older gear/software/admins need upgrading" issues. I've read the IPv6 and DNSSEC parts of a lot of the applications, including the ones that aren't backed by the familiar large registries, and nobody had any great trouble doing DNSSEC or IPv6. There are a couple of adequate DNSSEC toolkits for anyone who doesn't want to buy a prefab system, and even though there are plenty of places where IPv6 isn't available, the sensible thing to do (even for large applicants) is to put the servers where the networks are. R's, John
Re: .nyc - here we go...
> I'm reasonably sure that there are more than 50 service providers > who are able to privide you with a connection that will do IPv6. In this context the universe of 50 providers are registry service providers, existing and entrant. Verisign, NeuStar, Afilias, CORE, AusReg, ISC, ... Your side won if you predicted in 2009, or even as late as 2011, that there would be many many applicants, using very very few providers, and none in awkward places. If you predicted that, you won on all counts, v6 availability, density of available technical clue for DNSSEC as the cheap box checks -- the real win was access to investment capital and financial instruments, access to American or equivalent legal and ancillary services, shared fate (still being dickered) on insurance bundling and business continuity set-aside, the business advantages offered by Verisign, NeuStar, Afilias, CORE, AusReg, ISC, ... Absent that it really doesn't matter if a light in the sky told you that v6 was everywhere and free, or that DNSSEC was vital to everything, and free too, or not. I didn't predict it, so I lobbied under the assumption that very low capitalizations would attempt to provide some locally needed name to existing address mapping, and that signing the zone had little but cosmetic effect unless there were resources within the zone offering a greater return on attacker investment than any large, and unsigned zone (and there still are some of those). I also tried to get ICANN's attempt to provide "Applicant Support" to defer these non-essentials for registry start-up, but that whole thing went south and the one qualified application was disallowed because ... .ummah upset someone who didn't care to admit it (the Support Program reviewers are anonymous). .museum started on a desktop. There has to be a good reason why this can never happen again. Eric
Re: .nyc - here we go...
On Thu, 04 Jul 2013 18:02:35 -0700, Eric Brunner-Williams said: > higher technical and financial requirements to pick one of a universe > of fewer than 50 service providers, I'm reasonably sure that there are more than 50 service providers who are able to privide you with a connection that will do IPv6. > or that nearly all of the > "developing economies" would be excluded, or self-exclude, from > attempting to apply. % dig so. any ... ;; ADDITIONAL SECTION: a.nic.so. 43165 IN A 72.52.71.4 a.nic.so. 43165 IN 2001:470:1a::4 b.nic.so. 43165 IN A 38.103.2.4 c.nic.so. 43165 IN A 63.243.194.4 c.nic.so. 43165 IN 2001:5a0:10::4 d.nic.so. 43165 IN A 196.216.168.54 d.nic.so. 43165 IN 2001:43f8:120::54 If Somalia, the failed nation state and near-undisputed champion hell-hole of the world, can manage to get quad-A's for its ccTLD, the bar can't be *too* high. (Yes, i see exactly how they did it. And there's nothing prohibiting any of the applicants in "developing countries" from doing exactly the same thing) pgpDLmmpL9hXC.pgp Description: PGP signature
Re: .nyc - here we go...
On 7/4/13 6:23 PM, Larry Sheldon wrote: > > OK, I 'fess to terminal stupidity--in this contest: "DEC"? "the DAG"? Sigh. DNSSEC and Draft Applicant Guidebook.
Re: .nyc - here we go...
> OK, I 'fess to terminal stupidity--in this contest: "DEC"? "the DAG"? Draft Applicant's Guidebook.
Re: .nyc - here we go...
On 7/4/2013 8:02 PM, Eric Brunner-Williams wrote: And this was true when the v6 and DEC requirements entered the DAG? OK, I 'fess to terminal stupidity--in this contest: "DEC"? "the DAG"? Why are the people who don't follow the shitty process so full of confidence they have all the clue necessary? A job requirement? Genetic links to DESIRABLE characteristics? Comes with the territory? -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
Re: .nyc - here we go...
Someone who should know better wrote: > Well give that .com thingie is IPv6 accessable and has DNSSEC there > is nothing we need to let you know. And yes you can get IPv6 > everywhere if you want it. Native IPv6 is a little bit harder but > definitely not impossible nor more expensive. And this was true when the v6 and DEC requirements entered the DAG? Try again, and while you're inventing a better past, explain how everyone knew that it would take 6 revisions of the DAG and take until 3Q2012 before an applicant could predict when capabilities could be scheduled. The one thing you've got going for you is that in 2009 no one knew that almost all of the nearly 2,000 applicants would be forced by higher technical and financial requirements to pick one of a universe of fewer than 50 service providers, or that nearly all of the "developing economies" would be excluded, or self-exclude, from attempting to apply. So the basic diversity assumption was wrong. Why are the people who don't follow the shitty process so full of confidence they have all the clue necessary? Eric
Re: .nyc - here we go...
In message <9ff40d24-169e-4568-9f25-ee00beeed...@matthew.at>, Matthew Kaufman writes: > Well, for starters there's whole truckloads of surplus gear that you > can't get for pennies and use successfully. Surplus IPv6 capable gear has been around for a long while now. Remember most gear has had IPv6 for over a decade now. A lot of gear that ISC got given for IPv6 development was on it 2nd or 3rd repurposing before we got it nearly a decade ago. > Matthew Kaufman > > (Sent from my iPhone) > > On Jul 4, 2013, at 11:11 AM, valdis.kletni...@vt.edu wrote: > > > On Thu, 04 Jul 2013 10:34:41 -0700, Eric Brunner-Williams said: > > > >> #insert usual junk from *nog v6 evangelicals that .africa and .eos > >> (Basque Autonomous Region) must drive v6 adoption from their > >> ever-so-deep-pockets, or the net will die. > > > > I'll bite. What's the *actual* additional cost for dnssec and ipv6 > > support for a greenfield rollout? It's greenfield, so there's no > > "our older gear/software/admins need upgrading" issues. > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: .nyc - here we go...
In message <51d5c750.4090...@nic-naa.net>, Eric Brunner-Williams writes: > On 7/4/13 11:11 AM, valdis.kletni...@vt.edu wrote: > > I'll bite. What's the *actual* additional cost for dnssec and ipv6 > > support for a greenfield rollout? It's greenfield, so there's no > > "our older gear/software/admins need upgrading" issues. > > You'll let me know there is no place where v6 is not available, and > while you're at it, why .frogans (I've met the guy, has to be the > least obvious value proposition I've come across) needs to accessible > to v6ers before, well, er, that .com thingie. Well give that .com thingie is IPv6 accessable and has DNSSEC there is nothing we need to let you know. And yes you can get IPv6 everywhere if you want it. Native IPv6 is a little bit harder but definitely not impossible nor more expensive. ; <<>> DiG 9.10.0pre-alpha <<>> ns com @a.gtld-servers.net -6 +dnssec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18176 ;; flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 16 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 512 ;; QUESTION SECTION: ;com. IN NS ;; ANSWER SECTION: com.172800 IN NS a.gtld-servers.net. com.172800 IN NS f.gtld-servers.net. com.172800 IN NS h.gtld-servers.net. com.172800 IN NS k.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. com.172800 IN NS m.gtld-servers.net. com.172800 IN NS c.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.172800 IN NS g.gtld-servers.net. com.172800 IN NS i.gtld-servers.net. com.172800 IN NS l.gtld-servers.net. com.172800 IN NS j.gtld-servers.net. com.172800 IN NS e.gtld-servers.net. com.172800 IN RRSIG NS 8 1 172800 20130709042103 20130702031103 35519 com. G9bZIBIFL0MacyGQ9rgx+eFSnp/j11x/OoXJ30ADzYqffm/if68R1DYs v0fA4vqf3NQsUoonSO7t6tCh4Fl5OV/oju0BYXukXOn7bvpiA7Ij+B7H UoSyybVZRsRk4Q4d6t7EJ/gohL/p9B4BFOIiQ1gDIa8dAUzCUOXXo59j Oks= ;; ADDITIONAL SECTION: a.gtld-servers.net. 172800 IN A 192.5.6.30 a.gtld-servers.net. 172800 IN 2001:503:a83e::2:30 f.gtld-servers.net. 172800 IN A 192.35.51.30 h.gtld-servers.net. 172800 IN A 192.54.112.30 k.gtld-servers.net. 172800 IN A 192.52.178.30 b.gtld-servers.net. 172800 IN A 192.33.14.30 b.gtld-servers.net. 172800 IN 2001:503:231d::2:30 m.gtld-servers.net. 172800 IN A 192.55.83.30 c.gtld-servers.net. 172800 IN A 192.26.92.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 g.gtld-servers.net. 172800 IN A 192.42.93.30 i.gtld-servers.net. 172800 IN A 192.43.172.30 l.gtld-servers.net. 172800 IN A 192.41.162.30 j.gtld-servers.net. 172800 IN A 192.48.79.30 e.gtld-servers.net. 172800 IN A 192.12.94.30 ;; Query time: 173 msec ;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30) ;; WHEN: Fri Jul 05 09:38:20 EST 2013 ;; MSG SIZE rcvd: 683 > "DNSSEC No clue necessary" ... so all those guys and gals out there > selling training are ... adding no necessary value at some measurable > cost? > > Eric > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: .nyc - here we go...
Well, for starters there's whole truckloads of surplus gear that you can't get for pennies and use successfully. Matthew Kaufman (Sent from my iPhone) On Jul 4, 2013, at 11:11 AM, valdis.kletni...@vt.edu wrote: > On Thu, 04 Jul 2013 10:34:41 -0700, Eric Brunner-Williams said: > >> #insert usual junk from *nog v6 evangelicals that .africa and .eos >> (Basque Autonomous Region) must drive v6 adoption from their >> ever-so-deep-pockets, or the net will die. > > I'll bite. What's the *actual* additional cost for dnssec and ipv6 > support for a greenfield rollout? It's greenfield, so there's no > "our older gear/software/admins need upgrading" issues.
Re: .nyc - here we go...
On 7/4/13 11:11 AM, valdis.kletni...@vt.edu wrote: > I'll bite. What's the *actual* additional cost for dnssec and ipv6 > support for a greenfield rollout? It's greenfield, so there's no > "our older gear/software/admins need upgrading" issues. You'll let me know there is no place where v6 is not available, and while you're at it, why .frogans (I've met the guy, has to be the least obvious value proposition I've come across) needs to accessible to v6ers before, well, er, that .com thingie. "DNSSEC No clue necessary" ... so all those guys and gals out there selling training are ... adding no necessary value at some measurable cost? Eric
Re: .nyc - here we go...
On 7/4/13 10:48 AM, John Levine wrote: > I dunno. Can you point to parts of your house that have been > significantly improved by fire insurance? Cute John. Let me know when you've run out of neat things other people should do. Eric
Re: .nyc - here we go...
On Thu, 04 Jul 2013 10:34:41 -0700, Eric Brunner-Williams said: > #insert usual junk from *nog v6 evangelicals that .africa and .eos > (Basque Autonomous Region) must drive v6 adoption from their > ever-so-deep-pockets, or the net will die. I'll bite. What's the *actual* additional cost for dnssec and ipv6 support for a greenfield rollout? It's greenfield, so there's no "our older gear/software/admins need upgrading" issues. pgp1CZRNcIaQM.pgp Description: PGP signature
Re: .nyc - here we go...
>Anyone care to advance evidence that either zone has been, not "will >someday be", significantly improved by the adoption of DS records? >Evidence, not rhetoric, please. I dunno. Can you point to parts of your house that have been significantly improved by fire insurance?
Re: .nyc - here we go...
On 7/4/13 8:00 AM, Ted Cooper wrote: > Do they have DNSSEC from inception? It would seem a sensible thing to do > for a virgin TLD. In the evolution of the DAG I pointed out that both the DNSSEC and the IPv6 requirements, as well as other SLA requirements, were significantly in excess of those placed upon the legacy registries, and assumed general value and availability with non-trivial cost to entry operators, some of whom might not be capitalized by investors with profit expectations similar to those that existed prior to the catastrophic telecoms build-out and the millennial dotbomb collapse. The v6-is-everywhere and the DNSSEC-greenfields advocates prevailed, and of course, the SLA boggies remain "elevated" w.r.t. the legacy registry operator obligations. "Sensible" may be subject to cost-benefit analysis. I did .cat's DNSSEC funnel request at the contracted party's insistence and I thought it pure marketing. The .museum's DNSSEC funnel request must have, under the "it is necessary" theory, produced demonstrable value beyond the technical pleasure of its implementer. Anyone care to advance evidence that either zone has been, not "will someday be", significantly improved by the adoption of DS records? Evidence, not rhetoric, please. #insert usual junk from *nog v6 evangelicals that .africa and .eos (Basque Autonomous Region) must drive v6 adoption from their ever-so-deep-pockets, or the net will die. Eric
Re: .nyc - here we go...
>> "As of July 2, 2013, .nyc has been approved by ICANN as a >> city-level top-level domain (TLD) for New York City" > >Do they have DNSSEC from inception? It would seem a sensible thing to do >for a virgin TLD. Yes. See the AGB, to which I sent a link a few messages back.
Re: .nyc - here we go...
On Thu, Jul 4, 2013 at 12:00 PM, Ted Cooper wrote: > On 03/07/13 11:12, Scott Weeks wrote: > > "As of July 2, 2013, .nyc has been approved by ICANN as a > > city-level top-level domain (TLD) for New York City" > > Do they have DNSSEC from inception? It would seem a sensible thing to do > for a virgin TLD. All new gTLDs are required to be DNSSEC-signed. The requirement only applies to the parent zone, unless registry policy dictates otherwise, so we can expect many more DS records in the root but a similar DS rate for 2LDs to other gTLDs, likely to be less than 1%: http://scoreboard.verisignlabs.com/percent-trace.png Rubens
Re: .nyc - here we go...
On 03/07/13 11:12, Scott Weeks wrote: > "As of July 2, 2013, .nyc has been approved by ICANN as a > city-level top-level domain (TLD) for New York City" Do they have DNSSEC from inception? It would seem a sensible thing to do for a virgin TLD.
Re: .nyc - here we go...
On 2013-07-03, at 01:04, Paul Ferguson wrote: > Why does this discussion have to always be "one or the other"? > > We have multiple problems here, friends. > > Focus. I think you mean "de-focus". :-) Joe
Re: .nyc - here we go...
+10 On Tue, Jul 2, 2013 at 10:04 PM, Paul Ferguson wrote: > Why does this discussion have to always be "one or the other"? > > We have multiple problems here, friends. > > Focus. > > - ferg > > > On Tue, Jul 2, 2013 at 9:39 PM, Andrew Sullivan wrote: > > > On Wed, Jul 3, 2013 at 12:15 AM, Larry Sheldon > wrote: > > > >> Makes me wonder if concern for routing table size is worrying about the > >> right thing. > >> > > > > Because obviously, the problems of scaling router memory and scaling DNS > > servers are the same kind? > > > > Yes, having many many new TLDs introduces new problems. (If you're not > > scared enough, I encourage you to go read the output of the Variant > Issues > > Project. Full disclosure: I had a hand in.) Why are we talking about > this > > non-news now? We all knew about three years ago, at the latest, that > ICANN > > was planning to do this. If we didn't, shame on us. > > > > A > > > > -- > "Fergie", a.k.a. Paul Ferguson > fergdawgster(at)gmail.com > > -- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer
Re: .nyc - here we go...
--- rube...@gmail.com wrote: From: Rubens Kuhl > Thank you for explaining this. Again, probably. Summary: there are residual risks, but the checks and balances of the process are likely to stop bad actors, at the cost of also stopping some good actors. Error in the side of caution preferred. --- Thanks for the explanation. I will begin to learn more about this. scott
Re: .nyc - here we go...
In message <51d3b03a.5010...@cox.net>, Larry Sheldon writes: > On 7/2/2013 11:39 PM, Andrew Sullivan wrote: > > On Wed, Jul 3, 2013 at 12:15 AM, Larry Sheldon > > wrote: > > > >> Makes me wonder if concern for routing table size is worrying about > >> the right thing. > > > > Because obviously, the problems of scaling router memory and scaling > > DNS servers are the same kind? > > I would not say "same" but I would say "similar" and "related" when you > think about things like how big the cache will be and how much of the > traffic the peerages worry about will be pure overhead, and stuff like that. The number of tld's has very little effect on cache size. Cache size is proportional to the number of unique queries made. There are already enough names to blow out any cache. The number of tld's does have a impact on servers that keep a local copy of the root zone. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: .nyc - here we go...
Why does this discussion have to always be "one or the other"? We have multiple problems here, friends. Focus. - ferg On Tue, Jul 2, 2013 at 9:39 PM, Andrew Sullivan wrote: > On Wed, Jul 3, 2013 at 12:15 AM, Larry Sheldon wrote: > >> Makes me wonder if concern for routing table size is worrying about the >> right thing. >> > > Because obviously, the problems of scaling router memory and scaling DNS > servers are the same kind? > > Yes, having many many new TLDs introduces new problems. (If you're not > scared enough, I encourage you to go read the output of the Variant Issues > Project. Full disclosure: I had a hand in.) Why are we talking about this > non-news now? We all knew about three years ago, at the latest, that ICANN > was planning to do this. If we didn't, shame on us. > > A -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com
Re: .nyc - here we go...
On 7/2/2013 11:39 PM, Andrew Sullivan wrote: On Wed, Jul 3, 2013 at 12:15 AM, Larry Sheldon wrote: Makes me wonder if concern for routing table size is worrying about the right thing. Because obviously, the problems of scaling router memory and scaling DNS servers are the same kind? I would not say "same" but I would say "similar" and "related" when you think about things like how big the cache will be and how much of the traffic the peerages worry about will be pure overhead, and stuff like that. Yes, having many many new TLDs introduces new problems. (If you're not scared enough, I encourage you to go read the output of the Variant Issues Project. Full disclosure: I had a hand in.) Why are we talking about this non-news now? We all knew about three years ago, at the latest, that ICANN was planning to do this. If we didn't, shame on us. What is going to happen tomorrow is sometimes less interesting that what is happening a while ago. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
Re: .nyc - here we go...
On Wed, Jul 3, 2013 at 12:15 AM, Larry Sheldon wrote: > Makes me wonder if concern for routing table size is worrying about the > right thing. > Because obviously, the problems of scaling router memory and scaling DNS servers are the same kind? Yes, having many many new TLDs introduces new problems. (If you're not scared enough, I encourage you to go read the output of the Variant Issues Project. Full disclosure: I had a hand in.) Why are we talking about this non-news now? We all knew about three years ago, at the latest, that ICANN was planning to do this. If we didn't, shame on us. A
Re: .nyc - here we go...
On Tue, Jul 2, 2013 at 9:23 PM, Rubens Kuhl wrote: > gTLDs operate under ICANN compliance regime and are required to abide by > community policies. Will this be enough ? We don't know yet, but people have > given some thought trying to find a way it is enough, and can require > further mechanisms if the initial ones fail. > Of course, we all know that makes a huge difference. Cheers, - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com
Re: .nyc - here we go...
Now you are thinking. :-) - ferg On Tue, Jul 2, 2013 at 9:15 PM, Larry Sheldon wrote: > Makes me wonder if concern for routing table size is worrying about the > right thing. > -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com
Re: .nyc - here we go...
> Great, Let's see what happens. > > If history is any teacher... > > There is not much history here to look at... .cc and .tk are ccTLDs, based out of sovereign states. They are delegated into the root by ICANN (more precisely by IANA, which is currently a contract also granted to ICANN) and that's it. What they do with 2LDs/3LDs are not under community scrutiny, unless the ccTLD operator is also operated on a multi-stakeholder basis. gTLDs operate under ICANN compliance regime and are required to abide by community policies. Will this be enough ? We don't know yet, but people have given some thought trying to find a way it is enough, and can require further mechanisms if the initial ones fail. Rubens
Re: .nyc - here we go...
Makes me wonder if concern for routing table size is worrying about the right thing. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
Re: .nyc - here we go...
On Tue, Jul 2, 2013 at 8:41 PM, Rubens Kuhl wrote: > > From > http://www.icann.org/en/groups/board/documents/resolutions-new-gtld-annex-ii-agenda-2b-25jun13-en.pdf > "Registry Operator will periodically conduct a technical analysis to assess > whether domains in the TLD are being used to perpetrate security threats, > such as pharming, phishing, malware, and botnets. Registry Operator will > maintain statistical reports on the number of security threats identified > and the actions taken as a result of the periodic security checks. Registry > Operator will maintain these reports for the term of the Agreement unless a > shorter period is required by law or approved by ICANN, and will provide > them to ICANN upon request." > > Great, Let's see what happens. If history is any teacher... - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com
Re: .nyc - here we go...
On Wed, Jul 3, 2013 at 12:21 AM, Paul Ferguson wrote: > > On Tue, Jul 2, 2013 at 8:12 PM, Rubens Kuhl wrote: > > > Summary: there are residual risks, but the checks and balances of the > > process are likely to stop bad actors, at the cost of also stopping some > > good actors. Error in the side of caution preferred. > > > > You're missing the forest > > If a new gTLD applicant decides to "capitalize" on their financial > investment once they have received approval, there is nothing stopping > them from opening the flood gates to anyone who wants to register > sub-domains/second-level domains for financial gain. > > Of course, they should be allowed to do so. It's a free market. > > Just look at .cc and the complete Charlie Foxtrot they caused by > allowing second-level domains to be used by anyone for any purpose > (e.g. *.co.cc, *.cu.cc, etc.) and .tk for instance. New gTLDs aren't allowed to register 2-letter country-codes like co. without clearance from government of that country. Considering gTLDs pay ICANN fees by domain if they go higher than 50k domains, it's unlikely that a registry business model will go in the same direction as the repurposed ccTLDs > > > We can expect a lot more of the same with the expansion of the TLD > space, so it *will* require a lot more diligence. Current working version of the Registry Agreement, following advice from governments, established requirements for security monitoring for ICANN, registries and registrars, so you should probably wait until ICANN board publishes it to assess whether such diligence is already being provisioned into the system or not. From http://www.icann.org/en/groups/board/documents/resolutions-new-gtld-annex-ii-agenda-2b-25jun13-en.pdf "Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request." Rubens
Re: .nyc - here we go...
>Rather than asking random strangers, you can read the applicant >guidebook and find out what the actual rules are: > >http://newgtlds.icann.org/en/applicants/agb > >Ok, you're correct. I need to add that to my list of reading. >I am just thinking about the digital divide getting larger >(not smaller) as these places are writing about on their >various technical mailing lists. That kind of money is not >insignificant to them. The largest set of applications are for single registrant vanity domains, like .ibm and .mormon from IBM and the LDS church. I don't see them causing much damage to anyone other than the organizations who are paying for them. There are some from geographic areas like .nyc, and a bunch from people who imagine that they can get rich with people who want to register in .hockey or .art. The one that sort of is like what you were worried about is the application for .patagonia, which is from the outdoors equipment company, and is causing great consternation in southern Argentina. It remains to be seen what ICANN will do about that. Also, considering what a bust all the existing special interest domains such as .aero, .travel, .museum, and .asia are, I wouldn't hold my breath waiting for vast action in any of the new ones. R's, John
Re: .nyc - here we go...
On Tue, Jul 2, 2013 at 8:12 PM, Rubens Kuhl wrote: > Summary: there are residual risks, but the checks and balances of the > process are likely to stop bad actors, at the cost of also stopping some > good actors. Error in the side of caution preferred. > You're missing the forest If a new gTLD applicant decides to "capitalize" on their financial investment once they have received approval, there is nothing stopping them from opening the flood gates to anyone who wants to register sub-domains/second-level domains for financial gain. Of course, they should be allowed to do so. It's a free market. Just look at .cc and the complete Charlie Foxtrot they caused by allowing second-level domains to be used by anyone for any purpose (e.g. *.co.cc, *.cu.cc, etc.) and .tk for instance. We can expect a lot more of the same with the expansion of the TLD space, so it *will* require a lot more diligence. - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com
Re: .nyc - here we go...
> > Thank you for explaining this. Again, probably. > > So the cities in those countries could buy them (if they could > afford them) but not the countries? So .portvila is available, > but not .vanuatu? > Yes. Country names will be part of the expansion of the ccTLD space, where usually countries are not asked to pay evaluation fees, just annual fees much like current country codes. What about places like Singapore? The city name is the same as > the country name. > Excluded by being a country name. > > "I haven't read enough, but what's to stop speculators paying > the $186,000 then charging the tiny countries mors when they > are able to make the purchase?" > > s/tiny countries/cities in tiny countries/ > > Does the speculator issue have to go to arbitration? > The $185k is an evaluation fee, not a "buy now" price. Part of the evaluation process is to determine if the string has a geographic nature, and if does, if there is proper government support. There could be issues if a city name that is not in the ISO lists (nation capitals, state names) that happens to be a plausible non-geographic name. Let's take Sao Paulo (largest brazilian city) for example: it's the name of a catholic saint in Portuguese, so an applicant claiming to a be a gTLD targeted at the saint devotees could in theory apply (it's not the case as Sao Paulo is also a state name listed in ISO 3166) and after getting the delegation repurpose it to serve Sao Paulo individuals and businesses. Besides many objection procedures, one of them a community rights objection that could be used in a case such as the one I described, governments have a veto power that even requiring consensus among representatives would probably be used to stop the application. Both mechanisms (objections and government veto) are in play at two TLDs facing opposition from south-american countries: .amazon (from Amazon Inc., opposed by countries of the Amazon region like Brazil and Peru ) and .patagonia (opposed by the region of same name encompassing Argentina and Chile). The outcomes of both will likely be known this month at ICANN's meeting in Durban. Summary: there are residual risks, but the checks and balances of the process are likely to stop bad actors, at the cost of also stopping some good actors. Error in the side of caution preferred. Rubens
Re: .nyc - here we go...
On 7/2/13 7:06 PM, John Levine wrote: > Rather than asking random strangers, you can read the applicant > guidebook and find out what the actual rules are: There really should be a kinder introduction to those who lack basic clue than to attempt to read the last version of the DAG, even for the American Legally Literate. Someone who has more than just ICANNatitude (in either of the usual senses) should do a standup at the next {$NETTECH} meet and 'splain policy and business, can the bits and vod them out on the *OG lists. Then we could discuss the merits, such as they are. Eric
Re: .nyc - here we go...
On Tue, Jul 2, 2013 at 7:17 PM, Scott Weeks wrote: > Ok, you're correct. I need to add that to my list of reading. > I am just thinking about the digital divide getting larger > (not smaller) as these places are writing about on their > various technical mailing lists. That kind of money is not > insignificant to them. > The expansion of the gTLD space is about much more than costs -- it is also about the expansion in efforts that it will take to monitor for abuse. That is something that a lot of people have been concerned about for a long time now. $.03, - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com
Re: .nyc - here we go...
--- jo...@iecc.com wrote: From: "John Levine" >I haven't read enough, but what's to stop speculators >paying the $186,000 then ... Rather than asking random strangers, you can read the applicant guidebook and find out what the actual rules are: http://newgtlds.icann.org/en/applicants/agb Ok, you're correct. I need to add that to my list of reading. I am just thinking about the digital divide getting larger (not smaller) as these places are writing about on their various technical mailing lists. That kind of money is not insignificant to them. scott
Re: .nyc - here we go...
>I haven't read enough, but what's to stop speculators >paying the $186,000 then ... Rather than asking random strangers, you can read the applicant guidebook and find out what the actual rules are: http://newgtlds.icann.org/en/applicants/agb
Re: .nyc - here we go...
--- rube...@gmail.com wrote: From: Rubens Kuhl > As places like that see $186,000 as small change, I wonder > what other countries (much less the cities within them) > like .nu, .sb or .vu will do? For them this is an > astronomical number. Someone's about to hit a financial > home run reminiscient of the tech-stock bubble... > No countries were obliged to apply. Both country codes and country names were excluded from the new gTLD process. Actually, they couldn't even apply, as they are considered ccTLDs. > I haven't read enough, but what's to stop speculators > paying the $186,000 then charging the tiny countries > mors when they are able to make the purchase? Please > don't suggest arbitration because that only increases > the cost to those countries. - Thank you for explaining this. Again, probably. So the cities in those countries could buy them (if they could afford them) but not the countries? So .portvila is available, but not .vanuatu? What about places like Singapore? The city name is the same as the country name. "I haven't read enough, but what's to stop speculators paying the $186,000 then charging the tiny countries mors when they are able to make the purchase?" s/tiny countries/cities in tiny countries/ Does the speculator issue have to go to arbitration? scott
Re: .nyc - here we go...
Thank you Rubens, you saved me the effort. Eric
Re: .nyc - here we go...
On Tue, Jul 2, 2013 at 10:12 PM, Scott Weeks wrote: > > > < careful there may be a troll in here... :) > > > https://en.wikipedia.org/wiki/.nyc > > "As of July 2, 2013, .nyc has been approved by ICANN as a > city-level top-level domain (TLD) for New York City" > .nyc has been approved by ICANN May 24. The city made its announcement only today. Link to evaluation report: http://newgtlds.icann.org/sites/default/files/ier/f3T5ufeSpeThAJezaxezuDtE/ie-1-1715-21938-en.pdf Link to all status information: https://gtldresult.icann.org/application-result/applicationstatus/viewstatus > > As places like that see $186,000 as small change, I wonder > what other countries (much less the cities within them) > like .nu, .sb or .vu will do? For them this is an > astronomical number. Someone's about to hit a financial > home run reminiscient of the tech-stock bubble... > No countries were obliged to apply. Both country codes and country names were excluded from the new gTLD process. Actually, they couldn't even apply, as they are considered ccTLDs. > I haven't read enough, but what's to stop speculators > paying the $186,000 then charging the tiny countries > mors when they are able to make the purchase? Please > don't suggest arbitration because that only increases > the cost to those countries. > > Who's going to buy .nanog? > No one in this round. May be in the next one. > Who's going to buy .ietf? > No one, excluded from the process by ICANN. > etc. > Did icann have any financial requirements to get .icann? > .icann also wasn't available for application. Rubens